Signed-off-by: Laine Stump <laine@xxxxxxxxxx> --- src/network/bridge_driver_linux.c | 11 ++--- src/nwfilter/nwfilter_ebiptables_driver.c | 31 ++++---------- src/util/virebtables.c | 8 +--- src/util/viriptables.c | 6 +-- tests/virfirewalltest.c | 50 +++++------------------ 5 files changed, 25 insertions(+), 81 deletions(-) diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index 30f6aa8fe1..f72f94f38d 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -838,7 +838,7 @@ int networkAddFirewallRules(virNetworkDefPtr def) { size_t i; virNetworkIPDefPtr ipdef; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; if (virOnce(&createdOnce, networkSetupPrivateChains) < 0) @@ -925,8 +925,6 @@ int networkAddFirewallRules(virNetworkDefPtr def) } } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); networkAddGeneralFirewallRules(fw, def); @@ -956,7 +954,6 @@ int networkAddFirewallRules(virNetworkDefPtr def) ret = 0; cleanup: - virFirewallFree(fw); return ret; } @@ -965,9 +962,7 @@ void networkRemoveFirewallRules(virNetworkDefPtr def) { size_t i; virNetworkIPDefPtr ipdef; - virFirewallPtr fw = NULL; - - fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); networkRemoveChecksumFirewallRules(fw, def); @@ -985,5 +980,5 @@ void networkRemoveFirewallRules(virNetworkDefPtr def) virFirewallApply(fw); cleanup: - virFirewallFree(fw); + return; } diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 6cdb3ca45e..2976521e6d 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2858,7 +2858,7 @@ static int ebtablesApplyBasicRules(const char *ifname, const virMacAddr *macaddr) { - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); char chain[MAX_CHAINNAME_LENGTH]; char chainPrefix = CHAINPREFIX_HOST_IN_TEMP; char macaddr_str[VIR_MAC_STRING_BUFLEN]; @@ -2895,13 +2895,11 @@ ebtablesApplyBasicRules(const char *ifname, if (virFirewallApply(fw) < 0) goto tear_down_tmpebchains; - virFirewallFree(fw); return 0; tear_down_tmpebchains: ebtablesCleanAll(ifname); error: - virFirewallFree(fw); return -1; } @@ -2934,7 +2932,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, char macaddr_str[VIR_MAC_STRING_BUFLEN]; unsigned int idx = 0; unsigned int num_dhcpsrvrs; - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); virMacAddrFormat(macaddr, macaddr_str); @@ -3014,14 +3012,11 @@ ebtablesApplyDHCPOnlyRules(const char *ifname, if (virFirewallApply(fw) < 0) goto tear_down_tmpebchains; - virFirewallFree(fw); - return 0; tear_down_tmpebchains: ebtablesCleanAll(ifname); error: - virFirewallFree(fw); return -1; } @@ -3040,7 +3035,7 @@ ebtablesApplyDropAllRules(const char *ifname) { char chain_in [MAX_CHAINNAME_LENGTH], chain_out[MAX_CHAINNAME_LENGTH]; - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); if (ebiptablesAllTeardown(ifname) < 0) goto error; @@ -3069,13 +3064,11 @@ ebtablesApplyDropAllRules(const char *ifname) if (virFirewallApply(fw) < 0) goto tear_down_tmpebchains; - virFirewallFree(fw); return 0; tear_down_tmpebchains: ebtablesCleanAll(ifname); error: - virFirewallFree(fw); return -1; } @@ -3090,7 +3083,7 @@ ebtablesRemoveBasicRules(const char *ifname) static int ebtablesCleanAll(const char *ifname) { - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); @@ -3108,7 +3101,6 @@ ebtablesCleanAll(const char *ifname) ebtablesRemoveTmpRootChainFW(fw, false, ifname); ret = virFirewallApply(fw); - virFirewallFree(fw); return ret; } @@ -3357,7 +3349,7 @@ ebiptablesApplyNewRules(const char *ifname, size_t nrules) { size_t i, j; - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); virHashTablePtr chains_in_set = virHashCreate(10, NULL); virHashTablePtr chains_out_set = virHashCreate(10, NULL); bool haveEbtables = false; @@ -3558,7 +3550,6 @@ ebiptablesApplyNewRules(const char *ifname, for (i = 0; i < nsubchains; i++) VIR_FREE(subchains[i]); VIR_FREE(subchains); - virFirewallFree(fw); virHashFree(chains_in_set); virHashFree(chains_out_set); @@ -3586,7 +3577,7 @@ ebiptablesTearNewRulesFW(virFirewallPtr fw, const char *ifname) static int ebiptablesTearNewRules(const char *ifname) { - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); @@ -3594,14 +3585,13 @@ ebiptablesTearNewRules(const char *ifname) ebiptablesTearNewRulesFW(fw, ifname); ret = virFirewallApply(fw); - virFirewallFree(fw); return ret; } static int ebiptablesTearOldRules(const char *ifname) { - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); @@ -3622,7 +3612,6 @@ ebiptablesTearOldRules(const char *ifname) ebtablesRenameTmpSubAndRootChainsFW(fw, ifname); ret = virFirewallApply(fw); - virFirewallFree(fw); return ret; } @@ -3639,7 +3628,7 @@ ebiptablesTearOldRules(const char *ifname) static int ebiptablesAllTeardown(const char *ifname) { - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); @@ -3663,7 +3652,6 @@ ebiptablesAllTeardown(const char *ifname) ebtablesRemoveRootChainFW(fw, false, ifname); ret = virFirewallApply(fw); - virFirewallFree(fw); return ret; } @@ -3749,7 +3737,7 @@ static int ebiptablesDriverProbeStateMatch(void) { unsigned long version; - virFirewallPtr fw = virFirewallNew(); + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; virFirewallStartTransaction(fw, 0); @@ -3769,7 +3757,6 @@ ebiptablesDriverProbeStateMatch(void) ret = 0; cleanup: - virFirewallFree(fw); return ret; } diff --git a/src/util/virebtables.c b/src/util/virebtables.c index 14a922834a..69483f35ec 100644 --- a/src/util/virebtables.c +++ b/src/util/virebtables.c @@ -82,10 +82,9 @@ ebtablesContextFree(ebtablesContext *ctx) int ebtablesAddForwardPolicyReject(ebtablesContext *ctx) { - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; - fw = virFirewallNew(); virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, "--new-chain", ctx->chain, @@ -104,7 +103,6 @@ ebtablesAddForwardPolicyReject(ebtablesContext *ctx) ret = 0; cleanup: - virFirewallFree(fw); return ret; } @@ -118,10 +116,9 @@ ebtablesForwardAllowIn(ebtablesContext *ctx, const char *macaddr, int action) { - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; - fw = virFirewallNew(); virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET, action == ADD ? "--insert" : "--delete", @@ -136,7 +133,6 @@ ebtablesForwardAllowIn(ebtablesContext *ctx, ret = 0; cleanup: - virFirewallFree(fw); return ret; } diff --git a/src/util/viriptables.c b/src/util/viriptables.c index 8ccce835b2..b1ef3a2db6 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -128,7 +128,7 @@ iptablesPrivateChainCreate(virFirewallPtr fw, int iptablesSetupPrivateChains(virFirewallLayer layer) { - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; iptablesGlobalChain filter_chains[] = { {"INPUT", "LIBVIRT_INP"}, @@ -151,8 +151,6 @@ iptablesSetupPrivateChains(virFirewallLayer layer) }; size_t i; - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); for (i = 0; i < G_N_ELEMENTS(data); i++) @@ -167,8 +165,6 @@ iptablesSetupPrivateChains(virFirewallLayer layer) ret = changed ? 1 : 0; cleanup: - - virFirewallFree(fw); return ret; } diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index 4105c1867e..ce252bd0e0 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -200,7 +200,7 @@ static int testFirewallSingleGroup(const void *opaque) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -217,8 +217,6 @@ testFirewallSingleGroup(const void *opaque) else fwBuf = &cmdbuf; - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -246,7 +244,6 @@ testFirewallSingleGroup(const void *opaque) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -255,7 +252,7 @@ static int testFirewallRemoveRule(const void *opaque) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -273,8 +270,6 @@ testFirewallRemoveRule(const void *opaque) else fwBuf = &cmdbuf; - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -308,7 +303,6 @@ testFirewallRemoveRule(const void *opaque) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -317,7 +311,7 @@ static int testFirewallManyGroups(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -336,8 +330,6 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED) else fwBuf = &cmdbuf; - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -377,7 +369,6 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -407,7 +398,7 @@ static int testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -428,8 +419,6 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED) fwError = true; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -469,7 +458,6 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -478,7 +466,7 @@ static int testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -499,8 +487,6 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED) fwError = true; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -539,7 +525,6 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -548,7 +533,7 @@ static int testFirewallNoRollback(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -567,8 +552,6 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED) fwError = true; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -603,7 +586,6 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -611,7 +593,7 @@ static int testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -633,8 +615,6 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED) fwBuf = &cmdbuf; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -686,7 +666,6 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -694,7 +673,7 @@ static int testFirewallManyRollback(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -715,8 +694,6 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED) fwError = true; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -772,7 +749,6 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -780,7 +756,7 @@ static int testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -805,8 +781,6 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) fwError = true; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -888,7 +862,6 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } @@ -973,7 +946,7 @@ static int testFirewallQuery(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf = VIR_BUFFER_INITIALIZER; - virFirewallPtr fw = NULL; + g_autoptr(virFirewall) fw = virFirewallNew(); int ret = -1; const char *actual = NULL; const char *expected = @@ -1001,8 +974,6 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) fwError = true; } - fw = virFirewallNew(); - virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -1066,7 +1037,6 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) cleanup: fwBuf = NULL; virCommandSetDryRun(NULL, NULL, NULL); - virFirewallFree(fw); return ret; } -- 2.25.4