On Sun, Apr 30, 2023 at 11:19:18PM -0400, Laine Stump wrote: > We know at the time a virFirewallRule is created (with > virFirewallAddRule*()) whether or not we will later want to ignore > errors encountered when attempting to apply that rule - if > ignoreErrors is set in the AddRule or if the group has already had > VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS set, then we ignore the errors. > > Rather than setting the rule->ignoreErrors rule only according to the > arg sent to virFirewallAddRuleFull(), and then later (at > ApplyRule-time) combining that with the group transactionFlags setting > (and passing it all the way down the call chain), just combine the two > flags right away and store this final value in rule->ignoreErrors when > the rule is created (thus avoiding the need to look at anything other > than rule->ignoreErrors at the time the rule is applied). And since we > now have an API for retrieving the setting of ignoreErrors from a > rule, just grab that with the API down in vir*ApplyRule() rather than > cluttering up the argument list on the entire call chain. > > Signed-off-by: Laine Stump <laine@xxxxxxxxxx> > --- > src/util/virfirewall.c | 32 ++++++++++++++------------------ > 1 file changed, 14 insertions(+), 18 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|