On 5/3/23 11:56 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:20PM -0400, Laine Stump wrote:
These function are all moved into virnetfilter.[ch]. The only
functions from viriptables.[ch] that are still called from the
consumer (network bridge driver) are iptablesSetupPrivateChains()
(which creates the private chains that all iptables rules will be
added to), and iptablesAddOutputFixUdpChecksum() and
iptablesRemoveOutputFixUdpChecksum() (which add/remove rules to fix
improper checksum of DHCP packets, which is something not supported by
nftables)
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/libvirt_private.syms | 51 +--
src/network/bridge_driver_linux.c | 1 +
src/util/meson.build | 1 +
src/util/viriptables.c | 522 +--------------------------
src/util/viriptables.h | 212 +++++------
src/util/virnetfilter.c | 570 ++++++++++++++++++++++++++++++
src/util/virnetfilter.h | 151 ++++++++
7 files changed, 849 insertions(+), 659 deletions(-)
create mode 100644 src/util/virnetfilter.c
create mode 100644 src/util/virnetfilter.h
If we move 'viriptables.{ch}' to 'src/network/bridge_iptables.{ch}
as first step in this series, then we would naturally also
have 'src/network/bridge_netfilter.{ch}' for this patch.
Yes! Why didn't I think of that? (rhetorical, rhetorical!)
viriptables.[ch] has always been used only by the network driver, and in
the future it will only be used by the network driver.
