On 5/3/23 11:59 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:21PM -0400, Laine Stump wrote:
and take advantage of this to replace all the ternary operators when
calling virFirewallAddRule() with virIptablesActionTypeToString().
(NB: the VIR_ENUM declaration uses "virIptablesAction" rather than
"virFirewallAction" because the string it produces is specific to the
iptables backend. A separate VIR_ENUM for "virNftablesAction",
producing slightly different strings, will be added later for the
nftables backend.)
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/util/virfirewall.h | 8 +++++
src/util/viriptables.c | 69 ++++++++++++++++++++++++-----------------
src/util/viriptables.h | 21 +++++++------
src/util/virnetfilter.c | 49 +++++++++++++++--------------
src/util/virnetfilter.h | 5 ---
5 files changed, 84 insertions(+), 68 deletions(-)
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index 0f40dae859..ed0bc8b6f7 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -34,6 +34,14 @@ typedef enum {
VIR_FIREWALL_LAYER_LAST,
} virFirewallLayer;
+typedef enum {
+ VIR_FIREWALL_ACTION_INSERT,
+ VIR_FIREWALL_ACTION_APPEND,
+ VIR_FIREWALL_ACTION_DELETE,
+
+ VIR_FIREWALL_ACTION_LAST
+} virFirewallAction;
This enum isn't used by anything in virfirewall.c, so I don't
think it should be in this file / namespace.
Why not VIR_NETFILTER_ACTION / virNetfilterAction, since its
scope is limited to that file and the related iptables.c/nftables.c
files ?
I have no good answer to that question, other than "Yeah, why *not*?" :-)
I guess at the time I had some sort of hairbrained idea I was going to
make virFirewall the abstraction layer above iptables vs nftables, which
in the end didn't work out, but by then this patch was buried way back
at the beginning and I stopped thinking about it :-/
