virFirewallNewFromRollback() creates a new virFirewall object that
contains a copy of the "rollback" commands from an existing
virFirewall object, but in reverse order. The intent is that this
virFirewall be saved and used later to remove the firewall rules that
were added for a network.
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/libvirt_private.syms | 1 +
src/util/virfirewall.c | 59 ++++++++++++++++++++++++++++++++++++++++
src/util/virfirewall.h | 1 +
3 files changed, 61 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 1a9e996879..e3dcb353b7 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2416,6 +2416,7 @@ virFirewallCmdToString;
virFirewallFree;
virFirewallGetBackend;
virFirewallNew;
+virFirewallNewFromRollback;
virFirewallRemoveCmd;
virFirewallStartRollback;
virFirewallStartTransaction;
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index 8cc551d6e2..57d45abc17 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -751,3 +751,62 @@ virFirewallApply(virFirewall *firewall)
return 0;
}
+
+
+/**
+ * virFirewallNewFromRollback:
+
+ * @original: the original virFirewall object containing the rollback
+ * of interest
+ * @fwRemoval: a firewall object that, when applied, will remove @original
+ *
+ * Copy the rollback rules from the current virFirewall object as a
+ * new virFirewall. This virFirewall can then be saved to apply later
+ * and counteract everything done by the original.
+ *
+ * Returns 0 on success, -1 on error
+ */
+int
+virFirewallNewFromRollback(virFirewall *original,
+ virFirewall **fwRemoval)
+{
+ size_t g;
+ g_autoptr(virFirewall) firewall = NULL;
+
+ if (original->err) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("error in original firewall object"));
+ return -1;
+ }
+
+ firewall = virFirewallNew(original->backend);
+
+ /* add the rollback commands in reverse order of actions/groups of
+ * what was applied in the original firewall.
+ */
+ for (g = original->ngroups; g > 0; g--) {
+ size_t r;
+ virFirewallGroup *group = original->groups[g - 1];
+
+ if (group->nrollback == 0)
+ continue;
+
+ virFirewallStartTransaction(firewall, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
+
+ for (r = group->nrollback; r > 0; r--) {
+ size_t i;
+ virFirewallCmd *origCmd = group->rollback[r - 1];
+ virFirewallCmd *rbCmd = virFirewallAddCmd(firewall, origCmd->layer, NULL);
+
+ for (i = 0; i < origCmd->argsLen; i++)
+ ADD_ARG(rbCmd, origCmd->args[i]);
+ }
+ }
+
+ if (firewall->ngroups == 0)
+ VIR_DEBUG("original firewall object is empty");
+ else
+ *fwRemoval = g_steal_pointer(&firewall);
+
+ return 0;
+}
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index a4e62efbeb..7d8b36fa96 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -45,6 +45,7 @@ typedef enum {
VIR_ENUM_DECL(virFirewallBackend);
virFirewall *virFirewallNew(virFirewallBackend backend);
+int virFirewallNewFromRollback(virFirewall *original, virFirewall **fwRemoval);
void virFirewallFree(virFirewall *firewall);
virFirewallBackend virFirewallGetBackend(virFirewall *firewall);
--
2.44.0
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
