On Sun, Apr 21, 2024 at 10:53:10PM -0400, Laine Stump wrote: > Although initially we will add exactly the same rules for the nftables > backend, the two may (hopefully) soon diverge as we take advantage of > nftables features that weren't available in iptables. When we do that, > there will need to be a different version of these functions (currently in > bridge_driver_linux.c) for each backend: > > networkAddFirewallRules() > networkRemoveFirewallRules() > networkSetupPrivateChains() > > Although it will mean duplicating some amount of code (with just the > function names changed) for the nftables backend, this patch moves all > of the rule-related code in the above three functions into iptables*() > functions in network_iptables.c, and changes the functions in > bridge_driver_linux.c to call the iptables*() functions. When we make > a different backend, it will only need to make equivalents of those 3 > functions publicly available to the upper layer. > > Signed-off-by: Laine Stump <laine@xxxxxxxxxx> > --- > src/network/bridge_driver_linux.c | 556 +---------------------------- > src/network/network_iptables.c | 562 +++++++++++++++++++++++++++++- > src/network/network_iptables.h | 7 +- > 3 files changed, 574 insertions(+), 551 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
