Re: [PATCH v2 5/6] util: add new "tc" layer for virFirewallCmd objects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/26/24 04:24, Laine Stump wrote:
> If the layer of a virFirewallCmd is "tc", then the "tc" utility will
> be executed using the arguments that had been added to the
> virFirewallCmd
> 
> tc layer doesn't support auto-rollback command creation (any rollback
> needs to be added manually with virFirewallAddRollbackCmd()), and also
> tc layer isn't supported by the iptables backend (it would have been
> straightforward to add, but the iptables backend doesn't need it, and
> I didn't want to take the chance of causing a regression in that
> code for no good reason).
> 
> Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
> ---
>  src/network/network_nftables.c |  1 +
>  src/util/virfirewall.c         | 66 +++++++++++++++++++++-------------
>  src/util/virfirewall.h         |  1 +
>  src/util/virfirewalld.c        |  1 +
>  4 files changed, 44 insertions(+), 25 deletions(-)
> 
> diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
> index f8b5ab665d..b3605bd40e 100644
> --- a/src/network/network_nftables.c
> +++ b/src/network/network_nftables.c
> @@ -73,6 +73,7 @@ VIR_ENUM_IMPL(nftablesLayer,
>                "",
>                "ip",
>                "ip6",
> +              "",
>  );
>  
>  
> diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
> index 811b787ecc..754bc18162 100644
> --- a/src/util/virfirewall.c
> +++ b/src/util/virfirewall.c
> @@ -47,6 +47,7 @@ VIR_ENUM_IMPL(virFirewallLayer,
>                "ethernet",
>                "ipv4",
>                "ipv6",
> +              "tc",
>  );
>  
>  typedef struct _virFirewallGroup virFirewallGroup;
> @@ -57,6 +58,7 @@ VIR_ENUM_IMPL(virFirewallLayerCommand,
>                EBTABLES,
>                IPTABLES,
>                IP6TABLES,
> +              TC,
>  );
>  
>  struct _virFirewallCmd {
> @@ -591,6 +593,7 @@ virFirewallCmdIptablesApply(virFirewall *firewall,
>      case VIR_FIREWALL_LAYER_IPV6:
>          virCommandAddArg(cmd, "-w");
>          break;
> +    case VIR_FIREWALL_LAYER_TC:
>      case VIR_FIREWALL_LAYER_LAST:
>          break;
>      }
> @@ -672,39 +675,52 @@ virFirewallCmdNftablesApply(virFirewall *firewall G_GNUC_UNUSED,
>      size_t i;
>      int status;
>  
> -    cmd = virCommandNew(NFT);
> +    if (fwCmd->layer == VIR_FIREWALL_LAYER_TC) {
>  
> -    if ((virFirewallTransactionGetFlags(firewall) & VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK) &&
> -        fwCmd->argsLen > 1) {
> -        /* skip any leading options to get to command verb */
> -        for (i = 0; i < fwCmd->argsLen - 1; i++) {
> -            if (fwCmd->args[i][0] != '-')
> -                break;
> -        }
> +        /* for VIR_FIREWALL_LAYER_TC, we run the 'tc' (traffic control) command with
> +         * the supplied args.
> +         */
> +    cmd = virCommandNew(TC);

Alignment.


Michal



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux