The bridge_driver_platform.h defines many functions that a platform driver must implement. Only two of these functions are actually called from the main bridge driver code. The remainder can be made internal to the linux driver only. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- src/network/bridge_driver_linux.c | 42 ++++++++++++++++++++++++------------ src/network/bridge_driver_nop.c | 42 ------------------------------------ src/network/bridge_driver_platform.h | 22 ------------------- 3 files changed, 28 insertions(+), 78 deletions(-) diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index a2f0248..ff62cb3 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -130,8 +130,9 @@ out: static const char networkLocalMulticast[] = "224.0.0.0/24"; static const char networkLocalBroadcast[] = "255.255.255.255/32"; -int networkAddMasqueradingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef) +static int +networkAddMasqueradingFirewallRules(virNetworkObjPtr network, + virNetworkIpDefPtr ipdef) { int prefix = virNetworkIpDefPrefix(ipdef); const char *forwardIf = virNetworkDefForwardIf(network->def, 0); @@ -322,8 +323,9 @@ int networkAddMasqueradingFirewallRules(virNetworkObjPtr network, return -1; } -void networkRemoveMasqueradingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef) +static void +networkRemoveMasqueradingFirewallRules(virNetworkObjPtr network, + virNetworkIpDefPtr ipdef) { int prefix = virNetworkIpDefPrefix(ipdef); const char *forwardIf = virNetworkDefForwardIf(network->def, 0); @@ -367,8 +369,9 @@ void networkRemoveMasqueradingFirewallRules(virNetworkObjPtr network, } } -int networkAddRoutingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef) +static int +networkAddRoutingFirewallRules(virNetworkObjPtr network, + virNetworkIpDefPtr ipdef) { int prefix = virNetworkIpDefPrefix(ipdef); const char *forwardIf = virNetworkDefForwardIf(network->def, 0); @@ -413,8 +416,10 @@ routeerr1: return -1; } -void networkRemoveRoutingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef) + +static void +networkRemoveRoutingFirewallRules(virNetworkObjPtr network, + virNetworkIpDefPtr ipdef) { int prefix = virNetworkIpDefPrefix(ipdef); const char *forwardIf = virNetworkDefForwardIf(network->def, 0); @@ -534,7 +539,9 @@ networkRemoveGeneralIp6tablesRules(virNetworkObjPtr network) iptablesRemoveForwardRejectOut(AF_INET6, network->def->bridge); } -int networkAddGeneralFirewallRules(virNetworkObjPtr network) + +static int +networkAddGeneralFirewallRules(virNetworkObjPtr network) { size_t i; virNetworkIpDefPtr ipv4def; @@ -664,7 +671,9 @@ err1: return -1; } -void networkRemoveGeneralFirewallRules(virNetworkObjPtr network) + +static void +networkRemoveGeneralFirewallRules(virNetworkObjPtr network) { size_t i; virNetworkIpDefPtr ipv4def; @@ -694,8 +703,10 @@ void networkRemoveGeneralFirewallRules(virNetworkObjPtr network) iptablesRemoveTcpInput(AF_INET, network->def->bridge, 67); } -int networkAddIpSpecificFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef) + +static int +networkAddIpSpecificFirewallRules(virNetworkObjPtr network, + virNetworkIpDefPtr ipdef) { /* NB: in the case of IPv6, routing rules are added when the * forward mode is NAT. This is because IPv6 has no NAT. @@ -712,8 +723,10 @@ int networkAddIpSpecificFirewallRules(virNetworkObjPtr network, return 0; } -void networkRemoveIpSpecificFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef) + +static void +networkRemoveIpSpecificFirewallRules(virNetworkObjPtr network, + virNetworkIpDefPtr ipdef) { if (network->def->forward.type == VIR_NETWORK_FORWARD_NAT) { if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) @@ -725,6 +738,7 @@ void networkRemoveIpSpecificFirewallRules(virNetworkObjPtr network, } } + /* Add all rules for all ip addresses (and general rules) on a network */ int networkAddFirewallRules(virNetworkObjPtr network) { diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c index 23c712d..b8aeaba 100644 --- a/src/network/bridge_driver_nop.c +++ b/src/network/bridge_driver_nop.c @@ -26,48 +26,6 @@ int networkCheckRouteCollision(virNetworkObjPtr network ATTRIBUTE_UNUSED) return 0; } -int networkAddMasqueradingFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED, - virNetworkIpDefPtr ipdef ATTRIBUTE_UNUSED) -{ - return 0; -} - -void networkRemoveMasqueradingFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED, - virNetworkIpDefPtr ipdef ATTRIBUTE_UNUSED) -{ -} - -int networkAddRoutingFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED, - virNetworkIpDefPtr ipdef ATTRIBUTE_UNUSED) -{ - return 0; -} - -void networkRemoveRoutingFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED, - virNetworkIpDefPtr ipdef ATTRIBUTE_UNUSED) -{ -} - -int networkAddGeneralFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED) -{ - return 0; -} - -void networkRemoveGeneralFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED) -{ -} - -int networkAddIpSpecificFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED, - virNetworkIpDefPtr ipdef ATTRIBUTE_UNUSED) -{ - return 0; -} - -void networkRemoveIpSpecificFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED, - virNetworkIpDefPtr ipdef ATTRIBUTE_UNUSED) -{ -} - int networkAddFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED) { return 0; diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h index 82d96f6..13d2fce 100644 --- a/src/network/bridge_driver_platform.h +++ b/src/network/bridge_driver_platform.h @@ -53,28 +53,6 @@ typedef virNetworkDriverState *virNetworkDriverStatePtr; int networkCheckRouteCollision(virNetworkObjPtr network); -int networkAddMasqueradingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef); - -void networkRemoveMasqueradingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef); - -int networkAddRoutingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef); - -void networkRemoveRoutingFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef); - -int networkAddGeneralFirewallRules(virNetworkObjPtr network); - -void networkRemoveGeneralFirewallRules(virNetworkObjPtr network); - -int networkAddIpSpecificFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef); - -void networkRemoveIpSpecificFirewallRules(virNetworkObjPtr network, - virNetworkIpDefPtr ipdef); - int networkAddFirewallRules(virNetworkObjPtr network); void networkRemoveFirewallRules(virNetworkObjPtr network); -- 1.8.5.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list