[PATCH 06/26] Add helper methods for determining what protocol layer is used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods
to avoid having to write a giant switch statements with many cases.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/conf/nwfilter_conf.c                  | 27 ++++++++++++++
 src/conf/nwfilter_conf.h                  | 14 ++++++++
 src/libvirt_private.syms                  |  3 ++
 src/nwfilter/nwfilter_ebiptables_driver.c | 58 +++++++------------------------
 4 files changed, 56 insertions(+), 46 deletions(-)

diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index f5a75e4..968e045 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -3484,3 +3484,30 @@ void virNWFilterObjUnlock(virNWFilterObjPtr obj)
 {
     virMutexUnlock(&obj->lock);
 }
+
+
+bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule)
+{
+    if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP &&
+        rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALL)
+        return true;
+    return false;
+}
+
+
+bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule)
+{
+    if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6 &&
+        rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6)
+        return true;
+    return false;
+}
+
+
+bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule)
+{
+    if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_NONE &&
+        rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_IPV6)
+        return true;
+    return false;
+}
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index aded4de..9f9deab 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -373,7 +373,13 @@ enum virNWFilterChainPolicyType {
     VIR_NWFILTER_CHAIN_POLICY_LAST,
 };
 
+
+/*
+ * If adding protocols be sure to update the
+ * virNWFilterRuleIsProtocolXXXX function impls
+ */
 enum virNWFilterRuleProtocolType {
+    /* Ethernet layer protocols */
     VIR_NWFILTER_RULE_PROTOCOL_NONE = 0,
     VIR_NWFILTER_RULE_PROTOCOL_MAC,
     VIR_NWFILTER_RULE_PROTOCOL_VLAN,
@@ -382,6 +388,8 @@ enum virNWFilterRuleProtocolType {
     VIR_NWFILTER_RULE_PROTOCOL_RARP,
     VIR_NWFILTER_RULE_PROTOCOL_IP,
     VIR_NWFILTER_RULE_PROTOCOL_IPV6,
+
+    /* IPv4 layer protocols */
     VIR_NWFILTER_RULE_PROTOCOL_TCP,
     VIR_NWFILTER_RULE_PROTOCOL_ICMP,
     VIR_NWFILTER_RULE_PROTOCOL_IGMP,
@@ -391,6 +399,8 @@ enum virNWFilterRuleProtocolType {
     VIR_NWFILTER_RULE_PROTOCOL_AH,
     VIR_NWFILTER_RULE_PROTOCOL_SCTP,
     VIR_NWFILTER_RULE_PROTOCOL_ALL,
+
+    /* IPv6 layer protocols */
     VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6,
     VIR_NWFILTER_RULE_PROTOCOL_ICMPV6,
     VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6,
@@ -667,6 +677,10 @@ void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask,
                               char sep, uint8_t flags);
 
 
+bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule);
+bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule);
+bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule);
+
 VIR_ENUM_DECL(virNWFilterRuleAction);
 VIR_ENUM_DECL(virNWFilterRuleDirection);
 VIR_ENUM_DECL(virNWFilterRuleProtocol);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 55aa586..0c2cf75 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -597,6 +597,9 @@ virNWFilterReadLockFilterUpdates;
 virNWFilterRegisterCallbackDriver;
 virNWFilterRuleActionTypeToString;
 virNWFilterRuleDirectionTypeToString;
+virNWFilterRuleIsProtocolEthernet;
+virNWFilterRuleIsProtocolIPv4;
+virNWFilterRuleIsProtocolIPv6;
 virNWFilterRuleProtocolTypeToString;
 virNWFilterTestUnassignDef;
 virNWFilterUnlockFilterUpdates;
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 0885bb1..410f0e1 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2656,18 +2656,8 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
                              virNWFilterRuleInstPtr res)
 {
     int rc = 0;
-    bool isIPv6;
-
-    switch (rule->prtclType) {
-    case VIR_NWFILTER_RULE_PROTOCOL_IP:
-    case VIR_NWFILTER_RULE_PROTOCOL_MAC:
-    case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
-    case VIR_NWFILTER_RULE_PROTOCOL_STP:
-    case VIR_NWFILTER_RULE_PROTOCOL_ARP:
-    case VIR_NWFILTER_RULE_PROTOCOL_RARP:
-    case VIR_NWFILTER_RULE_PROTOCOL_NONE:
-    case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
 
+    if (virNWFilterRuleIsProtocolEthernet(rule)) {
         if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
             rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
             rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP,
@@ -2691,48 +2681,24 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
                                             res,
                                             false);
         }
-    break;
-
-    case VIR_NWFILTER_RULE_PROTOCOL_TCP:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDP:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
-    case VIR_NWFILTER_RULE_PROTOCOL_ESP:
-    case VIR_NWFILTER_RULE_PROTOCOL_AH:
-    case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
-    case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
-    case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
-    case VIR_NWFILTER_RULE_PROTOCOL_ALL:
-        isIPv6 = false;
-        rc = iptablesCreateRuleInstance(nwfilter,
-                                        rule,
-                                        ifname,
-                                        vars,
-                                        res,
-                                        isIPv6);
-    break;
+    } else {
+        bool isIPv6;
+        if (virNWFilterRuleIsProtocolIPv6(rule)) {
+            isIPv6 = true;
+        } else if (virNWFilterRuleIsProtocolIPv4(rule)) {
+            isIPv6 = false;
+        } else {
+            virReportError(VIR_ERR_OPERATION_FAILED,
+                           "%s", _("unexpected protocol type"));
+            return -1;
+        }
 
-    case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
-        isIPv6 = true;
         rc = iptablesCreateRuleInstance(nwfilter,
                                         rule,
                                         ifname,
                                         vars,
                                         res,
                                         isIPv6);
-    break;
-
-    case VIR_NWFILTER_RULE_PROTOCOL_LAST:
-        virReportError(VIR_ERR_OPERATION_FAILED,
-                       "%s", _("illegal protocol type"));
-        rc = -1;
-    break;
     }
 
     return rc;
-- 
1.9.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]