openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Like --with-iptables-prefix, --with-iptables-dir is no 

longer useful, so let's remove it.
This commit is contained in:
Mark McLoughlin 2008-01-10 13:57:48 +00:00
parent f8e0674ad5
commit 9b29b2a2a5
3 changed files with 18 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com>
Like --with-iptables-prefix, --with-iptables-dir is no
longer useful, so let's remove it.
* configure.in, src/iptables.c: remove --with-iptables-dir
Thu Jan 10 13:54:10 GMT 2008 Mark McLoughlin <markmc@redhat.com> Thu Jan 10 13:54:10 GMT 2008 Mark McLoughlin <markmc@redhat.com>
--with-iptables-prefix was added to integrate with --with-iptables-prefix was added to integrate with

12
configure.in
View File

@ -182,18 +182,6 @@ fi
AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_HAT, test x$with_init_scripts = xredhat) AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_HAT, test x$with_init_scripts = xredhat)
AC_MSG_RESULT($with_init_scripts) AC_MSG_RESULT($with_init_scripts)
dnl
dnl also support saving the various chains to files
dnl in e.g. /etc/sysconfig/iptables.d
dnl
AC_ARG_WITH(iptables-dir,
AC_HELP_STRING([--with-iptables-dir=path],
[directory used to save iptables chains, defaults to not saving]),
[IPTABLES_DIR=$withval])
if test x"$IPTABLES_DIR" != "x"; then
AC_DEFINE_UNQUOTED(IPTABLES_DIR, "$IPTABLES_DIR", [directory used for saving iptables chains])
fi
dnl dnl
dnl ensure that Fedora's system-config-firewall knows dnl ensure that Fedora's system-config-firewall knows
dnl about libvirt's iptables rules dnl about libvirt's iptables rules

34
src/iptables.c
View File

@ -48,11 +48,6 @@
#define qemudLog(level, msg...) fprintf(stderr, msg) #define qemudLog(level, msg...) fprintf(stderr, msg)
#ifdef ENABLE_IPTABLES_LOKKIT
#undef IPTABLES_DIR
#define IPTABLES_DIR LOCAL_STATE_DIR "/lib/libvirt/iptables"
#endif
enum { enum {
ADD = 0, ADD = 0,
REMOVE REMOVE
@ -73,12 +68,12 @@ typedef struct
int nrules; int nrules;
iptRule *rules; iptRule *rules;
#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT
char dir[PATH_MAX]; char dir[PATH_MAX];
char path[PATH_MAX]; char path[PATH_MAX];
#endif /* IPTABLES_DIR */ #endif /* ENABLE_IPTABLES_LOKKIT */
} iptRules; } iptRules;
@ -89,7 +84,6 @@ struct _iptablesContext
iptRules *nat_postrouting; iptRules *nat_postrouting;
}; };
#ifdef IPTABLES_DIR
#ifdef ENABLE_IPTABLES_LOKKIT #ifdef ENABLE_IPTABLES_LOKKIT
static void static void
notifyRulesUpdated(const char *table, notifyRulesUpdated(const char *table,
@ -189,7 +183,6 @@ notifyRulesRemoved(const char *table,
#undef MAX_FILE_LEN #undef MAX_FILE_LEN
} }
#endif /* ENABLE_IPTABLES_LOKKIT */
static int static int
writeRules(const char *path, writeRules(const char *path,
@ -237,7 +230,7 @@ writeRules(const char *path,
return 0; return 0;
} }
#endif /* IPTABLES_DIR */ #endif /* ENABLE_IPTABLES_LOKKIT */
static void static void
iptRuleFree(iptRule *rule) iptRuleFree(iptRule *rule)
@ -279,7 +272,7 @@ iptRulesAppend(iptRules *rules,
rules->nrules++; rules->nrules++;
#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT
{ {
int err; int err;
@ -290,12 +283,9 @@ iptRulesAppend(iptRules *rules,
return err; return err;
} }
#ifdef ENABLE_IPTABLES_LOKKIT
notifyRulesUpdated(rules->table, rules->path); notifyRulesUpdated(rules->table, rules->path);
#endif /* ENABLE_IPTABLES_LOKKIT */ #endif /* ENABLE_IPTABLES_LOKKIT */
#endif /* IPTABLES_DIR */
return 0; return 0;
} }
@ -320,7 +310,7 @@ iptRulesRemove(iptRules *rules,
rules->nrules--; rules->nrules--;
#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT
{ {
int err; int err;
@ -328,15 +318,12 @@ iptRulesRemove(iptRules *rules,
return err; return err;
} }
#ifdef ENABLE_IPTABLES_LOKKIT
if (rules->nrules > 0) if (rules->nrules > 0)
notifyRulesUpdated(rules->table, rules->path); notifyRulesUpdated(rules->table, rules->path);
else else
notifyRulesRemoved(rules->table, rules->path); notifyRulesRemoved(rules->table, rules->path);
#endif /* ENABLE_IPTABLES_LOKKIT */ #endif /* ENABLE_IPTABLES_LOKKIT */
#endif /* IPTABLES_DIR */
return 0; return 0;
} }
@ -366,10 +353,10 @@ iptRulesFree(iptRules *rules)
rules->nrules = 0; rules->nrules = 0;
} }
#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT
rules->dir[0] = '\0'; rules->dir[0] = '\0';
rules->path[0] = '\0'; rules->path[0] = '\0';
#endif /* IPTABLES_DIR */ #endif /* ENABLE_IPTABLES_LOKKIT */
free(rules); free(rules);
} }
@ -392,13 +379,14 @@ iptRulesNew(const char *table,
rules->rules = NULL; rules->rules = NULL;
rules->nrules = 0; rules->nrules = 0;
#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT
if (virFileBuildPath(IPTABLES_DIR, table, NULL, rules->dir, sizeof(rules->dir)) < 0) if (virFileBuildPath(LOCAL_STATE_DIR "/lib/libvirt/iptables", table, NULL,
rules->dir, sizeof(rules->dir)) < 0)
goto error; goto error;
if (virFileBuildPath(rules->dir, chain, ".chain", rules->path, sizeof(rules->path)) < 0) if (virFileBuildPath(rules->dir, chain, ".chain", rules->path, sizeof(rules->path)) < 0)
goto error; goto error;
#endif /* IPTABLES_DIR */ #endif /* ENABLE_IPTABLES_LOKKIT */
return rules; return rules;