static void
iptablesInstCommand(virBufferPtr buf,
- const char *templ, char cmd, int pos)
+ const char *cmdstr)
{
- char position[10] = { 0 };
- if (pos >= 0)
- snprintf(position, sizeof(position), "%d", pos);
- virBufferAsprintf(buf, templ, cmd, position);
+ virBufferAdd(buf, cmdstr, -1);
virBufferAsprintf(buf, CMD_SEPARATOR "%s",
CMD_STOPONERR(true));
}
case VIR_NWFILTER_RULE_PROTOCOL_TCP:
case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p tcp");
case VIR_NWFILTER_RULE_PROTOCOL_UDP:
case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p udp");
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p udplite");
case VIR_NWFILTER_RULE_PROTOCOL_ESP:
case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p esp");
case VIR_NWFILTER_RULE_PROTOCOL_AH:
case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p ah");
case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p sctp");
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP)
case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p igmp");
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$IPT -%%c %s %%s",
+ CMD_DEF_PRE "$IPT -A %s",
chain);
virBufferAddLit(&buf, " -p all");
case VIR_NWFILTER_RULE_PROTOCOL_MAC:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
if (ebtablesHandleEthHdr(&buf,
case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
}
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
case VIR_NWFILTER_RULE_PROTOCOL_RARP:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
if (ebtablesHandleEthHdr(&buf,
case VIR_NWFILTER_RULE_PROTOCOL_IP:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
if (ebtablesHandleEthHdr(&buf,
case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
if (ebtablesHandleEthHdr(&buf,
case VIR_NWFILTER_RULE_PROTOCOL_NONE:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ CMD_DEF_PRE "$EBT -t nat -A %s",
chain);
break;
CMD_DEF("$EBT -t nat -N %s") CMD_SEPARATOR
CMD_EXEC
"%s"
- CMD_DEF("$EBT -t nat -%%c %s %%s %s-j %s")
+ CMD_DEF("$EBT -t nat -A %s %s-j %s")
CMD_SEPARATOR
CMD_EXEC
"%s",
static void
ebiptablesInstCommand(virBufferPtr buf,
- const char *templ, char cmd, int pos,
- bool stopOnError)
+ const char *cmdstr)
{
- char position[10] = { 0 };
- if (pos >= 0)
- snprintf(position, sizeof(position), "%d", pos);
- virBufferAsprintf(buf, templ, cmd, position);
+ virBufferAdd(buf, cmdstr, -1);
virBufferAsprintf(buf, CMD_SEPARATOR "%s",
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
}
static int
iptablesRuleInstCommand(virBufferPtr buf,
const char *ifname,
- virNWFilterRuleInstPtr rule,
- char cmd, int pos)
+ virNWFilterRuleInstPtr rule)
{
virNWFilterVarCombIterPtr vciter, tmp;
- char **templates = NULL;
- size_t ntemplates = 0;
+ char **cmds = NULL;
+ size_t ncmds = 0;
size_t i;
int ret = -1;
rule->def,
ifname,
tmp,
- &templates,
- &ntemplates) < 0)
+ &cmds,
+ &ncmds) < 0)
goto cleanup;
tmp = virNWFilterVarCombIterNext(tmp);
} while (tmp != NULL);
- for (i = 0; i < ntemplates; i++)
- iptablesInstCommand(buf, templates[i], cmd, pos);
+ for (i = 0; i < ncmds; i++)
+ iptablesInstCommand(buf, cmds[i]);
ret = 0;
cleanup:
- for (i = 0; i < ntemplates; i++)
- VIR_FREE(templates[i]);
- VIR_FREE(templates);
+ for (i = 0; i < ncmds; i++)
+ VIR_FREE(cmds[i]);
+ VIR_FREE(cmds);
virNWFilterVarCombIterFree(vciter);
return ret;
}
static int
ebtablesRuleInstCommand(virBufferPtr buf,
const char *ifname,
- virNWFilterRuleInstPtr rule,
- char cmd, int pos,
- bool stopOnError)
+ virNWFilterRuleInstPtr rule)
{
virNWFilterVarCombIterPtr vciter, tmp;
- char **templates = NULL;
- size_t ntemplates = 0;
+ char **cmds = NULL;
+ size_t ncmds = 0;
size_t i;
int ret = -1;
rule->def,
ifname,
tmp,
- &templates,
- &ntemplates) < 0)
+ &cmds,
+ &ncmds) < 0)
goto cleanup;
tmp = virNWFilterVarCombIterNext(tmp);
} while (tmp != NULL);
- for (i = 0; i < ntemplates; i++)
- ebiptablesInstCommand(buf, templates[i], cmd, pos, stopOnError);
+ for (i = 0; i < ncmds; i++)
+ ebiptablesInstCommand(buf, cmds[i]);
ret = 0;
cleanup:
- for (i = 0; i < ntemplates; i++)
- VIR_FREE(templates[i]);
- VIR_FREE(templates);
+ for (i = 0; i < ncmds; i++)
+ VIR_FREE(cmds[i]);
+ VIR_FREE(cmds);
virNWFilterVarCombIterFree(vciter);
return ret;
}
while (j < nEbtChains &&
ebtChains[j].priority <= rules[i]->priority) {
ebiptablesInstCommand(&buf,
- ebtChains[j++].commandTemplate,
- 'A', -1, true);
+ ebtChains[j++].commandTemplate);
}
ebtablesRuleInstCommand(&buf,
ifname,
- rules[i],
- 'A', -1, true);
+ rules[i]);
} else {
if (virNWFilterRuleIsProtocolIPv4(rules[i]->def))
haveIptables = true;
while (j < nEbtChains)
ebiptablesInstCommand(&buf,
- ebtChains[j++].commandTemplate,
- 'A', -1, true);
+ ebtChains[j++].commandTemplate);
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
goto tear_down_tmpebchains;
if (virNWFilterRuleIsProtocolIPv4(rules[i]->def))
iptablesRuleInstCommand(&buf,
ifname,
- rules[i],
- 'A', -1);
+ rules[i]);
}
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
if (virNWFilterRuleIsProtocolIPv6(rules[i]->def))
iptablesRuleInstCommand(&buf,
ifname,
- rules[i],
- 'A', -1);
+ rules[i]);
}
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff