[libvirt] [PATCH 5/5] remove now unneeded iptablesContext
Mark McLoughlin
markmc at redhat.com
Thu Dec 10 12:17:48 UTC 2009
On Thu, 2009-12-10 at 12:08 +0000, Daniel P. Berrange wrote:
> On Thu, Dec 10, 2009 at 11:27:55AM +0000, Mark McLoughlin wrote:
> > iptablesContext no longer contains any state, so we can drop it
> >
> > * src/util/iptables.c, src/util/iptables.h: drop iptablesContext
> >
> > * src/network/bridge_driver.c: update callers
> >
> > * src/libvirt_private.syms: drop context new/free functions
>
>
> Ordinarily I'd ACK this, but one of the things I want to try and do
> in the future is to move all the libvirt rules out of the main
> INPUT/FORWARD/OUPUT chains, and into sub-chains. I think that the
> iptablesContxt struct might be useful for this, so can we leave this
> patch out for now.
That could done e.g. by using "libvirt-INPUT", which again wouldn't need
any state
It's a very nice simplification, easy to re-instate, so I'd prefer to
see it gone rather than for it to stick around under the guise of "we
might need it in future". Look how long it took us to delete the lokkit
code after we realized it was useless :)
Cheers,
Mark.
More information about the libvir-list
mailing list