[libvirt PATCH 00/12] Clean up cruft in firewall/iptables code (in preparation for nftables)

Michal Prívozník mprivozn at redhat.com
Mon Dec 13 09:40:45 UTC 2021 

On 12/12/21 20:48, Laine Stump wrote:
> These patches make no functional change, they just remove a bunch of
> cruft that accumulated over the years and is no longer needed.
> 
> This is all in advance of adding support for native nftable support,
> but there is nothing nftables-specific being added here; I just wanted
> to get these cleanups out of way now so that the eventual nftables
> support patchset is smaller and less complicated.
> 
> (NB: the concept of a "firewall backend" is being removed here,
> implying that it will no longer exist. This is not true, but the way
> that it will exist in the future will be different (per-firewall
> object rather than per-process) so almost all of the existing code
> won't be applicable anyway.)
> 
> Laine Stump (12):
>   network: eliminate code that uses default iptables chains
>   util: rename/move iptablesFormatNetwork to
>     virSocketAddrFormatWithPrefix
>   util: rename iptables operators to something less generic
>   tests: remove firewalld backend tests from virfirewalltest.c
>   tests: remove unnecessary ret variables and cleanup labels
>   tests: document why virgdbus must be mocked in
>     networkxml2firewalltest.c
>   util: eliminate pointless switch in virFirewallApplyRule
>   util: simplify virFirewallBackendSynchronize()
>   util: move and rename virFirewallBackendSynchronize()
>   util: remove check for iptables binary during virFirewallInit
>   util: remove currentBackend from virfirewall.c
>   util: remove virFirewallOnceInit()
> 
>  src/libvirt_private.syms          |   5 +-
>  src/network/bridge_driver_linux.c |  37 +--
>  src/util/virfirewall.c            | 143 +----------
>  src/util/virfirewall.h            |   2 -
>  src/util/virfirewalld.c           |  43 ++++
>  src/util/virfirewalld.h           |   2 +
>  src/util/virfirewallpriv.h        |  37 ---
>  src/util/viriptables.c            | 207 +++++++---------
>  src/util/viriptables.h            |   2 -
>  src/util/virsocketaddr.c          |  44 ++++
>  src/util/virsocketaddr.h          |   3 +
>  tests/networkxml2firewalltest.c   |  14 +-
>  tests/nwfilterebiptablestest.c    |   7 -
>  tests/nwfilterxml2firewalltest.c  |   8 +-
>  tests/virfirewalltest.c           | 390 ++++--------------------------
>  15 files changed, 247 insertions(+), 697 deletions(-)
>  delete mode 100644 src/util/virfirewallpriv.h
> 

Reviewed-by: Michal Privoznik <mprivozn at redhat.com>

Michal

More information about the libvir-list mailing list