[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvir] [patch 9/9] Remove --with-iptables-dir



--with-iptables-dir was added to integrate with
a proposed system for letting iptables know how to
reload our rules.

The idea was that we'd save our rules to a file
under /etc/sysconfig/iptable.d and the iptables
init script would load the rules from there when
it was reloading.

The proposed system wasn't accepted so, although
there might be some theoretical use for this other
than the lokkit support, let's just remove it
for now.

Signed-off-by: Mark McLoughlin <markmc redhat com>

Index: libvirt/configure.in
===================================================================
--- libvirt.orig/configure.in	2008-01-04 15:24:39.000000000 +0000
+++ libvirt.orig/configure.in	2008-01-04 15:24:39.000000000 +0000
@@ -183,18 +183,6 @@ AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_
 AC_MSG_RESULT($with_init_scripts)
 
 dnl
-dnl also support saving the various chains to files
-dnl in e.g. /etc/sysconfig/iptables.d
-dnl
-AC_ARG_WITH(iptables-dir,
-            AC_HELP_STRING([--with-iptables-dir=path],
-                           [directory used to save iptables chains, defaults to not saving]),
-            [IPTABLES_DIR=$withval])
-if test x"$IPTABLES_DIR" != "x"; then
-   AC_DEFINE_UNQUOTED(IPTABLES_DIR, "$IPTABLES_DIR", [directory used for saving iptables chains])
-fi
-
-dnl
 dnl ensure that Fedora's system-config-firewall knows
 dnl about libvirt's iptables rules
 dnl
Index: libvirt/src/iptables.c
===================================================================
--- libvirt.orig/src/iptables.c	2008-01-04 15:25:07.000000000 +0000
+++ libvirt.orig/src/iptables.c	2008-01-04 15:25:07.000000000 +0000
@@ -48,11 +48,6 @@
 
 #define qemudLog(level, msg...) fprintf(stderr, msg)
 
-#ifdef ENABLE_IPTABLES_LOKKIT
-#undef IPTABLES_DIR
-#define IPTABLES_DIR LOCAL_STATE_DIR "/lib/libvirt/iptables"
-#endif
-
 enum {
     ADD = 0,
     REMOVE
@@ -78,12 +73,12 @@ typedef struct
     int      nrules;
     iptRule *rules;
 
-#ifdef IPTABLES_DIR
+#ifdef ENABLE_IPTABLES_LOKKIT
 
     char   dir[PATH_MAX];
     char   path[PATH_MAX];
 
-#endif /* IPTABLES_DIR */
+#endif /* ENABLE_IPTABLES_LOKKIT */
 
 } iptRules;
 
@@ -137,7 +132,6 @@ iptablesSpawn(int errors, char * const *
         return (WIFEXITED(status) && WEXITSTATUS(status) == 0) ? 0 : EINVAL;
 }
 
-#ifdef IPTABLES_DIR
 #ifdef ENABLE_IPTABLES_LOKKIT
 static void
 notifyRulesUpdated(const char *table,
@@ -238,7 +232,6 @@ notifyRulesRemoved(const char *table,
 
 #undef MAX_FILE_LEN
 }
-#endif /* ENABLE_IPTABLES_LOKKIT */
 
 static int
 writeRules(const char *path,
@@ -286,7 +279,7 @@ writeRules(const char *path,
 
     return 0;
 }
-#endif /* IPTABLES_DIR */
+#endif /* ENABLE_IPTABLES_LOKKIT */
 
 static void
 iptRuleFree(iptRule *rule)
@@ -328,7 +321,7 @@ iptRulesAppend(iptRules *rules,
 
     rules->nrules++;
 
-#ifdef IPTABLES_DIR
+#ifdef ENABLE_IPTABLES_LOKKIT
     {
         int err;
 
@@ -339,12 +332,9 @@ iptRulesAppend(iptRules *rules,
             return err;
     }
 
-#ifdef ENABLE_IPTABLES_LOKKIT
     notifyRulesUpdated(rules->table, rules->path);
 #endif /* ENABLE_IPTABLES_LOKKIT */
 
-#endif /* IPTABLES_DIR */
-
     return 0;
 }
 
@@ -369,7 +359,7 @@ iptRulesRemove(iptRules *rules,
 
     rules->nrules--;
 
-#ifdef IPTABLES_DIR
+#ifdef ENABLE_IPTABLES_LOKKIT
     {
         int err;
 
@@ -377,15 +367,12 @@ iptRulesRemove(iptRules *rules,
             return err;
     }
 
-#ifdef ENABLE_IPTABLES_LOKKIT
     if (rules->nrules > 0)
         notifyRulesUpdated(rules->table, rules->path);
     else
         notifyRulesRemoved(rules->table, rules->path);
 #endif /* ENABLE_IPTABLES_LOKKIT */
 
-#endif /* IPTABLES_DIR */
-
     return 0;
 }
 
@@ -415,10 +402,10 @@ iptRulesFree(iptRules *rules)
         rules->nrules = 0;
     }
 
-#ifdef IPTABLES_DIR
+#ifdef ENABLE_IPTABLES_LOKKIT
     rules->dir[0] = '\0';
     rules->path[0] = '\0';
-#endif /* IPTABLES_DIR */
+#endif /* ENABLE_IPTABLES_LOKKIT */
 
     free(rules);
 }
@@ -441,13 +428,14 @@ iptRulesNew(const char *table,
     rules->rules = NULL;
     rules->nrules = 0;
 
-#ifdef IPTABLES_DIR
-    if (virFileBuildPath(IPTABLES_DIR, table, NULL, rules->dir, sizeof(rules->dir)) < 0)
+#ifdef ENABLE_IPTABLES_LOKKIT
+    if (virFileBuildPath(LOCAL_STATE_DIR "/lib/libvirt/iptables", table, NULL,
+                         rules->dir, sizeof(rules->dir)) < 0)
         goto error;
 
     if (virFileBuildPath(rules->dir, chain, ".chain", rules->path, sizeof(rules->path)) < 0)
         goto error;
-#endif /* IPTABLES_DIR */
+#endif /* ENABLE_IPTABLES_LOKKIT */
 
     return rules;
 

-- 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]