Add BSD-specific platform flavor of the bridge driver which will be used as a base for Packet Filter (pf) based NAT networking implementation.
Signed-off-by: Roman Bogorodskiy <bogorods...@gmail.com> --- po/POTFILES | 1 + src/network/bridge_driver_bsd.c | 101 +++++++++++++++++++++++++++ src/network/bridge_driver_platform.c | 2 + 3 files changed, 104 insertions(+) create mode 100644 src/network/bridge_driver_bsd.c diff --git a/po/POTFILES b/po/POTFILES index 9747c38951..90664fe6e7 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -145,6 +145,7 @@ src/lxc/lxc_hostdev.c src/lxc/lxc_native.c src/lxc/lxc_process.c src/network/bridge_driver.c +src/network/bridge_driver_bsd.c src/network/bridge_driver_conf.c src/network/bridge_driver_linux.c src/network/bridge_driver_nop.c diff --git a/src/network/bridge_driver_bsd.c b/src/network/bridge_driver_bsd.c new file mode 100644 index 0000000000..93312fe6db --- /dev/null +++ b/src/network/bridge_driver_bsd.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2025 FreeBSD Foundation + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "virlog.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +VIR_LOG_INIT("network.bridge_driver_bsd"); + +static virErrorPtr errInitV4; +static virErrorPtr errInitV6; + +void networkPreReloadFirewallRules(virNetworkDriverState *driver G_GNUC_UNUSED, + bool startup G_GNUC_UNUSED, + bool force G_GNUC_UNUSED) +{ +} + + +void networkPostReloadFirewallRules(bool startup G_GNUC_UNUSED) +{ +} + + +int networkCheckRouteCollision(virNetworkDef *def G_GNUC_UNUSED) +{ + return 0; +} + +int networkAddFirewallRules(virNetworkDef *def G_GNUC_UNUSED, + virFirewallBackend firewallBackend, + virFirewall **fwRemoval G_GNUC_UNUSED) +{ + if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) { + VIR_DEBUG("No firewall rules to add for mode='open' network '%s'", def->name); + } else { + VIR_DEBUG("Adding firewall rules for mode='%s' network '%s' using %s", + virNetworkForwardTypeToString(def->forward.type), + def->name, + virFirewallBackendTypeToString(firewallBackend)); + + if (errInitV4 && + (virNetworkDefGetIPByIndex(def, AF_INET, 0) || + virNetworkDefGetRouteByIndex(def, AF_INET, 0))) { + virSetError(errInitV4); + return -1; + } + + if (errInitV6 && + (virNetworkDefGetIPByIndex(def, AF_INET6, 0) || + virNetworkDefGetRouteByIndex(def, AF_INET6, 0) || + def->ipv6nogw)) { + virSetError(errInitV6); + return -1; + } + + /* now actually add the rules */ + switch (firewallBackend) { + case VIR_FIREWALL_BACKEND_NONE: + virReportError(VIR_ERR_NO_SUPPORT, "%s", + _("No firewall backend is available")); + return -1; + + case VIR_FIREWALL_BACKEND_IPTABLES: + case VIR_FIREWALL_BACKEND_NFTABLES: + case VIR_FIREWALL_BACKEND_LAST: + virReportEnumRangeError(virFirewallBackend, firewallBackend); + return -1; + } + } + return 0; +} + +void +networkRemoveFirewallRules(virNetworkObj *obj, + bool unsetZone G_GNUC_UNUSED) +{ + virNetworkDef *def = virNetworkObjGetDef(obj); + if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) { + VIR_DEBUG("No firewall rules to remove for mode='open' network '%s'", + def->name); + return; + } +} diff --git a/src/network/bridge_driver_platform.c b/src/network/bridge_driver_platform.c index 9ddcb71063..42fbcdbc0b 100644 --- a/src/network/bridge_driver_platform.c +++ b/src/network/bridge_driver_platform.c @@ -25,6 +25,8 @@ #if defined(__linux__) # include "bridge_driver_linux.c" +#elif defined(__FreeBSD__) +# include "bridge_driver_bsd.c" #else # include "bridge_driver_nop.c" #endif -- 2.49.0
