Signed-off-by: Laine Stump
---
src/network/bridge_driver_linux.c | 11 ++---
src/nwfilter/nwfilter_ebiptables_driver.c | 31 --
src/util/virebtables.c| 8 +---
src/util/viriptables.c| 6 +--
tests/virfirewalltest.c | 50 +--
5 files changed, 25 insertions(+), 81 deletions(-)
diff --git a/src/network/bridge_driver_linux.c
b/src/network/bridge_driver_linux.c
index 30f6aa8fe1..f72f94f38d 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -838,7 +838,7 @@ int networkAddFirewallRules(virNetworkDefPtr def)
{
size_t i;
virNetworkIPDefPtr ipdef;
-virFirewallPtr fw = NULL;
+g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
if (virOnce(, networkSetupPrivateChains) < 0)
@@ -925,8 +925,6 @@ int networkAddFirewallRules(virNetworkDefPtr def)
}
}
-fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
networkAddGeneralFirewallRules(fw, def);
@@ -956,7 +954,6 @@ int networkAddFirewallRules(virNetworkDefPtr def)
ret = 0;
cleanup:
-virFirewallFree(fw);
return ret;
}
@@ -965,9 +962,7 @@ void networkRemoveFirewallRules(virNetworkDefPtr def)
{
size_t i;
virNetworkIPDefPtr ipdef;
-virFirewallPtr fw = NULL;
-
-fw = virFirewallNew();
+g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
networkRemoveChecksumFirewallRules(fw, def);
@@ -985,5 +980,5 @@ void networkRemoveFirewallRules(virNetworkDefPtr def)
virFirewallApply(fw);
cleanup:
-virFirewallFree(fw);
+return;
}
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
index 6cdb3ca45e..2976521e6d 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2858,7 +2858,7 @@ static int
ebtablesApplyBasicRules(const char *ifname,
const virMacAddr *macaddr)
{
-virFirewallPtr fw = virFirewallNew();
+g_autoptr(virFirewall) fw = virFirewallNew();
char chain[MAX_CHAINNAME_LENGTH];
char chainPrefix = CHAINPREFIX_HOST_IN_TEMP;
char macaddr_str[VIR_MAC_STRING_BUFLEN];
@@ -2895,13 +2895,11 @@ ebtablesApplyBasicRules(const char *ifname,
if (virFirewallApply(fw) < 0)
goto tear_down_tmpebchains;
-virFirewallFree(fw);
return 0;
tear_down_tmpebchains:
ebtablesCleanAll(ifname);
error:
-virFirewallFree(fw);
return -1;
}
@@ -2934,7 +2932,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
char macaddr_str[VIR_MAC_STRING_BUFLEN];
unsigned int idx = 0;
unsigned int num_dhcpsrvrs;
-virFirewallPtr fw = virFirewallNew();
+g_autoptr(virFirewall) fw = virFirewallNew();
virMacAddrFormat(macaddr, macaddr_str);
@@ -3014,14 +3012,11 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
if (virFirewallApply(fw) < 0)
goto tear_down_tmpebchains;
-virFirewallFree(fw);
-
return 0;
tear_down_tmpebchains:
ebtablesCleanAll(ifname);
error:
-virFirewallFree(fw);
return -1;
}
@@ -3040,7 +3035,7 @@ ebtablesApplyDropAllRules(const char *ifname)
{
char chain_in [MAX_CHAINNAME_LENGTH],
chain_out[MAX_CHAINNAME_LENGTH];
-virFirewallPtr fw = virFirewallNew();
+g_autoptr(virFirewall) fw = virFirewallNew();
if (ebiptablesAllTeardown(ifname) < 0)
goto error;
@@ -3069,13 +3064,11 @@ ebtablesApplyDropAllRules(const char *ifname)
if (virFirewallApply(fw) < 0)
goto tear_down_tmpebchains;
-virFirewallFree(fw);
return 0;
tear_down_tmpebchains:
ebtablesCleanAll(ifname);
error:
-virFirewallFree(fw);
return -1;
}
@@ -3090,7 +3083,7 @@ ebtablesRemoveBasicRules(const char *ifname)
static int
ebtablesCleanAll(const char *ifname)
{
-virFirewallPtr fw = virFirewallNew();
+g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
@@ -3108,7 +3101,6 @@ ebtablesCleanAll(const char *ifname)
ebtablesRemoveTmpRootChainFW(fw, false, ifname);
ret = virFirewallApply(fw);
-virFirewallFree(fw);
return ret;
}
@@ -3357,7 +3349,7 @@ ebiptablesApplyNewRules(const char *ifname,
size_t nrules)
{
size_t i, j;
-virFirewallPtr fw = virFirewallNew();
+g_autoptr(virFirewall) fw = virFirewallNew();
virHashTablePtr chains_in_set = virHashCreate(10, NULL);
virHashTablePtr chains_out_set = virHashCreate(10, NULL);
bool haveEbtables = false;
@@ -3558,7 +3550,6 @@ ebiptablesApplyNewRules(const char *ifname,
for (i = 0; i < nsubchains; i++)
VIR_FREE(subchains[i]);
VIR_FREE(subchains);
-virFirewallFree(fw);
virHashFree(chains_in_set);
virHashFree(chains_out_set);