Introduce a shell variable 'EBT' to invoke the ebtables command.
Hard-code the used ebtables table to '-t nat'.
Tested with libvirt-tck.
---
src/nwfilter/nwfilter_ebiptables_driver.c | 170 +-
1 file changed, 97 insertions(+), 73 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -46,7 +46,6 @@
#define VIR_FROM_THIS VIR_FROM_NWFILTER
-#define EBTABLES_DEFAULT_TABLE "nat"
#define EBTABLES_CHAIN_INCOMING "PREROUTING"
#define EBTABLES_CHAIN_OUTGOING "POSTROUTING"
@@ -86,7 +85,6 @@ static char *ip6tables_cmd_path;
static char *grep_cmd_path;
static char *gawk_cmd_path;
-
#define PRINT_ROOT_CHAIN(buf, prefix, ifname) \
snprintf(buf, sizeof(buf), "libvirt-%c-%s", prefix, ifname)
#define PRINT_CHAIN(buf, prefix, ifname, suffix) \
@@ -110,7 +108,7 @@ static const char ebtables_script_func_c
"collect_chains()\n"
"{\n"
" for tmp2 in $*; do\n"
-"for tmp in $(%s -t %s -L $tmp2 | \\\n"
+"for tmp in $($EBT -t nat -L $tmp2 | \\\n"
" sed -n \"/Bridge chain/,\\$ s/.*-j ([%s]-.*)/1/p\");\n"
"do\n"
" echo $tmp\n"
@@ -122,8 +120,8 @@ static const char ebtables_script_func_c
static const char ebiptables_script_func_rm_chains[] =
"rm_chains()\n"
"{\n"
-" for tmp in $*; do %s -t %s -F $tmp; done\n"
-" for tmp in $*; do %s -t %s -X $tmp; done\n"
+" for tmp in $*; do $EBT -t nat -F $tmp; done\n"
+" for tmp in $*; do $EBT -t nat -X $tmp; done\n"
"}\n";
static const char ebiptables_script_func_rename_chains[] =
@@ -131,8 +129,8 @@ static const char ebiptables_script_func
"{\n"
" for tmp in $*; do\n"
"case $tmp in\n"
-" %c*) %s -t %s -E $tmp %c${tmp#?} ;;\n"
-" %c*) %s -t %s -E $tmp %c${tmp#?} ;;\n"
+" %c*) $EBT -t nat -E $tmp %c${tmp#?} ;;\n"
+" %c*) $EBT -t nat -E $tmp %c${tmp#?} ;;\n"
"esac\n"
" done\n"
"}\n";
@@ -146,6 +144,9 @@ static const char ebiptables_script_set_
#define NWFILTER_FUNC_RENAME_CHAINS ebiptables_script_func_rename_chains
#define NWFILTER_FUNC_SET_IFS ebiptables_script_set_ifs
+#define NWFILTER_SET_EBTABLES_SHELLVAR(BUFPTR) \
+virBufferAsprintf(BUFPTR, "EBT=%s\n", ebtables_cmd_path);
+
#define VIRT_IN_CHAIN "libvirt-in"
#define VIRT_OUT_CHAIN "libvirt-out"
#define VIRT_IN_POST_CHAIN "libvirt-in-post"
@@ -1990,9 +1991,8 @@ ebtablesCreateRuleInstance(char chainPre
case VIR_NWFILTER_RULE_PROTOCOL_MAC:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "%s -t %s -%%c %s %%s",
- ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain);
-
+ CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ chain);
if (ebtablesHandleEthHdr(&buf,
vars,
@@ -2015,8 +2015,8 @@ ebtablesCreateRuleInstance(char chainPre
case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "%s -t %s -%%c %s %%s",
- ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain);
+ CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ chain);
if (ebtablesHandleEthHdr(&buf,
@@ -2082,8 +2082,8 @@ ebtablesCreateRuleInstance(char chainPre
}
virBufferAsprintf(&buf,
- CMD_DEF_PRE "%s -t %s -%%c %s %%s",
- ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain);
+ CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ chain);
if (ebtablesHandleEthHdr(&buf,
@@ -2120,8 +2120,8 @@ ebtablesCreateRuleInstance(char chainPre
case VIR_NWFILTER_RULE_PROTOCOL_RARP:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "%s -t %s -%%c %s %%s",
- ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain);
+ CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ chain);
if (ebtablesHandleEthHdr(&buf,
vars,
@@ -2229,8 +2229,8 @@ ebtablesCreateRuleInstance(char chainPre
case VIR_NWFILTER_RULE_PROTOCOL_IP:
virBufferAsprintf(&buf,
- CMD_DEF_PRE "%s -t %s -%%c %s %%s",
- ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain);
+ CMD_DEF_PRE "$EBT -t nat -%%c %s %%s",
+ chain);
if (ebtablesHandleEthHdr(&buf,
vars,
@@ -2365,8 +2365,8 @@ ebtablesCreateRuleInstance(char chainPre
case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
virBufferAsprintf(&buf,
- CMD_D
