[Xen-devel] [PATCH RFC 2/2] tools/hotplug: Insert output filter only once

[Ian Jackson <ian.jackson@xxxxxxxxxxxxx>]

Break frob_iptable into two subroutines frob_iptable_in and
frob_iptable_out_all.

frob_iptable_in must be called with the iptables command name and
appropriate parameters (for each source address or condition, as
necessary).

frob_iptable_out_all must be called exactly once.

Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
 tools/hotplug/Linux/vif-common.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tools/hotplug/Linux/vif-common.sh 
b/tools/hotplug/Linux/vif-common.sh
index 20cb6a7..b7b3e32 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -138,10 +138,15 @@ frob_iptable_command()
   fi
 }
 
-frob_iptable()
+frob_iptable_in()
 {
-  frob_iptable_command iptables FORWARD -w $dev_in_match "$dev" \
+  local iptables=$1; shift
+  frob_iptable_command $iptables FORWARD -w $dev_in_match "$dev" \
     "$@" -j ACCEPT 2>/dev/null
+}
+
+frob_iptable_out_all()
+{
   frob_iptable_command iptables FORWARD -w $dev_out_match "$dev" \
     -j ACCEPT 2>/dev/null
 }
@@ -186,10 +191,12 @@ handle_iptable()
       done
 
       # Always allow the domain to talk to a DHCP server.
-      frob_iptable -p udp --sport 68 --dport 67
+      frob_iptable_in iptables -p udp --sport 68 --dport 67
+      frob_iptable_out_all
   else
       # No IP addresses have been specified, so allow anything.
-      frob_iptable
+      frob_iptable_in iptables
+      frob_iptable_out_all
   fi
 
   release_lock "iptables"
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel