mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
Use the actual names of chains in data structure
Use the name of the chain rather than its type index (enum). This pushes the later enablement of chains with user-given names into the XML parser. For now we still only allow those names that are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6'). Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
parent
4a410218a0
commit
19028ad6dc
@ -309,6 +309,7 @@ virNWFilterDefFree(virNWFilterDefPtr def) {
|
|||||||
virNWFilterEntryFree(def->filterEntries[i]);
|
virNWFilterEntryFree(def->filterEntries[i]);
|
||||||
|
|
||||||
VIR_FREE(def->filterEntries);
|
VIR_FREE(def->filterEntries);
|
||||||
|
VIR_FREE(def->chainsuffix);
|
||||||
|
|
||||||
VIR_FREE(def);
|
VIR_FREE(def);
|
||||||
}
|
}
|
||||||
@ -2027,21 +2028,28 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret->chainsuffix = VIR_NWFILTER_CHAINSUFFIX_ROOT;
|
|
||||||
chain = virXPathString("string(./@chain)", ctxt);
|
chain = virXPathString("string(./@chain)", ctxt);
|
||||||
if (chain) {
|
if (chain) {
|
||||||
if ((ret->chainsuffix =
|
if (virNWFilterChainSuffixTypeFromString(chain) < 0) {
|
||||||
virNWFilterChainSuffixTypeFromString(chain)) < 0) {
|
|
||||||
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
|
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
_("unknown chain suffix '%s'"), chain);
|
_("unknown chain suffix '%s'"), chain);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
ret->chainsuffix = chain;
|
||||||
/* assign an implicit priority -- support XML attribute later */
|
/* assign an implicit priority -- support XML attribute later */
|
||||||
if (!intMapGetByString(chain_priorities, chain, 0,
|
if (!intMapGetByString(chain_priorities, chain, 0,
|
||||||
&ret->chainPriority)) {
|
&ret->chainPriority)) {
|
||||||
ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
|
ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
|
||||||
NWFILTER_MIN_FILTER_PRIORITY) / 2;
|
NWFILTER_MIN_FILTER_PRIORITY) / 2;
|
||||||
}
|
}
|
||||||
|
chain = NULL;
|
||||||
|
} else {
|
||||||
|
ret->chainsuffix = strdup(virNWFilterChainSuffixTypeToString(
|
||||||
|
VIR_NWFILTER_CHAINSUFFIX_ROOT));
|
||||||
|
if (ret->chainsuffix == NULL) {
|
||||||
|
virReportOOMError();
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
uuid = virXPathString("string(./uuid)", ctxt);
|
uuid = virXPathString("string(./uuid)", ctxt);
|
||||||
@ -2843,7 +2851,7 @@ virNWFilterDefFormat(virNWFilterDefPtr def)
|
|||||||
|
|
||||||
virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
|
virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
|
||||||
def->name,
|
def->name,
|
||||||
virNWFilterChainSuffixTypeToString(def->chainsuffix));
|
def->chainsuffix);
|
||||||
virBufferAddLit(&buf, ">\n");
|
virBufferAddLit(&buf, ">\n");
|
||||||
|
|
||||||
virUUIDFormat(def->uuid, uuid);
|
virUUIDFormat(def->uuid, uuid);
|
||||||
|
@ -455,7 +455,7 @@ struct _virNWFilterDef {
|
|||||||
char *name;
|
char *name;
|
||||||
unsigned char uuid[VIR_UUID_BUFLEN];
|
unsigned char uuid[VIR_UUID_BUFLEN];
|
||||||
|
|
||||||
int chainsuffix; /*enum virNWFilterChainSuffixType */
|
char *chainsuffix;
|
||||||
virNWFilterChainPriority chainPriority;
|
virNWFilterChainPriority chainPriority;
|
||||||
|
|
||||||
int nentries;
|
int nentries;
|
||||||
|
@ -385,7 +385,7 @@ ebiptablesRuleInstFree(ebiptablesRuleInstPtr inst)
|
|||||||
static int
|
static int
|
||||||
ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
|
ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
|
||||||
char *commandTemplate,
|
char *commandTemplate,
|
||||||
enum virNWFilterChainSuffixType neededChain,
|
const char *neededChain,
|
||||||
virNWFilterChainPriority chainPriority,
|
virNWFilterChainPriority chainPriority,
|
||||||
char chainprefix,
|
char chainprefix,
|
||||||
unsigned int priority,
|
unsigned int priority,
|
||||||
@ -1961,11 +1961,13 @@ ebtablesCreateRuleInstance(char chainPrefix,
|
|||||||
goto err_exit;
|
goto err_exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
|
if (STREQ(nwfilter->chainsuffix,
|
||||||
|
virNWFilterChainSuffixTypeToString(
|
||||||
|
VIR_NWFILTER_CHAINSUFFIX_ROOT)))
|
||||||
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
|
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
|
||||||
else
|
else
|
||||||
PRINT_CHAIN(chain, chainPrefix, ifname,
|
PRINT_CHAIN(chain, chainPrefix, ifname,
|
||||||
virNWFilterChainSuffixTypeToString(nwfilter->chainsuffix));
|
nwfilter->chainsuffix);
|
||||||
|
|
||||||
|
|
||||||
switch (rule->prtclType) {
|
switch (rule->prtclType) {
|
||||||
@ -2532,7 +2534,7 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
ebiptablesRuleInstPtr inst = (ebiptablesRuleInstPtr)_inst;
|
ebiptablesRuleInstPtr inst = (ebiptablesRuleInstPtr)_inst;
|
||||||
VIR_INFO("Command Template: '%s', Needed protocol: '%s'",
|
VIR_INFO("Command Template: '%s', Needed protocol: '%s'",
|
||||||
inst->commandTemplate,
|
inst->commandTemplate,
|
||||||
virNWFilterChainSuffixTypeToString(inst->neededProtocolChain));
|
inst->neededProtocolChain);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3350,8 +3352,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
for (i = 0; i < nruleInstances; i++) {
|
for (i = 0; i < nruleInstances; i++) {
|
||||||
sa_assert (inst);
|
sa_assert (inst);
|
||||||
if (inst[i]->ruleType == RT_EBTABLES) {
|
if (inst[i]->ruleType == RT_EBTABLES) {
|
||||||
const char *name = virNWFilterChainSuffixTypeToString(
|
const char *name = inst[i]->neededProtocolChain;
|
||||||
inst[i]->neededProtocolChain);
|
|
||||||
if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP) {
|
if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP) {
|
||||||
if (virHashUpdateEntry(chains_in_set, name,
|
if (virHashUpdateEntry(chains_in_set, name,
|
||||||
&inst[i]->chainPriority)) {
|
&inst[i]->chainPriority)) {
|
||||||
|
@ -35,7 +35,7 @@ typedef struct _ebiptablesRuleInst ebiptablesRuleInst;
|
|||||||
typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
|
typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
|
||||||
struct _ebiptablesRuleInst {
|
struct _ebiptablesRuleInst {
|
||||||
char *commandTemplate;
|
char *commandTemplate;
|
||||||
enum virNWFilterChainSuffixType neededProtocolChain;
|
const char *neededProtocolChain;
|
||||||
virNWFilterChainPriority chainPriority;
|
virNWFilterChainPriority chainPriority;
|
||||||
char chainprefix; /* I for incoming, O for outgoing */
|
char chainprefix; /* I for incoming, O for outgoing */
|
||||||
unsigned int priority;
|
unsigned int priority;
|
||||||
|
Loading…
Reference in New Issue
Block a user