External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 07:59:00 +00:00
Code

Extend the filter XML to support priorities of chains

Browse Source 
This patch extends the filter XML to support priorities of chains
in the XML. An example would be:

<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
[...]
</filter>

The permitted values for priorities are [-1000, 1000].
By setting the priority of a chain the order in which it is accessed
from the interface root chain can be influenced.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2011-11-18 11:58:17 -05:00 committed by Stefan Berger
parent 19028ad6dc
commit 2657822e87
2 changed files with 43 additions and 6 deletions
docs/schemas
nwfilter.rng
src/conf
nwfilter_conf.c

7
docs/schemas/nwfilter.rng

@ -293,6 +293,11 @@
</choice>
</attribute>
</optional>
<optional>
<attribute name="priority">
<ref name='priority-type'/>
</attribute>
</optional>
</define>
<define name="filterref-node-attributes">
@ -881,7 +886,7 @@
<define name='priority-type'>
<data type="int">
<param name="minInclusive">0</param>
<param name="minInclusive">-1000</param>
<param name="maxInclusive">1000</param>
</data>
</define>

42
src/conf/nwfilter_conf.c

@ -2014,7 +2014,9 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
xmlNodePtr curr = ctxt->node;
char *uuid = NULL;
char *chain = NULL;
char *chain_pri_s = NULL;
virNWFilterEntryPtr entry;
int chain_priority;
if (VIR_ALLOC(ret) < 0) {
virReportOOMError();
@ -2028,6 +2030,26 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
goto cleanup;
}
chain_pri_s = virXPathString("string(./@priority)", ctxt);
if (chain_pri_s) {
if (virStrToLong_i(chain_pri_s, NULL, 10, &chain_priority) < 0) {
virNWFilterReportError(VIR_ERR_INVALID_ARG,
_("Could not parse chain priority '%s'"),
chain_pri_s);
goto cleanup;
}
if (chain_priority < NWFILTER_MIN_FILTER_PRIORITY ||
chain_priority > NWFILTER_MAX_FILTER_PRIORITY) {
virNWFilterReportError(VIR_ERR_INVALID_ARG,
_("Priority '%d' is outside valid "
"range of [%d,%d]"),
chain_priority,
NWFILTER_MIN_FILTER_PRIORITY,
NWFILTER_MAX_FILTER_PRIORITY);
goto cleanup;
}
}
chain = virXPathString("string(./@chain)", ctxt);
if (chain) {
if (virNWFilterChainSuffixTypeFromString(chain) < 0) {
@ -2036,11 +2058,16 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
goto cleanup;
}
ret->chainsuffix = chain;
/* assign an implicit priority -- support XML attribute later */
if (!intMapGetByString(chain_priorities, chain, 0,
&ret->chainPriority)) {
ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
NWFILTER_MIN_FILTER_PRIORITY) / 2;
if (chain_pri_s) {
ret->chainPriority = chain_priority;
} else {
/* assign default priority if none can be found via lookup */
if (!intMapGetByString(chain_priorities, chain, 0,
&ret->chainPriority)) {
ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
NWFILTER_MIN_FILTER_PRIORITY) / 2;
}
}
chain = NULL;
} else {
@ -2097,6 +2124,7 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
}
VIR_FREE(chain);
VIR_FREE(chain_pri_s);
return ret;
@ -2104,6 +2132,7 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
virNWFilterDefFree(ret);
VIR_FREE(chain);
VIR_FREE(uuid);
VIR_FREE(chain_pri_s);
return NULL;
}
@ -2852,6 +2881,9 @@ virNWFilterDefFormat(virNWFilterDefPtr def)
virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
def->name,
def->chainsuffix);
if (def->chainPriority != 0)
virBufferAsprintf(&buf, " priority='%d'",
def->chainPriority);
virBufferAddLit(&buf, ">\n");
virUUIDFormat(def->uuid, uuid);