External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-31 14:07:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Extend the filter XML to support priorities of chains

Browse Source 
This patch extends the filter XML to support priorities of chains
in the XML. An example would be:

<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
[...]
</filter>

The permitted values for priorities are [-1000, 1000].
By setting the priority of a chain the order in which it is accessed
from the interface root chain can be influenced.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2011-11-18 11:58:17 -05:00 committed by Stefan Berger
parent 19028ad6dc
commit 2657822e87
2 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/schemas/nwfilter.rng
View File

@ -293,6 +293,11 @@
</choice>
</attribute>
</optional>
<optional>
<attribute name="priority">
<ref name='priority-type'/>
</attribute>
</optional>
</define>
<define name="filterref-node-attributes">
@ -881,7 +886,7 @@
<define name='priority-type'>
<data type="int">
<param name="minInclusive">0</param>
<param name="minInclusive">-1000</param>
<param name="maxInclusive">1000</param>
</data>
</define>

42
src/conf/nwfilter_conf.c
View File

@ -2014,7 +2014,9 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
xmlNodePtr curr = ctxt->node;
char *uuid = NULL;
char *chain = NULL;
char *chain_pri_s = NULL;
virNWFilterEntryPtr entry;
int chain_priority;
if (VIR_ALLOC(ret) < 0) {
virReportOOMError();
@ -2028,6 +2030,26 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
goto cleanup;
}
chain_pri_s = virXPathString("string(./@priority)", ctxt);
if (chain_pri_s) {
if (virStrToLong_i(chain_pri_s, NULL, 10, &chain_priority) < 0) {
virNWFilterReportError(VIR_ERR_INVALID_ARG,
_("Could not parse chain priority '%s'"),
chain_pri_s);
goto cleanup;
}
if (chain_priority < NWFILTER_MIN_FILTER_PRIORITY ||
chain_priority > NWFILTER_MAX_FILTER_PRIORITY) {
virNWFilterReportError(VIR_ERR_INVALID_ARG,
_("Priority '%d' is outside valid "
"range of [%d,%d]"),
chain_priority,
NWFILTER_MIN_FILTER_PRIORITY,
NWFILTER_MAX_FILTER_PRIORITY);
goto cleanup;
}
}
chain = virXPathString("string(./@chain)", ctxt);
if (chain) {
if (virNWFilterChainSuffixTypeFromString(chain) < 0) {
@ -2036,11 +2058,16 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
goto cleanup;
}
ret->chainsuffix = chain;
/* assign an implicit priority -- support XML attribute later */
if (!intMapGetByString(chain_priorities, chain, 0,
&ret->chainPriority)) {
ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
NWFILTER_MIN_FILTER_PRIORITY) / 2;
if (chain_pri_s) {
ret->chainPriority = chain_priority;
} else {
/* assign default priority if none can be found via lookup */
if (!intMapGetByString(chain_priorities, chain, 0,
&ret->chainPriority)) {
ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
NWFILTER_MIN_FILTER_PRIORITY) / 2;
}
}
chain = NULL;
} else {
@ -2097,6 +2124,7 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
}
VIR_FREE(chain);
VIR_FREE(chain_pri_s);
return ret;
@ -2104,6 +2132,7 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
virNWFilterDefFree(ret);
VIR_FREE(chain);
VIR_FREE(uuid);
VIR_FREE(chain_pri_s);
return NULL;
}
@ -2852,6 +2881,9 @@ virNWFilterDefFormat(virNWFilterDefPtr def)
virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
def->name,
def->chainsuffix);
if (def->chainPriority != 0)
virBufferAsprintf(&buf, " priority='%d'",
def->chainPriority);
virBufferAddLit(&buf, ">\n");
virUUIDFormat(def->uuid, uuid);