External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-09 06:25:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

support continue/return targets in nwfilter

Browse Source 
This patch adds support for "continue" and "return" actions
in filter rules.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
This commit is contained in:
David L Stevens 2011-10-18 12:55:25 -07:00 committed by Eric Blake
parent e36da1bd8a
commit a61e9ff60d
4 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -198,6 +198,7 @@ Patches have also been contributed by:
Tang Chen <tangchen@cn.fujitsu.com> Tang Chen <tangchen@cn.fujitsu.com>
Dan Horák <dan@danny.cz> Dan Horák <dan@danny.cz>
Sage Weil <sage@newdream.net> Sage Weil <sage@newdream.net>
David L Stevens <dlstevens@us.ibm.com>
[....send patches to get your name here....] [....send patches to get your name here....]

18
docs/formatnwfilter.html.in
View File

@ -258,11 +258,19 @@
</p> </p>
<ul> <ul>
<li> <li>
action -- mandatory; must either be <code>drop</code>, action -- mandatory; must either be <code>drop</code>
<code>reject</code><span class="since">(since 0.9.0)</span>, (matching the rule silently discards the packet with no
or <code>accept</code> if further analysis),
the evaluation of the filtering rule is supposed to drop, <code>reject</code> (matching the rule generates an ICMP
reject (using ICMP message), or accept a packet reject message with no further analysis) <span class="since">(since
0.9.0)</span>, <code>accept</code> (matching the rule accepts
the packet with no further analysis), <code>return</code>
(matching the rule passes this filter, but returns control to
the calling filter for further
analysis) <span class="since">(since 0.9.7)</span>,
or <code>continue<code> (matching the rule goes on to the next
rule for further analysis) <span class="since">(since
0.9.7)</span>.
</li> </li>
<li> <li>
direction -- mandatory; must either be <code>in</code>, <code>out</code> or direction -- mandatory; must either be <code>in</code>, <code>out</code> or

8
src/conf/nwfilter_conf.c
View File

@ -55,12 +55,16 @@
VIR_ENUM_IMPL(virNWFilterRuleAction, VIR_NWFILTER_RULE_ACTION_LAST, VIR_ENUM_IMPL(virNWFilterRuleAction, VIR_NWFILTER_RULE_ACTION_LAST,
"drop", "drop",
"accept", "accept",
"reject"); "reject",
"return",
"continue");
VIR_ENUM_IMPL(virNWFilterJumpTarget, VIR_NWFILTER_RULE_ACTION_LAST, VIR_ENUM_IMPL(virNWFilterJumpTarget, VIR_NWFILTER_RULE_ACTION_LAST,
"DROP", "DROP",
"ACCEPT", "ACCEPT",
"REJECT"); "REJECT",
"RETURN",
"CONTINUE");
VIR_ENUM_IMPL(virNWFilterRuleDirection, VIR_NWFILTER_RULE_DIRECTION_LAST, VIR_ENUM_IMPL(virNWFilterRuleDirection, VIR_NWFILTER_RULE_DIRECTION_LAST,
"in", "in",

2
src/conf/nwfilter_conf.h
View File

@ -299,6 +299,8 @@ enum virNWFilterRuleActionType {
VIR_NWFILTER_RULE_ACTION_DROP = 0, VIR_NWFILTER_RULE_ACTION_DROP = 0,
VIR_NWFILTER_RULE_ACTION_ACCEPT, VIR_NWFILTER_RULE_ACTION_ACCEPT,
VIR_NWFILTER_RULE_ACTION_REJECT, VIR_NWFILTER_RULE_ACTION_REJECT,
VIR_NWFILTER_RULE_ACTION_RETURN,
VIR_NWFILTER_RULE_ACTION_CONTINUE,
VIR_NWFILTER_RULE_ACTION_LAST, VIR_NWFILTER_RULE_ACTION_LAST,
}; };