Extend rule priorities into negative numbers

So far rules' priorities have only been valid in the range [0,1000]. Now I am extending their priority into the range [-1000, 1000] for subsequently being able to sort rules and the access of (jumps into) chains following priorities. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2024-07-07 18:35:46 +00:00 · 2011-11-18 11:58:18 -05:00 · 2011-11-18 11:58:18 -05:00 · f6e80a713f
commit f6e80a713f
parent ea7c73a76f
4 changed files with 10 additions and 7 deletions
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@ -1897,7 +1897,7 @@ virNWFilterRuleParse(xmlNodePtr node)
    char *statematch;
    int found;
    int found_i = 0;
-    unsigned int priority;
+    int priority;

    xmlNodePtr cur;
    virNWFilterRuleDefPtr ret;
@ -1943,8 +1943,9 @@ virNWFilterRuleParse(xmlNodePtr node)
    ret->priority = MAX_RULE_PRIORITY / 2;

    if (prio) {
-        if (virStrToLong_ui(prio, NULL, 10, &priority) >= 0) {
-            if (priority <= MAX_RULE_PRIORITY)
+        if (virStrToLong_i(prio, NULL, 10, &priority) >= 0) {
+            if (priority <= MAX_RULE_PRIORITY &&
+                priority >= MIN_RULE_PRIORITY)
                ret->priority = priority;
        }
    }
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@ -357,7 +357,7 @@ enum virNWFilterEbtablesTableType {
 };


-# define MIN_RULE_PRIORITY  0
+# define MIN_RULE_PRIORITY  -1000
 # define MAX_RULE_PRIORITY  1000

 # define NWFILTER_MIN_FILTER_PRIORITY -1000
@ -389,10 +389,12 @@ enum virNWFilterRuleFlags {
 void virNWFilterPrintStateMatchFlags(virBufferPtr buf, const char *prefix,
                                     int32_t flags, bool disp_none);

+typedef int32_t virNWFilterRulePriority;
+
 typedef struct _virNWFilterRuleDef  virNWFilterRuleDef;
 typedef virNWFilterRuleDef *virNWFilterRuleDefPtr;
 struct _virNWFilterRuleDef {
-    unsigned int priority;
+    virNWFilterRulePriority priority;
    enum virNWFilterRuleFlags flags;
    int action; /*enum virNWFilterRuleActionType*/
    int tt; /*enum virNWFilterRuleDirectionType*/
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@ -388,7 +388,7 @@ ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
                      const char *neededChain,
                      virNWFilterChainPriority chainPriority,
                      char chainprefix,
-                      unsigned int priority,
+                      virNWFilterRulePriority priority,
                      enum RuleType ruleType)
 {
    ebiptablesRuleInstPtr inst;
--- a/src/nwfilter/nwfilter_ebiptables_driver.h
+++ b/src/nwfilter/nwfilter_ebiptables_driver.h
@ -38,7 +38,7 @@ struct _ebiptablesRuleInst {
    const char *neededProtocolChain;
    virNWFilterChainPriority chainPriority;
    char chainprefix;    /* I for incoming, O for outgoing */
-    unsigned int priority;
+    virNWFilterRulePriority priority;
    enum RuleType ruleType;
 };