<br><tt><font size=2>Daniel Veillard <veillard@redhat.com> wrote
on 03/30/2010 10:02:09 AM:<br>
<br>
> <br>
> Please respond to veillard</font></tt>
<br><tt><font size=2>> <br>
> On Fri, Mar 26, 2010 at 04:41:19PM -0400, Stefan Berger wrote:<br>
> > This patch adds IPv6 filtering support for the following protocols:<br>
> > - tcp-ipv6<br>
> > - udp-ipv6<br>
> > - udplite-ipv6<br>
> > - esp-ipv6<br>
> > - ah-ipv6<br>
> > - sctp-ipv6<br>
> > - all-ipv6<br>
> > - icmpv6<br>
> > <br>
> > <br>
> > Many of the IPv4 data structure could be re-used for IPv6 support.<br>
> > Since ip6tables also supports pretty much the same command line
parameters<br>
> > as iptables does, also much of the code could be re-used and
now <br>
> > command lines are invoked with the ip(6)tables tool parameter
passed<br>
> > through the functions as a parameter.<br>
> > <br>
> > Signed-off-by: Stefan Berger <stefanb@us.ibm.com><br>
> > <br>
> > <br>
> > ---<br>
> > configure.ac
|
3 <br>
> > src/conf/nwfilter_conf.c
| 165 +++++++++++++++--<br>
> > src/conf/nwfilter_conf.h
| 8 <br>
> > src/nwfilter/nwfilter_ebiptables_driver.c | 287 ++++++++++++++++<br>
> ++++++--------<br>
> > src/nwfilter/nwfilter_ebiptables_driver.h | 2
<br>
> > 5 files changed, 370 insertions(+), 95 deletions(-)<br>
> > <br>
> > Index: libvirt-acl/configure.ac<br>
> > ===================================================================<br>
> > --- libvirt-acl.orig/configure.ac<br>
> > +++ libvirt-acl/configure.ac<br>
> > @@ -300,6 +300,9 @@ AC_DEFINE_UNQUOTED([BASH_PATH], "$BASH_P<br>
> > AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables,
[/usr/<br>
> sbin:$PATH])<br>
> > AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH",
[path to <br>
> iptables binary])<br>
> > <br>
> > +AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables,
[/<br>
> usr/sbin:$PATH])<br>
> > +AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH",
[path to <br>
> ip6tables binary])<br>
> > +<br>
> > AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables,
[/usr/<br>
> sbin:$PATH])<br>
> > AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH",
[path to <br>
> ebtables binary])<br>
> <br>
> The patch looks fine, based on the existing code, but I'm a
bit<br>
> surprized by the fact that while there is a lookup for<br>
> ip6tables/iptables at configure time, i.e. when it's compiled, there<br>
> is no check at runtime to verify that the binaries which were detected<br>
> then are actually available on the target.<br>
> I think some of this should be relaxed like we do for other
commands<br>
> launched at runtime and somehow we should instead use<br>
> virFindFileInPath() from util.h<br>
> to find the location of the preferred ip[6]tables.</font></tt>
<br>
<br><tt><font size=2>I followed a previous example of what was originally
ebtables that's detected like this as well. Sure, this can be changed to
rely on the function you are mentioning.</font></tt>
<br>
<br><tt><font size=2>Pushed.</font></tt>
<br>
<br><tt><font size=2>Regards,</font></tt>
<br><tt><font size=2> Stefan</font></tt>
<br><tt><font size=2><br>
> <br>
> ACK,<br>
> <br>
> Daniel<br>
> <br>
> -- <br>
> Daniel Veillard | libxml Gnome XML XSLT toolkit
</font></tt><a href=http://xmlsoft.org/><tt><font size=2>http://xmlsoft.org/</font></tt></a><tt><font size=2><br>
> daniel@veillard.com | Rpmfind RPM search engine </font></tt><a href=http://rpmfind.net/><tt><font size=2>http://rpmfind.net/</font></tt></a><tt><font size=2><br>
> </font></tt><a href=http://veillard.com/><tt><font size=2>http://veillard.com/</font></tt></a><tt><font size=2>
| virtualization library </font></tt><a href=http://libvirt.org/><tt><font size=2>http://libvirt.org/</font></tt></a><tt><font size=2><br>
</font></tt>