[libvirt] [PATCH 0/13] [RFC] Network filtering (ACL) extensions for libvirt

Stefan Berger stefanb at us.ibm.com
Thu Mar 18 10:51:34 UTC 2010

"Daniel P. Berrange" <berrange at redhat.com> wrote on 03/17/2010 11:00:26 

> > 
> > I hadn't thought about calling that function... I would want to call a 

> > function that can handle something like bash scripts, i.e., multiple 
> > concatenated fragments as those shown above just to be more 
> Is it really more efficient ?  If you need to run 20 ebtables commands,
> then using bash does 1 fork/exec for bash & bash then does another 20
> fork/exec for ebtables.
> Alternatively just use virRun() for each ebtables command you just still
> have 20 fork/execs, without using bash.

I converted some of the code to use virRun() rather than writing the 
script and running it. This works with the ebtables level code but on 
iptables I do have some fragments that are real scripts testing for 
example whether jumps into user define iptables chains exists in the 
FORWARD table and only create the jump entries if they don't exist and 
take other corrective actions. Those scripts use pipes with grep and gawk 
and also use grep'ed return values. So I am not sure what to do about 
those, but would prefer to keep them as they are...


> > If virRun() can handle that and $? for example would be treated there 
> > the return value (which I think is bash-dependent), I'd be happy to 
> > it as well.
> I'd think just call virRun once for each ebtables command - virRun gives
> you back the exit status of the command 
> Regards,
> Daniel
> -- 
> |: Red Hat, Engineering, London    -o-   
> |: http://libvirt.org -o- http://virt-manager.org -o- 
> |: http://autobuild.org        -o-         
> |: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 
9505 :|
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100318/012a0ae3/attachment-0001.htm>

More information about the libvir-list mailing list