[libvirt] [PATCH v3 11/14] Core driver implementation with ebtables support

Daniel P. Berrange berrange at redhat.com
Thu Mar 25 15:49:05 UTC 2010 

On Tue, Mar 23, 2010 at 10:54:17AM -0400, stefanb at us.ibm.com wrote:
> +/*
> + * ebtablesCreateRuleInstance:
> + * @conn : Pointer to a virConnect object
> + * @chainPrefix : The prefix to put in front of the name of the chain
> + * @nwfilter : The filter
> + * @rule: The rule of the filter to convert
> + * @ifname : The name of the interface to apply the rule to
> + * @vars : A map containing the variables to resolve
> + * @res : The data structure to store the result(s) into
> + *
> + * Convert a single rule into its representation for later instantiation
> + *
> + * Returns 0 in case of success with the result stored in the data structure
> + * pointed to by res, != 0 otherwise with the error message stored in the
> + * virConnect object.
> + */
> +static int
> +ebtablesCreateRuleInstance(virConnectPtr conn,
> +                           char chainPrefix,
> +                           virNWFilterDefPtr nwfilter,
> +                           virNWFilterRuleDefPtr rule,
> +                           const char *ifname,
> +                           virNWFilterHashTablePtr vars,
> +                           virNWFilterRuleInstPtr res)
> +{
> +    char macaddr[VIR_MAC_STRING_BUFLEN],
> +         ipaddr[INET_ADDRSTRLEN],
> +         number[20];
> +    char chain[MAX_CHAINNAME_LENGTH];
> +    virBuffer buf = VIR_BUFFER_INITIALIZER;
> +
> +    if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
> +        PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
> +    else
> +        PRINT_CHAIN(chain, chainPrefix, ifname,
> +                    virNWFilterChainSuffixTypeToString(nwfilter->chainsuffix));

Since we're passing this into the shell, I think we should do paranoid
validation on the 'chain' and 'ifname' fields, since they ultimately come
from the user specified XML. Validate that it only contains a-Z, 0-0, -, _


It would also be nice to put a variety of XML files in a tests/nwfilterdata
directory and making a test suite to run the parser API against them, as
well as adding some real world examples in the examples/nwfilter directory
for end users to start from.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list