[libvirt] [PATCH v4 00/15] Network filtering (ACL) extensions for libvirt

[Daniel P. Berrange]

On Thu, Mar 25, 2010 at 01:45:58PM -0400, Stefan Berger wrote:
> Hi!
> 
> This is a repost of this set of patches with some of the suggested fixes
> applied and ipv6 support on the ebtables layer added.
> 
> Between V3 and V4 of this patch series the following changes were made:
> - occurrences of typo 'scp' were changed to 'sctp'
> - the root ebtables chain for each interface now has the previx of 'libvirt-'
> - additional calls into tear-down functions in case something goes wrong
>   while starting the qemu/kvm VM in 2nd level error paths
> - additional functions in the driver interface to split up the application
>   of firewall rules into 
>   - creation of new firewall rules 'tree'
>   - switch-over to new firewall rules 'tree', tear down of old one and
>     renaming of new firewall 'tree'
>   - tear down of new firewall rules 'tree' in case an error happend
>     during update of several VMs.
> - additional patch with example filters

FYI, I have pushed this whole v4 series to libvirt GIT.

I had to re-order the patches to make the series bisectable, and fix one
or two minor syntax check problems, but no code changes.

There is one problem I would like to see fixed asap though

 src/conf/nwfilter_conf.c  

has a dependancy on the driver implementation nwfilter/nwfilter_gentech_driver.h
which is not good. The 'conf' directory is only allowed to depend on stuff 
in util/, or itself, never depend on driver code.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|