[libvirt] [PATCH v4 00/15] Network filtering (ACL) extensions for libvirt
Daniel P. Berrange
berrange at redhat.com
Fri Mar 26 20:44:49 UTC 2010
On Fri, Mar 26, 2010 at 02:41:30PM -0400, Stefan Berger wrote:
> "Daniel P. Berrange" <berrange at redhat.com> wrote on 03/26/2010 02:04:26
> PM:
>
>
> >
> > Please respond to "Daniel P. Berrange"
> >
> > On Thu, Mar 25, 2010 at 01:45:58PM -0400, Stefan Berger wrote:
> > > Hi!
> > >
> > > This is a repost of this set of patches with some of the suggested
> fixes
> > > applied and ipv6 support on the ebtables layer added.
> > >
> > > Between V3 and V4 of this patch series the following changes were
> made:
> > > - occurrences of typo 'scp' were changed to 'sctp'
> > > - the root ebtables chain for each interface now has the previx
> of'libvirt-'
> > > - additional calls into tear-down functions in case something goes
> wrong
> > > while starting the qemu/kvm VM in 2nd level error paths
> > > - additional functions in the driver interface to split up the
> application
> > > of firewall rules into
> > > - creation of new firewall rules 'tree'
> > > - switch-over to new firewall rules 'tree', tear down of old one and
> > > renaming of new firewall 'tree'
> > > - tear down of new firewall rules 'tree' in case an error happend
> > > during update of several VMs.
> > > - additional patch with example filters
> >
> > FYI, I have pushed this whole v4 series to libvirt GIT.
> >
> > I had to re-order the patches to make the series bisectable, and fix one
> > or two minor syntax check problems, but no code changes.
> >
> > There is one problem I would like to see fixed asap though
> >
> > src/conf/nwfilter_conf.c
> >
> > has a dependancy on the driver implementation nwfilter/
> > nwfilter_gentech_driver.h
> > which is not good. The 'conf' directory is only allowed to depend on
> stuff
> > in util/, or itself, never depend on driver code.
>
>
> From nwfilter_conf.c I call several functions of the
> nwfilter_gentech_driver.c from within an iterator callback function. Is
> the general right solution for this to have nwfilter_gentech_driver.c
> register an interface with nwfilter_conf.c that provides the addresses of
> those functions call from within nwfilter_conf.c now? If so, I think I
> could pass the callback function to the nwfilter_conf.c and move the
> actual callback function in nwfilter_gentech_driver.c and pass its address
> via the initialization function I call in nwfilter_conf.c from
> nwfilter_gentech_driver.c.
Cool, that sounds like a good plan
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list