[libvirt] [PATCH] nwfilters: support for TCP flags evaluation
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Apr 1 19:47:09 UTC 2011
On 04/01/2011 01:53 PM, Eric Blake wrote:
> On 04/01/2011 10:17 AM, Stefan Berger wrote:
>> This patch adds support for the evaluation of TCP flags in nwfilters.
>>
>> It adds documentation to the web page and extends the tests as well.
>>
>> Signed-off-by: Stefan Berger<stefanb at linux.vnet.ibm.com>
> It would help to list a sample xml snippet in the commit message as
> well, so that 'git log' can more easily find when it was introduced.
>
Ok, I will add it in V2.
> I haven't looked at this closely (it's post-0.9.0 material), but the
> idea sounds nice and in line with your overall efforts of making
> nwfilter more fine-grained :)
Thanks.
>> +++ libvirt-acl/docs/formatnwfilter.html.in
>> @@ -755,6 +755,11 @@
>> <td>STRING</td>
>> <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
>> </tr>
>> +<tr>
>> +<td>flags<span class="since">(Since 0.9.0)</span></td>
> So this would need to be 0.9.1.
Will fix it.
>> +<td>STRING</td>
>> +<td>TCP-only: format of mask/flags with mask and flags each being a
>> comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
>> +</tr>
>> </table>
>> <p>
>> <br><br>
>> @@ -1040,6 +1045,11 @@
>> <td>STRING</td>
>> <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
>> </tr>
>> +<tr>
>> +<td>flags<span class="since">(Since 0.8.5)</span></td>
> Is 0.8.5 right?
Missed that one. That's how old this forgotten-about patch is...
Stefan
More information about the libvir-list
mailing list