[libvirt] [PATCH V6 07/11] Enable chains with names having a known prefix
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Nov 18 16:38:12 UTC 2011
On 11/18/2011 11:01 AM, Eric Blake wrote:
> On 11/18/2011 06:32 AM, Stefan Berger wrote:
>> This patch enables chains that have a known prefix in their name.
>> Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
>> are also protocols that can be evaluated on the ebtables level.
>>
>> +
>> + if (chainname[strspn(chainname, VALID_CHAINNAME)] != 0) {
>> + virNWFilterReportError(VIR_ERR_INVALID_ARG,
>> + _("Chain name contains illegal characters"));
> s/illegal/invalid/ - we aren't breaking laws :)
right...
>> +++ libvirt-acl/docs/schemas/nwfilter.rng
>> @@ -286,10 +286,18 @@
>> <attribute name="chain">
>> <choice>
>> <value>root</value>
>> -<value>arp</value>
>> -<value>rarp</value>
>> -<value>ipv4</value>
>> -<value>ipv6</value>
>> +<data type="string">
>> +<param name="pattern">arp[a-zA-Z0-9_\.:-]{0,9}</param>
>> +</data>
>> +<data type="string">
>> +<param name="pattern">rarp[a-zA-Z0-9_\.:-]{0,8}*</param>
>> +</data>
>> +<data type="string">
>> +<param name="pattern">ipv4[a-zA-Z0-9_\.:-]{0,8}*</param>
>> +</data>
>> +<data type="string">
>> +<param name="pattern">ipv6[a-zA-Z0-9_\.:-]{0,8}*</param>
> Drop the * on the last three patterns.
>
Fixed
More information about the libvir-list
mailing list