[libvirt] [PATCH V6 07/11] Enable chains with names having a known prefix
Eric Blake
eblake at redhat.com
Fri Nov 18 16:01:54 UTC 2011
On 11/18/2011 06:32 AM, Stefan Berger wrote:
> This patch enables chains that have a known prefix in their name.
> Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
> are also protocols that can be evaluated on the ebtables level.
>
> +
> + if (chainname[strspn(chainname, VALID_CHAINNAME)] != 0) {
> + virNWFilterReportError(VIR_ERR_INVALID_ARG,
> + _("Chain name contains illegal characters"));
s/illegal/invalid/ - we aren't breaking laws :)
> +++ libvirt-acl/docs/schemas/nwfilter.rng
> @@ -286,10 +286,18 @@
> <attribute name="chain">
> <choice>
> <value>root</value>
> - <value>arp</value>
> - <value>rarp</value>
> - <value>ipv4</value>
> - <value>ipv6</value>
> + <data type="string">
> + <param name="pattern">arp[a-zA-Z0-9_\.:-]{0,9}</param>
> + </data>
> + <data type="string">
> + <param name="pattern">rarp[a-zA-Z0-9_\.:-]{0,8}*</param>
> + </data>
> + <data type="string">
> + <param name="pattern">ipv4[a-zA-Z0-9_\.:-]{0,8}*</param>
> + </data>
> + <data type="string">
> + <param name="pattern">ipv6[a-zA-Z0-9_\.:-]{0,8}*</param>
Drop the * on the last three patterns.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20111118/bd4a441c/attachment-0001.sig>
More information about the libvir-list
mailing list