[libvirt] [libvirt PATCHv3 07/10] support variable value changing

Stefan Berger stefanb at linux.vnet.ibm.com
Mon Oct 17 16:17:21 UTC 2011 

On 10/12/2011 03:50 PM, David L Stevens wrote:
> This patch adds a function that applies or deletes filter rules to existing
> chains. Rules referencing the given variable are instantiated with the given
> value, or optionally deleted. For example, passing variable "IP" with different
> values will install rules using the IP variable with each of the different
> values. These rules can later be removed by calling this function with the
> same variable and value and "delete" argument set to "1".
>
> Signed-off-by: David L Stevens<dlstevens at us.ibm.com>
> ---
>   src/nwfilter/nwfilter_gentech_driver.c |   86 ++++++++++++++++++++++++++++++++
>   src/nwfilter/nwfilter_gentech_driver.h |   11 ++++
>   2 files changed, 97 insertions(+), 0 deletions(-)
>
> diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
> index 79350ac..563a1f3 100644
> --- a/src/nwfilter/nwfilter_gentech_driver.c
> +++ b/src/nwfilter/nwfilter_gentech_driver.c
> @@ -620,6 +620,92 @@ virNWFilterRuleInstancesToArray(int nEntries,
>
>
>   /**
> + * virNWFilterChangeVar:
> + * @conn: pointer to virConnect object
> + * @techdriver: The driver to use for instantiation
> + * @filter: The filter to instantiate
> + * @ifname: The name of the interface to apply the rules to
> + * @vars: A map holding variable names and values used for instantiating
> + *  the filter and its subfilters.
> + * @var: name of variable to change
> + * @value: value of variable to change
> + * @delete: =0 to create or =1 to delete the rules
> + *
> + * Returns 0 on success, a value otherwise.
> + *
> + * Instantiate or delete a filter and all subfilters with variable "var"
> + * set to value "value".
> + * The name of the interface to which the rules belong must be
> + * provided.
> + *
> + * Call this function while holding the NWFilter filter update lock
> + */
> +int
> +virNWFilterChangeVar(virConnectPtr conn,
> +                    virNWFilterTechDriverPtr techdriver,
> +                    enum virDomainNetType nettype,
> +                    virNWFilterDefPtr filter,
> +                    const char *ifname,
> +                    virNWFilterHashTablePtr vars,
> +                    virNWFilterDriverStatePtr driver,
> +                    const char *var,
> +                    char *value,
> +                    bool delete)
> +{
> +    int rc;
> +    int j, nptrs;
> +    int nEntries = 0;
> +    virNWFilterRuleInstPtr *insts = NULL;
> +    void **ptrs = NULL;
> +    bool foundNewFilter = 0;
> +
> +    if (virNWFilterHashTablePut(vars, var, value, 1)) {
> +        virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Cound not add "
> +                               "variable \"%s\" to hashmap"), var);
> +        return 1;
> +    }
> +    rc = _virNWFilterInstantiateRec(conn,
> +                                    techdriver,
> +                                    nettype,
> +                                    filter,
> +                                    ifname,
> +                                    vars,
> +                                    NWFILTER_STD_VAR_IP, 0,
> +&nEntries,&insts,
> +                                    INSTANTIATE_ALWAYS,&foundNewFilter,
> +                                    driver);
Given the NWFILTER_STD_VAR_IP parameter, what does it give us at this point?
> +     if (rc)
> +         goto err_exit;
> +     rc = virNWFilterRuleInstancesToArray(nEntries, insts,&ptrs,&nptrs);
> +     if (rc)
> +         goto err_exit;
> +
> +    if (virNWFilterHashTableRemoveEntry(vars, var)<  0) {
> +        virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not remove "
> +                               "variable \"%s\" from hashmap"), var);
> +        return 1;
> +    }
> +
> +    if (virNWFilterLockIface(ifname))
> +         goto err_exit;
> +
> +     if (delete)
> +         rc = techdriver->removeRules(conn, ifname, nptrs, ptrs);
> +     else
> +         rc = techdriver->addRules(conn, ifname, nptrs, ptrs);
I am wondering about this addRules() and whether the rules are being 
added to the end of a chain and thus the rules' assumed priority would 
have to be such that these rules can actually always be the last ones?

> +     virNWFilterUnlockIface(ifname);
> +     VIR_FREE(ptrs);
> +
> +err_exit:
> +
> +    for (j = 0; j<  nEntries; j++)
> +         virNWFilterRuleInstFree(insts[j]);
> +    VIR_FREE(insts);
> +    return rc;
> +}
> +
> +
> +/**
>    * virNWFilterInstantiate:
>    * @conn: pointer to virConnect object
>    * @techdriver: The driver to use for instantiation
> diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
> index fa86030..34e95c7 100644
> --- a/src/nwfilter/nwfilter_gentech_driver.h
> +++ b/src/nwfilter/nwfilter_gentech_driver.h
> @@ -48,6 +48,17 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
>   int virNWFilterTearOldFilter(virConnectPtr conn,
>                                const virDomainNetDefPtr net);
>
> +int virNWFilterChangeVar(virConnectPtr conn,
> +                    virNWFilterTechDriverPtr techdriver,
> +                    enum virDomainNetType nettype,
> +                    virNWFilterDefPtr filter,
> +                    const char *ifname,
> +                    virNWFilterHashTablePtr vars,
> +                    virNWFilterDriverStatePtr driver,
> +                    const char *var,
> +                    char *value,
> +                    bool delete);
> +
>   int virNWFilterInstantiateFilterLate(virConnectPtr conn,
>                                        const char *ifname,
>                                        int ifindex,

More information about the libvir-list mailing list