[libvirt] [PATCH V3 2/4] Create rules for each member of a list
Daniel P. Berrange
berrange at redhat.com
Thu Oct 27 10:14:15 UTC 2011
On Mon, Oct 24, 2011 at 12:07:28PM -0400, Stefan Berger wrote:
> This patch extends the NWFilter driver for Linux (ebiptables) to create
> rules for each member of a previously introduced list. If for example
> an attribute value (internally) looks like this:
>
> IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]
>
> then 3 rules will be generated for a rule accessing the variable 'IP',
> one for each member of the list. The effect of this is that this now
> allows for filtering for multiple values in one field. This can then be
> used to support for filtering/allowing of multiple IP addresses per
> interface.
>
> An interator is introduced that extracts each member of a list and
> puts it into a hash table which then is passed to the function creating
> a rule. For the above example the iterator would cause 3 loops.
>
> v2:
> - pass the iterator all the way to the function that accesses the
> hash table and provide a function to pick the value of a variable
> that is reflected by the current state of the iterator
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> ---
> src/conf/nwfilter_params.c | 129 ++++++++++++++++++++++++++++++
> src/conf/nwfilter_params.h | 25 +++++
> src/libvirt_private.syms | 4
> src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++------
> 4 files changed, 215 insertions(+), 27 deletions(-)
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list