[libvirt] [PATCH V3 2/4] Create rules for each member of a list

Stefan Berger stefanb at linux.vnet.ibm.com
Thu Oct 27 17:03:17 UTC 2011 

On 10/27/2011 06:14 AM, Daniel P. Berrange wrote:
> On Mon, Oct 24, 2011 at 12:07:28PM -0400, Stefan Berger wrote:
>> This patch extends the NWFilter driver for Linux (ebiptables) to create
>> rules for each member of a previously introduced list. If for example
>> an attribute value (internally) looks like this:
>>
>> IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]
>>
>> then 3 rules will be generated for a rule accessing the variable 'IP',
>> one for each member of the list. The effect of this is that this now
>> allows for filtering for multiple values in one field. This can then be
>> used to support for filtering/allowing of multiple IP addresses per
>> interface.
>>
>> An interator is introduced that extracts each member of a list and
>> puts it into a hash table which then is passed to the function creating
>> a rule. For the above example the iterator would cause 3 loops.
>>
>> v2:
>>   - pass the iterator all the way to the function that accesses the
>>     hash table and provide a function to pick the value of a variable
>>     that is reflected by the current state of the iterator
>>
>> Signed-off-by: Stefan Berger<stefanb at linux.vnet.ibm.com>
>>
>> ---
>>   src/conf/nwfilter_params.c                |  129 ++++++++++++++++++++++++++++++
>>   src/conf/nwfilter_params.h                |   25 +++++
>>   src/libvirt_private.syms                  |    4
>>   src/nwfilter/nwfilter_ebiptables_driver.c |   84 +++++++++++++------
>>   4 files changed, 215 insertions(+), 27 deletions(-)
> ACK
I now modified the iterator to NOT create every combination of the items 
of multiple lists, but have all lists processed in parallel. I think 
this is for now the needed behaviour. So if someone has a rule 
containing $IP and $MAC, then both lists have to have the same size and 
their elements will be accessed $IP[m] and $MAC[m] to instantiate the 
rule. To have them independently processed we'll need to go through how 
the variables are accessed and then maybe a notation of $IP[@1] and 
$MAC[@2] will create all possible combinations. Sorry for the confusion.

    Stefan

> Daniel

More information about the libvir-list mailing list