[libvirt] [PATCH 00/26] Rewrite firewall code to use formal API
Daniel P. Berrange
berrange at redhat.com
Tue Apr 15 11:42:37 UTC 2014
On Tue, Apr 15, 2014 at 07:40:41AM -0400, Stefan Berger wrote:
> On 04/15/2014 04:29 AM, Daniel P. Berrange wrote:
> >On Mon, Apr 14, 2014 at 04:47:50PM -0400, Stefan Berger wrote:
> >>On 04/08/2014 11:37 AM, Daniel P. Berrange wrote:
> >>>Currently we have three places which interact with the firewall
> >>>
> >>> - util/virebtables - simple MAC filtering used by QEMU driver
> >>> - util/viriptables - used by network driver
> >>> - nwfilter - general purpose guest filtering
> >>Oh my, so much work! -- Thanks
> >>
> >>I'll review as much as I can.
> >Thanks, I appreciate any review you can do particularly of the big
> >nwfilter patches, since you're main expert in that area.
>
> Some of the patches are so involved that besides looking at them
> I'll mostly have to rely on the TCK tests to see whether they still
> pass. The TCK tests unfortunately also need updating due to recent
> changes in the code (elimination of the source MAC tests in recent
> patches) as well as different output by the ip6tables command
> related to IPv6 addresses.
The TCK tests shouldn't need updating. The current libvirt-tck GIT
master nwfilter tests pass against libvirt GIT master, and also
pass after this patch series is applied (at least on Fedora 20).
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list