[libvirt] [PATCH] nwfilter: Validate rule after parsing
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Apr 23 14:56:10 UTC 2014
On 04/23/2014 09:08 AM, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> An IP or IPv6 rule with port specification but without protocol
> specification cannot be instantiated by ebtables. The documentation
> points to 'protocol' being required but implementation does not
> enforce it to be given.
>
> Implement a rule validation function that checks whether the rule is
> valid when it is defined. This for example prevents the definition
> of rules like:
>
> <ip dstportstart='53'>
>
> where a protocol attribute would be required for it to be valid and for
> ebtables to be able to instantiate it. A valid rule then is:
>
> <ip protocol='udp' dstportstart='53'>
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
I need to send a v2 for this. There's a flaw in the access to ipv6 data
structures. It happens to work correctly but the implementation is not
correct.
Stefan
More information about the libvir-list
mailing list