[libvirt] [PATCH v2] nwfilter: Validate rule after parsing
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Apr 30 10:27:14 UTC 2014
On 04/23/2014 10:59 AM, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> An IP or IPv6 rule with port specification but without protocol
> specification cannot be instantiated by ebtables. The documentation
> points to 'protocol' being required but implementation does not
> enforce it to be given.
>
> Implement a rule validation function that checks whether the rule is
> valid when it is defined. This for example prevents the definition
> of rules like:
>
> <ip dstportstart='53'>
>
> where a protocol attribute would be required for it to be valid and for
> ebtables to be able to instantiate it. A valid rule then is:
>
> <ip protocol='udp' dstportstart='53'>
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> Changes:
> v1->v2:
> - fixed access to ipv6 structures
Anyone have a comment on this patch?
Stefan
More information about the libvir-list
mailing list