[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v4 00/15] Network filtering (ACL) extensions for libvirt




"Daniel P. Berrange" <berrange redhat com> wrote on 03/26/2010 02:04:26 PM:


>
> Please respond to "Daniel P. Berrange"

>
> On Thu, Mar 25, 2010 at 01:45:58PM -0400, Stefan Berger wrote:
> > Hi!
> >
> > This is a repost of this set of patches with some of the suggested fixes
> > applied and ipv6 support on the ebtables layer added.
> >
> > Between V3 and V4 of this patch series the following changes were made:
> > - occurrences of typo 'scp' were changed to 'sctp'
> > - the root ebtables chain for each interface now has the previx of'libvirt-'
> > - additional calls into tear-down functions in case something goes wrong
> >   while starting the qemu/kvm VM in 2nd level error paths
> > - additional functions in the driver interface to split up the application
> >   of firewall rules into
> >   - creation of new firewall rules 'tree'
> >   - switch-over to new firewall rules 'tree', tear down of old one and
> >     renaming of new firewall 'tree'
> >   - tear down of new firewall rules 'tree' in case an error happend
> >     during update of several VMs.
> > - additional patch with example filters
>
> FYI, I have pushed this whole v4 series to libvirt GIT.
>
> I had to re-order the patches to make the series bisectable, and fix one
> or two minor syntax check problems, but no code changes.
>
> There is one problem I would like to see fixed asap though
>
>  src/conf/nwfilter_conf.c  
>
> has a dependancy on the driver implementation nwfilter/
> nwfilter_gentech_driver.h
> which is not good. The 'conf' directory is only allowed to depend on stuff
> in util/, or itself, never depend on driver code.



From nwfilter_conf.c I call several functions of the nwfilter_gentech_driver.c from within an iterator callback function. Is the general right solution for this to have nwfilter_gentech_driver.c register an interface with nwfilter_conf.c that provides the addresses of those functions call from within nwfilter_conf.c now? If so, I think I could pass the callback function to the nwfilter_conf.c and move the actual callback function in nwfilter_gentech_driver.c and pass its address via the initialization function I call in nwfilter_conf.c from nwfilter_gentech_driver.c.


Thanks and regards,
    Stefan


>
> Regards,
> Daniel
> --
> |: Red Hat, Engineering, London    -o-  
http://people.redhat.com/berrange/:|
> |:
http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org:|
> |:
http://autobuild.org        -o-         http://search.cpan.org/~danberr/:|
> |: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]