[libvirt] [PATCH V5 06/10] Extend the filter XML to support priorities of chains
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Nov 18 12:00:11 UTC 2011
On 11/17/2011 06:15 PM, Eric Blake wrote:
> On 11/17/2011 01:11 PM, Stefan Berger wrote:
>> This patch extends the filter XML to support priorities of chains
>> in the XML. An example would be:
>>
>> <filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
>> [...]
>> </filter>
>>
>> The permitted values for priorities are [-1000, 1000].
>> By setting the pririty of a chain the order in which it is accessed
>> from the interface root chain can be influenced.
>>
>> Signed-off-by: Stefan Berger<stefanb at linux.vnet.ibm.com>
>>
>> ---
>> docs/schemas/nwfilter.rng | 7 ++++++-
> Missing documentation in docs/formatnwfilter.html.in. I'll live up to
> my hard-line reputation on this one, and request a v6 with documentation
> (for example, it's worth documenting whether priority 100 is accessed
> before or after priority 200).
>
I have such a patch much further down the queue. I'll pull the relevant
parts into v6.
> But as to the code...
>
>> @@ -2028,6 +2030,26 @@ virNWFilterDefParseXML(xmlXPathContextPt
>> goto cleanup;
>> }
>>
>> + chain_pri_s = virXPathString("string(./@priority)", ctxt);
>> + if (chain_pri_s) {
>> + if (sscanf(chain_pri_s, "%d",&chain_priority) != 1) {
> Let's use virStrToLong_i() instead of sscanf(); much nicer on the error
> handling aspect.
>
Done.
>> @@ -2036,11 +2058,16 @@ virNWFilterDefParseXML(xmlXPathContextPt
>> goto cleanup;
>> }
>> ret->chainsuffix = chain;
>> - /* assign an implicit priority -- support XML attribute later */
>> - if (intMapGetByString(chain_priorities, chain, 0,
>> -&ret->chainPriority) == false) {
>> - ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
>> - NWFILTER_MIN_FILTER_PRIORITY) / 2;
>> +
>> + if (chain_pri_s) {
>> + ret->chainPriority = chain_priority;
>> + } else {
>> + /* assign an implicit priority -- support XML attribute later */
> Is this comment still accurate, now that you have an XML attribute?
>
Fixed.
>> @@ -2852,6 +2881,9 @@ virNWFilterDefFormat(virNWFilterDefPtr d
>> virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
>> def->name,
>> def->chainsuffix);
>> + if (def->chainPriority != 0)
>> + virBufferAsprintf(&buf, " priority='%d'",
>> + def->chainPriority);
> That means an explicit pririoty='0' by the user is eaten and does not
> appear on the output. But that's not too bad, and as long as we
> document that priority is 0 unless explicitly specified, we're covered
> (hence my plea for documentation...)
>
> Everything else looks okay.
>
More information about the libvir-list
mailing list