[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH V3 2/4] Create rules for each member of a list



On 10/27/2011 06:14 AM, Daniel P. Berrange wrote:
On Mon, Oct 24, 2011 at 12:07:28PM -0400, Stefan Berger wrote:
This patch extends the NWFilter driver for Linux (ebiptables) to create
rules for each member of a previously introduced list. If for example
an attribute value (internally) looks like this:

IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]

then 3 rules will be generated for a rule accessing the variable 'IP',
one for each member of the list. The effect of this is that this now
allows for filtering for multiple values in one field. This can then be
used to support for filtering/allowing of multiple IP addresses per
interface.

An interator is introduced that extracts each member of a list and
puts it into a hash table which then is passed to the function creating
a rule. For the above example the iterator would cause 3 loops.

v2:
  - pass the iterator all the way to the function that accesses the
    hash table and provide a function to pick the value of a variable
    that is reflected by the current state of the iterator

Signed-off-by: Stefan Berger<stefanb linux vnet ibm com>

---
  src/conf/nwfilter_params.c                |  129 ++++++++++++++++++++++++++++++
  src/conf/nwfilter_params.h                |   25 +++++
  src/libvirt_private.syms                  |    4
  src/nwfilter/nwfilter_ebiptables_driver.c |   84 +++++++++++++------
  4 files changed, 215 insertions(+), 27 deletions(-)
ACK
I now modified the iterator to NOT create every combination of the items of multiple lists, but have all lists processed in parallel. I think this is for now the needed behaviour. So if someone has a rule containing $IP and $MAC, then both lists have to have the same size and their elements will be accessed $IP[m] and $MAC[m] to instantiate the rule. To have them independently processed we'll need to go through how the variables are accessed and then maybe a notation of $IP[ 1] and $MAC[ 2] will create all possible combinations. Sorry for the confusion.

   Stefan

Daniel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]