On Fri, Mar 26, 2010 at 02:41:30PM -0400, Stefan Berger wrote: > "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote on 03/26/2010 02:04:26 > PM: > > > > > > Please respond to "Daniel P. Berrange" > > > > On Thu, Mar 25, 2010 at 01:45:58PM -0400, Stefan Berger wrote: > > > Hi! > > > > > > This is a repost of this set of patches with some of the suggested > fixes > > > applied and ipv6 support on the ebtables layer added. > > > > > > Between V3 and V4 of this patch series the following changes were > made: > > > - occurrences of typo 'scp' were changed to 'sctp' > > > - the root ebtables chain for each interface now has the previx > of'libvirt-' > > > - additional calls into tear-down functions in case something goes > wrong > > > while starting the qemu/kvm VM in 2nd level error paths > > > - additional functions in the driver interface to split up the > application > > > of firewall rules into > > > - creation of new firewall rules 'tree' > > > - switch-over to new firewall rules 'tree', tear down of old one and > > > renaming of new firewall 'tree' > > > - tear down of new firewall rules 'tree' in case an error happend > > > during update of several VMs. > > > - additional patch with example filters > > > > FYI, I have pushed this whole v4 series to libvirt GIT. > > > > I had to re-order the patches to make the series bisectable, and fix one > > or two minor syntax check problems, but no code changes. > > > > There is one problem I would like to see fixed asap though > > > > src/conf/nwfilter_conf.c > > > > has a dependancy on the driver implementation nwfilter/ > > nwfilter_gentech_driver.h > > which is not good. The 'conf' directory is only allowed to depend on > stuff > > in util/, or itself, never depend on driver code. > > > From nwfilter_conf.c I call several functions of the > nwfilter_gentech_driver.c from within an iterator callback function. Is > the general right solution for this to have nwfilter_gentech_driver.c > register an interface with nwfilter_conf.c that provides the addresses of > those functions call from within nwfilter_conf.c now? If so, I think I > could pass the callback function to the nwfilter_conf.c and move the > actual callback function in nwfilter_gentech_driver.c and pass its address > via the initialization function I call in nwfilter_conf.c from > nwfilter_gentech_driver.c. Cool, that sounds like a good plan Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list