On Fri, Mar 26, 2010 at 04:41:19PM -0400, Stefan Berger wrote: > This patch adds IPv6 filtering support for the following protocols: > - tcp-ipv6 > - udp-ipv6 > - udplite-ipv6 > - esp-ipv6 > - ah-ipv6 > - sctp-ipv6 > - all-ipv6 > - icmpv6 > > > Many of the IPv4 data structure could be re-used for IPv6 support. > Since ip6tables also supports pretty much the same command line parameters > as iptables does, also much of the code could be re-used and now > command lines are invoked with the ip(6)tables tool parameter passed > through the functions as a parameter. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> > > > --- > configure.ac | 3 > src/conf/nwfilter_conf.c | 165 +++++++++++++++-- > src/conf/nwfilter_conf.h | 8 > src/nwfilter/nwfilter_ebiptables_driver.c | 287 ++++++++++++++++++++++-------- > src/nwfilter/nwfilter_ebiptables_driver.h | 2 > 5 files changed, 370 insertions(+), 95 deletions(-) > > Index: libvirt-acl/configure.ac > =================================================================== > --- libvirt-acl.orig/configure.ac > +++ libvirt-acl/configure.ac > @@ -300,6 +300,9 @@ AC_DEFINE_UNQUOTED([BASH_PATH], "$BASH_P > AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH]) > AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary]) > > +AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH]) > +AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary]) > + > AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH]) > AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary]) The patch looks fine, based on the existing code, but I'm a bit surprized by the fact that while there is a lookup for ip6tables/iptables at configure time, i.e. when it's compiled, there is no check at runtime to verify that the binaries which were detected then are actually available on the target. I think some of this should be relaxed like we do for other commands launched at runtime and somehow we should instead use virFindFileInPath() from util.h to find the location of the preferred ip[6]tables. ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list