[PATCH 7/9] add DHCP snooping support to nwfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch adds a function that applies or deletes filter rules to existing
chains. Rules referencing the given variable are instantiated with the given
value, or optionally deleted. For example, passing variable "IP" with different
values will install rules using the IP variable with each of the different
values. These rules can later be removed by calling this function with the
same variable and value and "delete" argument set to "1".

Signed-off-by: David L Stevens <dlstevens@xxxxxxxxxx>

diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
index 0bc3537..a36edbc 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -558,6 +558,92 @@ virNWFilterRuleInstancesToArray(int nEntries,
 

 /**
+ * virNWFilterChangeVar:
+ * @conn: pointer to virConnect object
+ * @techdriver: The driver to use for instantiation
+ * @filter: The filter to instantiate
+ * @ifname: The name of the interface to apply the rules to
+ * @vars: A map holding variable names and values used for instantiating
+ *  the filter and its subfilters.
+ * @var: name of variable to change
+ * @value: value of variable to change
+ * @delete: =0 to create or =1 to delete the rules
+ *
+ * Returns 0 on success, a value otherwise.
+ *
+ * Instantiate or delete a filter and all subfilters with variable "var"
+ * set to value "value".
+ * The name of the interface to which the rules belong must be
+ * provided.
+ *
+ * Call this function while holding the NWFilter filter update lock
+ */
+int
+virNWFilterChangeVar(virConnectPtr conn,
+                    virNWFilterTechDriverPtr techdriver,
+                    enum virDomainNetType nettype,
+                    virNWFilterDefPtr filter,
+                    const char *ifname,
+                    virNWFilterHashTablePtr vars,
+                    virNWFilterDriverStatePtr driver,
+                    const char *var,
+                    char *value,
+                    bool delete)
+{
+    int rc;
+    int j, nptrs;
+    int nEntries = 0;
+    virNWFilterRuleInstPtr *insts = NULL;
+    void **ptrs = NULL;
+    bool foundNewFilter = 0;
+
+    if (virNWFilterHashTablePut(vars, var, value, 1)) {
+        virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Cound not add "
+                               "variable \"%s\" to hashmap"), var);
+        return 1;
+    }
+    rc = _virNWFilterInstantiateRec(conn,
+                                    techdriver,
+                                    nettype,
+                                    filter,
+                                    ifname,
+                                    vars,
+                                    NWFILTER_STD_VAR_IP, 0,
+                                    &nEntries, &insts,
+                                    INSTANTIATE_ALWAYS, &foundNewFilter,
+                                    driver);
+     if (rc)
+         goto err_exit;
+     rc = virNWFilterRuleInstancesToArray(nEntries, insts, &ptrs, &nptrs);
+     if (rc)
+         goto err_exit;
+
+    if (virNWFilterHashTableRemoveEntry(vars, var) < 0) {
+        virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Cound not remove "
+                               "variable \"%s\" from hashmap"), var);
+        return 1;
+    }
+
+    if (virNWFilterLockIface(ifname))
+         goto err_exit;
+
+     if (delete)
+         rc = techdriver->removeRules(conn, ifname, nptrs, ptrs);
+     else
+         rc = techdriver->addRules(conn, ifname, nptrs, ptrs);
+     virNWFilterUnlockIface(ifname);
+     VIR_FREE(ptrs);
+
+err_exit:
+
+    for (j = 0; j < nEntries; j++)
+         virNWFilterRuleInstFree(insts[j]);
+    VIR_FREE(insts);
+    return rc;
+}
+
+
+/**
  * virNWFilterInstantiate:
  * @conn: pointer to virConnect object
  * @techdriver: The driver to use for instantiation
diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
index fa86030..48e87d6 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -48,6 +48,17 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
 int virNWFilterTearOldFilter(virConnectPtr conn,
                              const virDomainNetDefPtr net);
 
+int virNWFilterChangeVar(virConnectPtr conn,
+                    virNWFilterTechDriverPtr techdriver,
+                    enum virDomainNetType nettype,
+                    virNWFilterDefPtr filter,
+                    const char *ifname,
+                    virNWFilterHashTablePtr vars,
+                    virNWFilterDriverStatePtr driver,
+                    const char *var,
+                    char *value,
+                    bool delete);
+
 int virNWFilterInstantiateFilterLate(virConnectPtr conn,
                                      const char *ifname,
                                      int ifindex,



--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]