Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote on 10/17/2011 09:07:12
AM:
> On 10/12/2011 03:50 PM, David L Stevens wrote:
> > This patch adds the internal capability to add rules to existing
> > chains instead of using temporary chains and to generate placeholders
for
> > chains that are referenced without generating a rule for them
immediately.
> > Finally, it includes variable matching for filter instantiation
> > (i.e., instantiate only when a given variable is present in a filter,
or
> > only when it is not).
> >
> Following the above I am not sure what this will be used for as part of
> this extension.
This is used to add rules to existing chains when a new IP address
is
discovered (i.e., a DHCP ACK from a server occurs). The existing code
builds
the entire chain as a temporary chain and then swaps it in, which is only
appropriate at start-up. For DHCP snooping, we want to add and remove
rules
that reference "IP" using a particular value (the address for the ACK or
lease expiration) without affecting other rules that don't reference IP or
have a different address value. "removeRules" was already there, but
"addRules"
was not.
+-DLS
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list