On 10/17/2011 01:23 PM, David Stevens wrote:
Stefan Berger<stefanb@xxxxxxxxxxxxxxxxxx> wrote on 10/17/2011 09:07:12
AM:
On 10/12/2011 03:50 PM, David L Stevens wrote:
This patch adds the internal capability to add rules to existing
chains instead of using temporary chains and to generate placeholders
for
chains that are referenced without generating a rule for them
immediately.
Finally, it includes variable matching for filter instantiation
(i.e., instantiate only when a given variable is present in a filter,
or
only when it is not).
Following the above I am not sure what this will be used for as part of
this extension.
This is used to add rules to existing chains when a new IP address
is
discovered (i.e., a DHCP ACK from a server occurs). The existing code
builds
the entire chain as a temporary chain and then swaps it in, which is only
appropriate at start-up. For DHCP snooping, we want to add and remove
rules
that reference "IP" using a particular value (the address for the ACK or
lease expiration) without affecting other rules that don't reference IP or
have a different address value. "removeRules" was already there, but
"addRules"
was not.
Yes, then I understood this correctly. See the other mails regarding the
problems I am seeing with it. If there was a way to figure out at what
position to insert a rule into an existing chain, i.e. at position 5,
rather than always at the end, we could use this addRules() call,
otherwise I find it very limiting.
Stefan
+-DLS
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list