On Mon, Oct 24, 2011 at 12:07:28PM -0400, Stefan Berger wrote: > This patch extends the NWFilter driver for Linux (ebiptables) to create > rules for each member of a previously introduced list. If for example > an attribute value (internally) looks like this: > > IP = [10.0.0.1, 10.0.0.2, 10.0.0.3] > > then 3 rules will be generated for a rule accessing the variable 'IP', > one for each member of the list. The effect of this is that this now > allows for filtering for multiple values in one field. This can then be > used to support for filtering/allowing of multiple IP addresses per > interface. > > An interator is introduced that extracts each member of a list and > puts it into a hash table which then is passed to the function creating > a rule. For the above example the iterator would cause 3 loops. > > v2: > - pass the iterator all the way to the function that accesses the > hash table and provide a function to pick the value of a variable > that is reflected by the current state of the iterator > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > > --- > src/conf/nwfilter_params.c | 129 ++++++++++++++++++++++++++++++ > src/conf/nwfilter_params.h | 25 +++++ > src/libvirt_private.syms | 4 > src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++------ > 4 files changed, 215 insertions(+), 27 deletions(-) ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list