On 11/17/2011 06:15 PM, Eric Blake wrote:
On 11/17/2011 01:11 PM, Stefan Berger wrote:
This patch extends the filter XML to support priorities of chains
in the XML. An example would be:
<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
[...]
</filter>
The permitted values for priorities are [-1000, 1000].
By setting the pririty of a chain the order in which it is accessed
from the interface root chain can be influenced.
Signed-off-by: Stefan Berger<stefanb@xxxxxxxxxxxxxxxxxx>
---
docs/schemas/nwfilter.rng | 7 ++++++-
Missing documentation in docs/formatnwfilter.html.in. I'll live up to
my hard-line reputation on this one, and request a v6 with documentation
(for example, it's worth documenting whether priority 100 is accessed
before or after priority 200).
I have such a patch much further down the queue. I'll pull the relevant
parts into v6.
But as to the code...
@@ -2028,6 +2030,26 @@ virNWFilterDefParseXML(xmlXPathContextPt
goto cleanup;
}
+ chain_pri_s = virXPathString("string(./@priority)", ctxt);
+ if (chain_pri_s) {
+ if (sscanf(chain_pri_s, "%d",&chain_priority) != 1) {
Let's use virStrToLong_i() instead of sscanf(); much nicer on the error
handling aspect.
Done.
@@ -2036,11 +2058,16 @@ virNWFilterDefParseXML(xmlXPathContextPt
goto cleanup;
}
ret->chainsuffix = chain;
- /* assign an implicit priority -- support XML attribute later */
- if (intMapGetByString(chain_priorities, chain, 0,
-&ret->chainPriority) == false) {
- ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
- NWFILTER_MIN_FILTER_PRIORITY) / 2;
+
+ if (chain_pri_s) {
+ ret->chainPriority = chain_priority;
+ } else {
+ /* assign an implicit priority -- support XML attribute later */
Is this comment still accurate, now that you have an XML attribute?
Fixed.
@@ -2852,6 +2881,9 @@ virNWFilterDefFormat(virNWFilterDefPtr d
virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
def->name,
def->chainsuffix);
+ if (def->chainPriority != 0)
+ virBufferAsprintf(&buf, " priority='%d'",
+ def->chainPriority);
That means an explicit pririoty='0' by the user is eaten and does not
appear on the output. But that's not too bad, and as long as we
document that priority is 0 unless explicitly specified, we're covered
(hence my plea for documentation...)
Everything else looks okay.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list