On 03/12/2014 05:10 AM, Stefan Berger wrote: > From: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > > Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887 > > Add a netmask for the source and destination IP address for the > ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML > parser with support for XML attributes for these netmasks similar > to already supported netmasks. Extend the documentation. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > --- > docs/formatnwfilter.html.in | 10 ++++++++++ > src/conf/nwfilter_conf.c | 12 ++++++++++++ > src/conf/nwfilter_conf.h | 2 ++ > src/nwfilter/nwfilter_ebiptables_driver.c | 28 ++++++++++++++++++++++++---- > 4 files changed, 48 insertions(+), 4 deletions(-) > > diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in > index 5c06bf2..fb3a326 100644 > --- a/docs/formatnwfilter.html.in > +++ b/docs/formatnwfilter.html.in > @@ -990,11 +990,21 @@ > <td>Source IP address in ARP/RARP packet</td> > </tr> > <tr> > + <td>arpsrcipmask <span class="since">(Since 1.2.3)</span></td> > + <td>IP_MASK</td> > + <td>Source IP mask</td> > + </tr> > + <tr> > <td>arpdstipaddr</td> > <td>IP_ADDR</td> > <td>Destination IP address in ARP/RARP packet</td> > </tr> > <tr> > + <td>arpdstipmask <span class="since">(Since 1.2.3)</span></td> > + <td>IP_MASK</td> > + <td>Destination IP mask</td> > + </tr> > + <tr> > <td>comment <span class="since">(Since 0.8.5)</span></td> > <td>STRING</td> > <td>text with max. 256 characters</td> > diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c > index d25e0cc..73e668f 100644 > --- a/src/conf/nwfilter_conf.c > +++ b/src/conf/nwfilter_conf.c > @@ -173,7 +173,9 @@ static const char dstmacmask_str[] = "dstmacmask"; > static const char arpsrcmacaddr_str[] = "arpsrcmacaddr"; > static const char arpdstmacaddr_str[] = "arpdstmacaddr"; > static const char arpsrcipaddr_str[] = "arpsrcipaddr"; > +static const char arpsrcipmask_str[] = "arpsrcipmask"; > static const char arpdstipaddr_str[] = "arpdstipaddr"; > +static const char arpdstipmask_str[] = "arpdstipmask"; > static const char srcipaddr_str[] = "srcipaddr"; > static const char srcipmask_str[] = "srcipmask"; > static const char dstipaddr_str[] = "dstipaddr"; > @@ -198,7 +200,9 @@ static const char ipsetflags_str[] = "ipsetflags"; > #define ARPSRCMACADDR arpsrcmacaddr_str > #define ARPDSTMACADDR arpdstmacaddr_str > #define ARPSRCIPADDR arpsrcipaddr_str > +#define ARPSRCIPMASK arpsrcipmask_str > #define ARPDSTIPADDR arpdstipaddr_str > +#define ARPDSTIPMASK arpdstipmask_str > #define SRCIPADDR srcipaddr_str > #define SRCIPMASK srcipmask_str > #define DSTIPADDR dstipaddr_str > @@ -1302,10 +1306,18 @@ static const virXMLAttr2Struct arpAttributes[] = { > .datatype = DATATYPE_IPADDR, > .dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPSrcIPAddr), > }, { > + .name = ARPSRCIPMASK, > + .datatype = DATATYPE_IPMASK, > + .dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPSrcIPMask), > + }, { > .name = ARPDSTIPADDR, > .datatype = DATATYPE_IPADDR, > .dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPDstIPAddr), > }, { > + .name = ARPDSTIPMASK, > + .datatype = DATATYPE_IPMASK, > + .dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPDstIPMask), > + }, { > .name = "gratuitous", > .datatype = DATATYPE_BOOLEAN, > .dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataGratuitousARP), > diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h > index 8c59330..071343e 100644 > --- a/src/conf/nwfilter_conf.h > +++ b/src/conf/nwfilter_conf.h > @@ -209,8 +209,10 @@ struct _arpHdrFilterDef { > nwItemDesc dataOpcode; > nwItemDesc dataARPSrcMACAddr; > nwItemDesc dataARPSrcIPAddr; > + nwItemDesc dataARPSrcIPMask; > nwItemDesc dataARPDstMACAddr; > nwItemDesc dataARPDstIPAddr; > + nwItemDesc dataARPDstIPMask; > nwItemDesc dataGratuitousARP; > nwItemDesc dataComment; > }; > diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c > index bea9535..a4b38e7 100644 > --- a/src/nwfilter/nwfilter_ebiptables_driver.c > +++ b/src/nwfilter/nwfilter_ebiptables_driver.c > @@ -2059,6 +2059,7 @@ ebtablesCreateRuleInstance(char chainPrefix, > { > char macaddr[VIR_MAC_STRING_BUFLEN], > ipaddr[INET_ADDRSTRLEN], > + ipmask[INET_ADDRSTRLEN], > ipv6addr[INET6_ADDRSTRLEN], > number[MAX(INT_BUFSIZE_BOUND(uint32_t), > INT_BUFSIZE_BOUND(int))], > @@ -2066,6 +2067,7 @@ ebtablesCreateRuleInstance(char chainPrefix, > char chain[MAX_CHAINNAME_LENGTH]; > virBuffer buf = VIR_BUFFER_INITIALIZER; > const char *target; > + bool hasMask; > > if (!ebtables_cmd_path) { > virReportError(VIR_ERR_INTERNAL_ERROR, "%s", > @@ -2269,11 +2271,20 @@ ebtablesCreateRuleInstance(char chainPrefix, > &rule->p.arpHdrFilter.dataARPSrcIPAddr) < 0) > goto err_exit; > > + if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPMask)) { > + if (printDataType(vars, > + ipmask, sizeof(ipmask), > + &rule->p.arpHdrFilter.dataARPSrcIPMask) < 0) > + goto err_exit; > + hasMask = true; > + } > + > virBufferAsprintf(&buf, > - " %s %s %s", > + " %s %s %s/%s", > reverse ? "--arp-ip-dst" : "--arp-ip-src", > ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPSrcIPAddr), > - ipaddr); > + ipaddr, > + hasMask ? ipmask : "32"); > } > > if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPAddr)) { > @@ -2282,11 +2293,20 @@ ebtablesCreateRuleInstance(char chainPrefix, > &rule->p.arpHdrFilter.dataARPDstIPAddr) < 0) > goto err_exit; > > + if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPMask)) { > + if (printDataType(vars, > + ipmask, sizeof(ipmask), > + &rule->p.arpHdrFilter.dataARPDstIPMask) < 0) > + goto err_exit; > + hasMask = true; > + } > + > virBufferAsprintf(&buf, > - " %s %s %s", > + " %s %s %s/%s", > reverse ? "--arp-ip-src" : "--arp-ip-dst", > ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPDstIPAddr), > - ipaddr); > + ipaddr, > + hasMask ? ipmask : "32"); > } > > if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcMACAddr)) { ACK. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list