# HG changeset patch # User Eduardo Lima (Etrunko) <eblima@br.ibm.com> # Date 1311872160 10800 # Node ID 4d837e60bb82daa73bba8e13bbab9041fc7632ee # Parent 277b56b3863b5f81a3faa18aeb7b9951b963b489 ACL: Add 'Action' property to KVM_{IPHeaders,Hdr8021}Filter This property should be defined in the CIM_FilterEntryBase parent class (would also apply to 'Direction' and 'Priority' properties), considering the fact that, according to libvirt documentation, the 'action' attribute of a rule is mandatory. For reference please check: http://libvirt.org/formatnwfilter.html#nwfelemsRules Signed-off-by: Eduardo Lima (Etrunko) <eblima@br.ibm.com> diff --git a/schema/FilterEntry.mof b/schema/FilterEntry.mof --- a/schema/FilterEntry.mof +++ b/schema/FilterEntry.mof @@ -2,6 +2,14 @@ [Provider("cmpi::Virt_FilterEntry")] class KVM_Hdr8021Filter : CIM_Hdr8021Filter { + [Description ( + "This defines whether the action should be to forward or " + "deny traffic meeting the match condition specified in " + "this filter." ), + ValueMap { "1", "2" }, + Values { "Permit", "Deny" }] + uint16 Action; + [Description("This defines whether the Filter is used for input, " "output, or both input and output filtering. All values are " "used with respect to the interface for which the Filter " @@ -32,6 +40,14 @@ [Provider("cmpi::Virt_FilterEntry")] class KVM_IPHeadersFilter : CIM_IPHeadersFilter { + [Description ( + "This defines whether the action should be to forward or " + "deny traffic meeting the match condition specified in " + "this filter." ), + ValueMap { "1", "2" }, + Values { "Permit", "Deny" }] + uint16 Action; + [Description("This defines whether the Filter is used for input, " "output, or both input and output filtering. All values are " "used with respect to the interface for which the Filter " diff --git a/src/Virt_FilterEntry.c b/src/Virt_FilterEntry.c --- a/src/Virt_FilterEntry.c +++ b/src/Virt_FilterEntry.c @@ -159,6 +159,19 @@ return priority; } +static int convert_action(const char *s) +{ + enum {NONE=0, ACCEPT, DENY} action = NONE; + + if (s != NULL) { + if (STREQC(s, "accept")) + action = ACCEPT; + else if (STREQC(s, "drop") || STREQC(s, "reject")) + action = DENY; + } + return action; +} + static CMPIInstance *convert_mac_rule_to_instance( struct acl_rule *rule, const CMPIBroker *broker, @@ -169,7 +182,7 @@ CMPIInstance *inst = NULL; const char *sys_name = NULL; const char *sys_ccname = NULL; - int direction, priority = 0; + int action, direction, priority = 0; unsigned int bytes[48]; unsigned int size = 0; CMPIArray *array = NULL; @@ -203,6 +216,9 @@ CMSetProperty(inst, "SystemCreationClassName", sys_ccname, CMPI_chars); CMSetProperty(inst, "Name", (CMPIValue *)rule->name, CMPI_chars); + action = convert_action(rule->action); + CMSetProperty(inst, "Action", (CMPIValue *)&action, CMPI_uint16); + direction = convert_direction(rule->direction); CMSetProperty(inst, "Direction", (CMPIValue *)&direction, CMPI_uint16); @@ -259,7 +275,7 @@ CMPIInstance *inst = NULL; const char *sys_name = NULL; const char *sys_ccname = NULL; - int direction, priority = 0; + int action, direction, priority = 0; unsigned int bytes[48]; unsigned int size = 0; unsigned int n = 0; @@ -293,6 +309,9 @@ CMSetProperty(inst, "SystemCreationClassName", sys_ccname, CMPI_chars); CMSetProperty(inst, "Name", (CMPIValue *)rule->name, CMPI_chars); + action = convert_action(rule->action); + CMSetProperty(inst, "Action", (CMPIValue *)&action, CMPI_uint16); + direction = convert_direction(rule->direction); CMSetProperty(inst, "Direction", (CMPIValue *)&direction, CMPI_uint16);