+1 and pushed. On 09/28/2011 11:41 AM, Eduardo Lima (Etrunko) wrote:
schema/FilterEntry.mof | 30 ++++ schema/FilterEntry.registration | 1 + src/Virt_EntriesInFilterList.c | 1 + src/Virt_FilterEntry.c | 245 ++++++++++++++------------------------- 4 files changed, 122 insertions(+), 155 deletions(-)
# HG changeset patch # User Eduardo Lima (Etrunko)<eblima@br.ibm.com> # Date 1315334426 10800 # Node ID 536f49720a45b08e30d97fc25ccad3a83e86bfb5 # Parent db809376d763493849c2a19f587969eaec619b75 ACL: Add KVM_FilterEntry class
This is the generic rule meant to match simple rules such the one in 'allow-arp' filter. For instance:
<filter name='allow-arp' chain='arp'> <uuid>15fea95d-4300-19ea-2685-5f1b14c6759b</uuid> <rule action='accept' direction='inout' priority='500'/> </filter>
This patch also refactors the provider code to share the conversion of common properties between the various types of filter entries.
Changes since #1: - Respect 80 columns limit
Signed-off-by: Eduardo Lima (Etrunko)<eblima@br.ibm.com>
diff --git a/schema/FilterEntry.mof b/schema/FilterEntry.mof --- a/schema/FilterEntry.mof +++ b/schema/FilterEntry.mof @@ -74,3 +74,33 @@ MaxValue(1000)] uint16 Priority = 500; }; + +[Provider("cmpi::Virt_FilterEntry")] +class KVM_FilterEntry : CIM_FilterEntry +{ + [Description("This defines whether the Filter is used for input, " + "output, or both input and output filtering. All values are " + "used with respect to the interface for which the Filter " + "applies. \"Not Applicable\" (0) is used when there is no " + "direction applicable to the Filter. \"Input\" (1) is " + "used when the Filter applies to packets that are inbound " + "on the related interface. \"Output\" (2) is used when the " + "Filter applies to packets that are outbound on the " + "related interface. \"Both\" (3) is used to indicate that " + "the direction is immaterial, e.g., to filter on a source " + "subnet regardless of whether the flow is inbound or " + "outbound."), + ValueMap { "0", "1", "2", "3", "4" }, + Values { "Not Applicable", "Input, Output", "Both", "Mirrored" }] + uint16 Direction; + + [Description("The priority of the rule controls the order in which " + "the rule will be, instantiated relative to other rules. " + "Rules with lower value will be instantiated and therefore " + "evaluated before rules with higher value. Valid values are " + "in the range of 0 to 1000. If this attribute is not " + "provided, the value 500 will automatically be assigned."), + MinValue(0), + MaxValue(1000)] + uint16 Priority = 500; +}; diff --git a/schema/FilterEntry.registration b/schema/FilterEntry.registration --- a/schema/FilterEntry.registration +++ b/schema/FilterEntry.registration @@ -2,3 +2,4 @@ # Classname Namespace ProviderName ProviderModule ProviderTypes KVM_Hdr8021Filter root/virt Virt_FilterEntry Virt_FilterEntry instance KVM_IPHeadersFilter root/virt Virt_FilterEntry Virt_FilterEntry instance +KVM_FilterEntry root/virt Virt_FilterEntry Virt_FilterEntry instance diff --git a/src/Virt_EntriesInFilterList.c b/src/Virt_EntriesInFilterList.c --- a/src/Virt_EntriesInFilterList.c +++ b/src/Virt_EntriesInFilterList.c @@ -160,6 +160,7 @@ };
static char *part_component[] = { + "KVM_FilterEntry", "KVM_Hdr8021Filter", "KVM_IPHeadersFilter", NULL diff --git a/src/Virt_FilterEntry.c b/src/Virt_FilterEntry.c --- a/src/Virt_FilterEntry.c +++ b/src/Virt_FilterEntry.c @@ -36,23 +36,6 @@
const static CMPIBroker *_BROKER;
-static bool is_mac_rule(int type) -{ - if (type == MAC_RULE || type == ARP_RULE) - return 1; - - return 0; -} - -static bool is_ip_rule(int type) -{ - if (type == IP_RULE || type == TCP_RULE || type == ICMP_RULE || - type == IGMP_RULE) - return 1; - - return 0; -} - static int octets_from_mac(const char * s, unsigned int *buffer, unsigned int size) { @@ -172,59 +155,15 @@ return action; }
-static CMPIInstance *convert_mac_rule_to_instance( +static void convert_mac_rule_to_instance( struct acl_rule *rule, - const CMPIBroker *broker, - const CMPIContext *context, - const CMPIObjectPath *reference, - CMPIStatus *s) + CMPIInstance *inst, + const CMPIBroker *broker) { - CMPIInstance *inst = NULL; - const char *sys_name = NULL; - const char *sys_ccname = NULL; - int action, direction, priority = 0; unsigned int bytes[48]; unsigned int size = 0; CMPIArray *array = NULL;
- inst = get_typed_instance(broker, - CLASSNAME(reference), - "Hdr8021Filter", - NAMESPACE(reference)); - if (inst == NULL) { - cu_statusf(broker, s, - CMPI_RC_ERR_FAILED, - "Unable to get 8021 filter instance"); - - goto out; - } - - *s = get_host_system_properties(&sys_name, -&sys_ccname, - reference, - broker, - context); - - if (s->rc != CMPI_RC_OK) { - cu_statusf(broker, s, - CMPI_RC_ERR_FAILED, - "Unable to get host attributes"); - goto out; - } - - CMSetProperty(inst, "SystemName", sys_name, CMPI_chars); - CMSetProperty(inst, "SystemCreationClassName", sys_ccname, CMPI_chars); - CMSetProperty(inst, "Name", (CMPIValue *)rule->name, CMPI_chars); - - action = convert_action(rule->action); - CMSetProperty(inst, "Action", (CMPIValue *)&action, CMPI_uint16); - - direction = convert_direction(rule->direction); - CMSetProperty(inst, "Direction", (CMPIValue *)&direction, CMPI_uint16); - - priority = convert_priority(rule->priority); - CMSetProperty(inst, "Priority", (CMPIValue *)&priority, CMPI_uint16); - memset(bytes, 0, sizeof(bytes)); size = octets_from_mac(rule->var.mac.srcmacaddr, bytes, sizeof(bytes)); @@ -260,64 +199,18 @@ if (array != NULL) CMSetProperty(inst, "HdrDestMACMask8021", (CMPIValue *) (CMPIValue *)&array, CMPI_uint8A); - - out: - return inst; }
-static CMPIInstance *convert_ip_rule_to_instance( +static void convert_ip_rule_to_instance( struct acl_rule *rule, - const CMPIBroker *broker, - const CMPIContext *context, - const CMPIObjectPath *reference, - CMPIStatus *s) + CMPIInstance *inst, + const CMPIBroker *broker) { - CMPIInstance *inst = NULL; - const char *sys_name = NULL; - const char *sys_ccname = NULL; - int action, direction, priority = 0; unsigned int bytes[48]; unsigned int size = 0; unsigned int n = 0; CMPIArray *array = NULL;
- inst = get_typed_instance(broker, - CLASSNAME(reference), - "IPHeadersFilter", - NAMESPACE(reference)); - if (inst == NULL) { - cu_statusf(broker, s, - CMPI_RC_ERR_FAILED, - "Unable to get ip headers filter instance"); - goto out; - } - - *s = get_host_system_properties(&sys_name, -&sys_ccname, - reference, - broker, - context); - - if (s->rc != CMPI_RC_OK) { - cu_statusf(broker, s, - CMPI_RC_ERR_FAILED, - "Unable to get host attributes"); - goto out; - } - - CMSetProperty(inst, "SystemName", sys_name, CMPI_chars); - CMSetProperty(inst, "SystemCreationClassName", sys_ccname, CMPI_chars); - CMSetProperty(inst, "Name", (CMPIValue *)rule->name, CMPI_chars); - - action = convert_action(rule->action); - CMSetProperty(inst, "Action", (CMPIValue *)&action, CMPI_uint16); - - direction = convert_direction(rule->direction); - CMSetProperty(inst, "Direction", (CMPIValue *)&direction, CMPI_uint16); - - priority = convert_priority(rule->priority); - CMSetProperty(inst, "Priority", (CMPIValue *)&priority, CMPI_uint16); - if (strstr(rule->protocol_id, "v6")) n = 6; else @@ -427,8 +320,6 @@ } }
- out: - return inst; }
static CMPIInstance *convert_rule_to_instance( @@ -438,27 +329,79 @@ const CMPIObjectPath *reference, CMPIStatus *s) { - CMPIInstance *instance = NULL; + CMPIInstance *inst = NULL; + const char *sys_name = NULL; + const char *sys_ccname = NULL; + const char *basename = NULL; + int action, direction, priority = 0; + + void (*convert_f)(struct acl_rule*, CMPIInstance*, const CMPIBroker*);
if (rule == NULL) return NULL;
- if(is_mac_rule(rule->type)) { - instance = convert_mac_rule_to_instance(rule, - broker, - context, - reference, - s); - } - else if(is_ip_rule(rule->type)) { - instance = convert_ip_rule_to_instance(rule, - broker, - context, - reference, - s); + switch (rule->type) { + case MAC_RULE: + case ARP_RULE: + basename = "Hdr8021Filter"; + convert_f = convert_mac_rule_to_instance; + break; + case IP_RULE: + case TCP_RULE: + case ICMP_RULE: + case IGMP_RULE: + basename = "IPHeadersFilter"; + convert_f = convert_ip_rule_to_instance; + break; + default: + basename = "FilterEntry"; + convert_f = NULL; + break; }
- return instance; + inst = get_typed_instance(broker, + CLASSNAME(reference), + basename, + NAMESPACE(reference)); + + if (inst == NULL) { + cu_statusf(broker, s, + CMPI_RC_ERR_FAILED, + "Unable to get filter entry instance"); + goto out; + } + + *s = get_host_system_properties(&sys_name, +&sys_ccname, + reference, + broker, + context); + + if (s->rc != CMPI_RC_OK) { + cu_statusf(broker, s, + CMPI_RC_ERR_FAILED, + "Unable to get host attributes"); + goto out; + } + + CMSetProperty(inst, "SystemName", sys_name, CMPI_chars); + CMSetProperty(inst, "SystemCreationClassName", sys_ccname, CMPI_chars); + CMSetProperty(inst, "Name", (CMPIValue *)rule->name, CMPI_chars); + + action = convert_action(rule->action); + CMSetProperty(inst, "Action", (CMPIValue *)&action, CMPI_uint16); + + direction = convert_direction(rule->direction); + CMSetProperty(inst, "Direction", (CMPIValue *)&direction, CMPI_uint16); + + priority = convert_priority(rule->priority); + CMSetProperty(inst, "Priority", (CMPIValue *)&priority, CMPI_uint16); + + if (convert_f) + convert_f(rule, inst, broker); + + out: + return inst; }
CMPIStatus enum_filter_rules( @@ -475,10 +418,19 @@
CU_DEBUG("Reference = %s", REF2STR(reference));
- if (STREQC(CLASSNAME(reference), "KVM_Hdr8021Filter")) + if (STREQC(CLASSNAME(reference), "KVM_Hdr8021Filter")) { class_type = MAC; - else if (STREQC(CLASSNAME(reference), "KVM_IPHeadersFilter")) + } else if (STREQC(CLASSNAME(reference), "KVM_IPHeadersFilter")) { class_type = IP; + } else if (STREQC(CLASSNAME(reference), "KVM_FilterEntry")) { + class_type = NONE; + } else { + cu_statusf(broker,&s, + CMPI_RC_ERR_FAILED, + "Unrecognized class type"); + goto out; + } +
conn = connect_by_classname(_BROKER, CLASSNAME(reference),&s); if (conn == NULL) @@ -490,29 +442,12 @@ for (j = 0; j< filters[i].rule_ct; j++) { CMPIInstance *instance = NULL;
- if (((class_type == NONE) || - (class_type == MAC))&& - is_mac_rule(filters[i].rules[j]->type)) { - instance = convert_mac_rule_to_instance( - filters[i].rules[j], - broker, - context, - reference, -&s); - } - else if (((class_type == NONE) || - (class_type == IP))&& - is_ip_rule(filters[i].rules[j]->type)) { - instance = convert_ip_rule_to_instance( - filters[i].rules[j], - broker, - context, - reference, -&s); - } - else - CU_DEBUG("Unrecognized rule type %u", - filters[i].rules[j]->type); + instance = convert_rule_to_instance( + filters[i].rules[j], + broker, + context, + reference, +&s);
if (instance != NULL) inst_list_add(list, instance);
_______________________________________________ Libvirt-cim mailing list Libvirt-cim@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-cim
-- Chip Vincent Open Virtualization IBM Linux Technology Center cvincent@linux.vnet.ibm.com