[1/4] acl_parsing: Share code for icmp and icmp rule types
The struct for both ICMP and IGMP rule types have the exact same fields.
With this patch, we avoid duplicating code to handle those rules.
[2/4] FilterEntry: Should be using srcipaddr instead of srcmacaddr
[3/4] FilterEntry: Support for mask in CIDR notation
The values for mask fields may have been written using the CIDR notation[1].
For instance, take the libvirt 'no-ip-multicast' builtin filter:
<filter name='no-ip-multicast' chain='ipv4'>
<uuid>47756f11-6057-1448-2cce-fda40fa23ba4</uuid>
<rule action='drop' direction='out' priority='500'>
<ip dstipaddr='224.0.0.0' dstipmask='4'/>
</rule>
</filter>
As libvirt-cim expects an address like string, for the mask, in this case the
conversion will fail and will output an array with only zero values [0,0,0,0],
when it actually should be [240,0,0,0].
[1]
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
[4/4] FilterEntry: Fix behavior of convert_ip_rule_to_instance
The function was always referencing the 'tcp' fileld of the var union in struct
acl_rule, while it should take into account the rule type to access the correct
fields. This could probably go to acl_parsing, but I thought it would be a less
intrusive change to patch only FilterEntry provider.
Signed-off-by: Eduardo Lima (Etrunko) <eblima(a)br.ibm.com>
libxkutil/acl_parsing.c | 119 ++++++++++------------------------
libxkutil/acl_parsing.h | 29 +-------
src/Virt_FilterEntry.c | 3 +-
src/Virt_FilterEntry.c | 2 +-
src/Virt_FilterEntry.c | 88 +++++++++++++++++++++----
src/Virt_FilterEntry.c | 162 +++++++++++++++++++++++++++++++++++++----------
6 files changed, 242 insertions(+), 161 deletions(-)