Re: [libvirt] [PATCH v4 00/15] Network filtering (ACL) extensions for libvirt
On Thu, Mar 25, 2010 at 01:45:58PM -0400, Stefan Berger wrote:
Hi!
This is a repost of this set of patches with some of the suggested fixes
applied and ipv6 support on the ebtables layer added.
Between V3 and V4 of this patch series the following changes were made:
- occurrences of typo 'scp' were changed to 'sctp'
- the root ebtables chain for each interface now has the previx of 'libvirt-'
- additional calls into tear-down functions in case something goes wrong
while starting the qemu/kvm VM in 2nd level error paths
- additional functions in the driver interface to split up the application
of firewall rules into
- creation of new firewall rules 'tree'
- switch-over to new firewall rules 'tree', tear down of old one and
renaming of new firewall 'tree'
- tear down of new firewall rules 'tree' in case an error happend
during update of several VMs.
- additional patch with example filters
FYI, I have pushed this whole v4 series to libvirt GIT.
I had to re-order the patches to make the series bisectable, and fix one
or two minor syntax check problems, but no code changes.
There is one problem I would like to see fixed asap though
src/conf/nwfilter_conf.c
has a dependancy on the driver implementation nwfilter/nwfilter_gentech_driver.h
which is not good. The 'conf' directory is only allowed to depend on stuff
in util/, or itself, never depend on driver code.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|