10:08 a.m.
This patch adds a function that applies or deletes filter rules to existing
chains. Rules referencing the given variable are instantiated with the given
value, or optionally deleted. For example, passing variable "IP" with different
values will install rules using the IP variable with each of the different
values. These rules can later be removed by calling this function with the
same variable and value and "delete" argument set to "1".
Signed-off-by: David L Stevens <dlstevens(a)us.ibm.com>
---
src/nwfilter/nwfilter_gentech_driver.c | 86 ++++++++++++++++++++++++++++++++
src/nwfilter/nwfilter_gentech_driver.h | 11 ++++
2 files changed, 97 insertions(+), 0 deletions(-)
diff --git a/src/nwfilter/nwfilter_gentech_driver.c
b/src/nwfilter/nwfilter_gentech_driver.c
index 79350ac..563a1f3 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -620,6 +620,92 @@ virNWFilterRuleInstancesToArray(int nEntries,
/**
+ * virNWFilterChangeVar:
+ * @conn: pointer to virConnect object
+ * @techdriver: The driver to use for instantiation
+ * @filter: The filter to instantiate
+ * @ifname: The name of the interface to apply the rules to
+ * @vars: A map holding variable names and values used for instantiating
+ * the filter and its subfilters.
+ * @var: name of variable to change
+ * @value: value of variable to change
+ * @delete: =0 to create or =1 to delete the rules
+ *
+ * Returns 0 on success, a value otherwise.
+ *
+ * Instantiate or delete a filter and all subfilters with variable "var"
+ * set to value "value".
+ * The name of the interface to which the rules belong must be
+ * provided.
+ *
+ * Call this function while holding the NWFilter filter update lock
+ */
+int
+virNWFilterChangeVar(virConnectPtr conn,
+ virNWFilterTechDriverPtr techdriver,
+ enum virDomainNetType nettype,
+ virNWFilterDefPtr filter,
+ const char *ifname,
+ virNWFilterHashTablePtr vars,
+ virNWFilterDriverStatePtr driver,
+ const char *var,
+ char *value,
+ bool delete)
+{
+ int rc;
+ int j, nptrs;
+ int nEntries = 0;
+ virNWFilterRuleInstPtr *insts = NULL;
+ void **ptrs = NULL;
+ bool foundNewFilter = 0;
+
+ if (virNWFilterHashTablePut(vars, var, value, 1)) {
+ virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Cound not add "
+ "variable \"%s\" to hashmap"), var);
+ return 1;
+ }
+ rc = _virNWFilterInstantiateRec(conn,
+ techdriver,
+ nettype,
+ filter,
+ ifname,
+ vars,
+ NWFILTER_STD_VAR_IP, 0,
+ &nEntries, &insts,
+ INSTANTIATE_ALWAYS, &foundNewFilter,
+ driver);
+ if (rc)
+ goto err_exit;
+ rc = virNWFilterRuleInstancesToArray(nEntries, insts, &ptrs, &nptrs);
+ if (rc)
+ goto err_exit;
+
+ if (virNWFilterHashTableRemoveEntry(vars, var) < 0) {
+ virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not remove "
+ "variable \"%s\" from hashmap"),
var);
+ return 1;
+ }
+
+ if (virNWFilterLockIface(ifname))
+ goto err_exit;
+
+ if (delete)
+ rc = techdriver->removeRules(conn, ifname, nptrs, ptrs);
+ else
+ rc = techdriver->addRules(conn, ifname, nptrs, ptrs);
+ virNWFilterUnlockIface(ifname);
+ VIR_FREE(ptrs);
+
+err_exit:
+
+ for (j = 0; j < nEntries; j++)
+ virNWFilterRuleInstFree(insts[j]);
+ VIR_FREE(insts);
+ return rc;
+}
+
+
+/**
* virNWFilterInstantiate:
* @conn: pointer to virConnect object
* @techdriver: The driver to use for instantiation
diff --git a/src/nwfilter/nwfilter_gentech_driver.h
b/src/nwfilter/nwfilter_gentech_driver.h
index fa86030..34e95c7 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -48,6 +48,17 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
int virNWFilterTearOldFilter(virConnectPtr conn,
const virDomainNetDefPtr net);
+int virNWFilterChangeVar(virConnectPtr conn,
+ virNWFilterTechDriverPtr techdriver,
+ enum virDomainNetType nettype,
+ virNWFilterDefPtr filter,
+ const char *ifname,
+ virNWFilterHashTablePtr vars,
+ virNWFilterDriverStatePtr driver,
+ const char *var,
+ char *value,
+ bool delete);
+
int virNWFilterInstantiateFilterLate(virConnectPtr conn,
const char *ifname,
int ifindex,
--
1.7.6.4