Re: [libvirt] [PATCH v3 11/14] Core driver implementation with ebtables support
"Daniel P. Berrange" <berrange(a)redhat.com> wrote on 03/25/2010 11:49:05
AM:
Please respond to "Daniel P. Berrange"
On Tue, Mar 23, 2010 at 10:54:17AM -0400, stefanb(a)us.ibm.com wrote:
> +/*
> + char macaddr[VIR_MAC_STRING_BUFLEN],
> + ipaddr[INET_ADDRSTRLEN],
> + number[20];
> + char chain[MAX_CHAINNAME_LENGTH];
> + virBuffer buf = VIR_BUFFER_INITIALIZER;
> +
> + if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
> + PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
> + else
> + PRINT_CHAIN(chain, chainPrefix, ifname,
> + virNWFilterChainSuffixTypeToString
(nwfilter->chainsuffix));
Since we're passing this into the shell, I think we should do paranoid
validation on the 'chain' and 'ifname' fields, since they ultimately
come
from the user specified XML. Validate that it only contains a-Z, 0-0,
-,
_
Actually the user specified XML only currently allows the chain names
'arp',
'ipv4', 'ipv6' and 'root'. Others will already be rejected when
parsing
the filter.
With the interface names I was assuming that at the point where this part
here
gets called is already well after the establishment of tap interfaces and
the
net->ifname contains valid values otherwise the creation of the tap or
macvtap
would have blown earlier.
It would also be nice to put a variety of XML files in a
tests/nwfilterdata
directory and making a test suite to run the parser API against them,
as
well as adding some real world examples in the examples/nwfilter
directory
for end users to start from.
In the v4 patch series I am adding filters to examples/xml/nwfilter that
are
automatically copied to /etc/libvirt/nwfilter for libvirt to pick up.
Gerhard has written a couple of test cases but they are for the external
test suite from what I know. So, yes, we'll add test cases over time.
Regards,
Stefan
Regards,
Daniel
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/:|
|: http://libvirt.org -o- http://virt-manager.org -o-
http://deltacloud.org:|
|: http://autobuild.org -o-
http://search.cpan.org/~danberr/:|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742
7D3B
9505 :|
Attachments:
- attachment.html (text/html — 3.9 KB)