Re: [libvirt] [PATCH v3 11/14] Core driver implementation with ebtables support

libvir-list-bounces(a)redhat.com wrote on 03/25/2010 11:59:11 AM: > "Daniel P. Berrange" <berrange(a)redhat.com&gt; wrote on 03/25/2010 11:49:05 AM: > > > Please respond to "Daniel P. Berrange" > > > > On Tue, Mar 23, 2010 at 10:54:17AM -0400, stefanb(a)us.ibm.com wrote: > > > +/* > > > + char macaddr[VIR_MAC_STRING_BUFLEN], > > > + ipaddr[INET_ADDRSTRLEN], > > > + number[20]; > > > + char chain[MAX_CHAINNAME_LENGTH]; > > > + virBuffer buf = VIR_BUFFER_INITIALIZER; > > > + > > > + if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT) > > > + PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); > > > + else > > > + PRINT_CHAIN(chain, chainPrefix, ifname, > > > + virNWFilterChainSuffixTypeToString > > (nwfilter->chainsuffix)); > > > > Since we're passing this into the shell, I think we should do paranoid > > validation on the 'chain' and 'ifname' fields, since they ultimately come > > from the user specified XML. Validate that it only contains a-Z, 0-0, -, _ > > Actually the user specified XML only currently allows the chain names 'arp', > 'ipv4', 'ipv6' and 'root'. Others will already be rejected when > parsing the filter. > Actually, yes, there's a problem with target device names like t\"t that do create an interface named t\"t but end up creating an ebtables entry with interface t"t. So if I don't go through bash it works correctly, otherwise it does not and I guess I would need to escape the '\' with '\\\'.