On 11/18/2011 11:01 AM, Eric Blake wrote:
On 11/18/2011 06:32 AM, Stefan Berger wrote:
This patch enables chains that have a known prefix in their name. Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes are also protocols that can be evaluated on the ebtables level.
+ + if (chainname[strspn(chainname, VALID_CHAINNAME)] != 0) { + virNWFilterReportError(VIR_ERR_INVALID_ARG, + _("Chain name contains illegal characters")); s/illegal/invalid/ - we aren't breaking laws :) right... +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -286,10 +286,18 @@ <attribute name="chain"> <choice> <value>root</value> -<value>arp</value> -<value>rarp</value> -<value>ipv4</value> -<value>ipv6</value> +<data type="string"> +<param name="pattern">arp[a-zA-Z0-9_\.:-]{0,9}</param> +</data> +<data type="string"> +<param name="pattern">rarp[a-zA-Z0-9_\.:-]{0,8}*</param> +</data> +<data type="string"> +<param name="pattern">ipv4[a-zA-Z0-9_\.:-]{0,8}*</param> +</data> +<data type="string"> +<param name="pattern">ipv6[a-zA-Z0-9_\.:-]{0,8}*</param> Drop the * on the last three patterns.
Fixed