Re: [libvirt] [PATCH v3 11/14] Core driver implementation with ebtables support
libvir-list-bounces(a)redhat.com wrote on 03/25/2010 11:59:11 AM:
"Daniel P. Berrange" <berrange(a)redhat.com> wrote on
03/25/2010 11:49:05
AM:
> Please respond to "Daniel P. Berrange"
>
> On Tue, Mar 23, 2010 at 10:54:17AM -0400, stefanb(a)us.ibm.com wrote:
> > +/*
> > + char macaddr[VIR_MAC_STRING_BUFLEN],
> > + ipaddr[INET_ADDRSTRLEN],
> > + number[20];
> > + char chain[MAX_CHAINNAME_LENGTH];
> > + virBuffer buf = VIR_BUFFER_INITIALIZER;
> > +
> > + if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
> > + PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
> > + else
> > + PRINT_CHAIN(chain, chainPrefix, ifname,
> > + virNWFilterChainSuffixTypeToString
> (nwfilter->chainsuffix));
>
> Since we're passing this into the shell, I think we should do paranoid
> validation on the 'chain' and 'ifname' fields, since they ultimately
come
> from the user specified XML. Validate that it only contains a-Z,
0-0,
-, _
Actually the user specified XML only currently allows the chain names
'arp',
'ipv4', 'ipv6' and 'root'. Others will
already be rejected when
parsing the filter.
Actually, yes, there's a problem with target device names like t\"t that
do create an
interface named t\"t but end up creating an ebtables entry with interface
t"t. So
if I don't go through bash it works correctly, otherwise it does not and I
guess I
would need to escape the '\' with '\\\'.
Stefan
>
>
> It would also be nice to put a variety of XML files in a
tests/nwfilterdata
> directory and making a test suite to run the parser API against
them,
as
> well as adding some real world examples in the examples/nwfilter
directory
> for end users to start from.
In the v4 patch series I am adding filters to examples/xml/nwfilter that
are
automatically copied to /etc/libvirt/nwfilter for libvirt to pick up.
Gerhard has written a couple of test cases but they are for the external
test suite from what I know. So, yes, we'll add test cases over
time.
Regards,
Stefan
>
> Regards,
> Daniel
> --
> |: Red Hat, Engineering, London -o- http://people.redhat.com/
berrange/:|
> |: http://libvirt.org -o- http://virt-manager.org -o- http://
deltacloud.org:|
> |: http://autobuild.org -o- http://search.cpan.org/
~danberr/:|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742
7D3B 9505 :|--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Attachments:
- attachment.html (text/html — 4.2 KB)