libvir-list-bounces@redhat.com wrote on 03/25/2010 11:59:11 AM:


> "Daniel P. Berrange" <berrange@redhat.com> wrote on 03/25/2010 11:49:05 AM:
>
> > Please respond to "Daniel P. Berrange"
> >
> > On Tue, Mar 23, 2010 at 10:54:17AM -0400, stefanb@us.ibm.com wrote:
> > > +/*
> > > +    char macaddr[VIR_MAC_STRING_BUFLEN],
> > > +         ipaddr[INET_ADDRSTRLEN],
> > > +         number[20];
> > > +    char chain[MAX_CHAINNAME_LENGTH];
> > > +    virBuffer buf = VIR_BUFFER_INITIALIZER;
> > > +
> > > +    if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
> > > +        PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
> > > +    else
> > > +        PRINT_CHAIN(chain, chainPrefix, ifname,
> > > +                    virNWFilterChainSuffixTypeToString
> > (nwfilter->chainsuffix));
> >
> > Since we're passing this into the shell, I think we should do paranoid
> > validation on the 'chain' and 'ifname' fields, since they ultimately come
> > from the user specified XML. Validate that it only contains a-Z, 0-0, -, _
>
> Actually the user specified XML only currently allows the chain names 'arp',
> 'ipv4', 'ipv6' and 'root'. Others will already be rejected when
> parsing the filter.
>

Actually, yes, there's a problem with target device names like t\"t that do create an

interface named t\"t but end up creating an ebtables entry with interface t"t. So
if I don't go through bash it works correctly, otherwise it does not and I guess I
would need to escape the '\' with '\\\'.

   Stefan


>
> >
> >
> > It would also be nice to put a variety of XML files in a tests/nwfilterdata
> > directory and making a test suite to run the parser API against them, as
> > well as adding some real world examples in the examples/nwfilter directory
> > for end users to start from.
>
> In the v4 patch series I am adding filters to examples/xml/nwfilter that are
> automatically copied to /etc/libvirt/nwfilter for libvirt to pick up.
>
> Gerhard has written a couple of test cases but they are for the external
> test suite from what I know. So, yes, we'll add test cases over time.
>
>   Regards,
>     Stefan
>
> >
> > Regards,
> > Daniel
> > --
> > |: Red Hat, Engineering, London    -o-  
http://people.redhat.com/
> berrange/:|
> > |:
http://libvirt.org -o- http://virt-manager.org -o- http://
> deltacloud.org:|
> > |:
http://autobuild.org        -o-         http://search.cpan.org/
> ~danberr/:|
> > |: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742
> 7D3B 9505 :|--
> libvir-list mailing list
> libvir-list@redhat.com
>
https://www.redhat.com/mailman/listinfo/libvir-list