On 10/12/2011 03:50 PM, David L Stevens wrote:
This patch adds a function that applies or deletes filter rules to
existing
chains. Rules referencing the given variable are instantiated with the given
value, or optionally deleted. For example, passing variable "IP" with
different
values will install rules using the IP variable with each of the different
values. These rules can later be removed by calling this function with the
same variable and value and "delete" argument set to "1".
Signed-off-by: David L Stevens<dlstevens(a)us.ibm.com>
---
src/nwfilter/nwfilter_gentech_driver.c | 86 ++++++++++++++++++++++++++++++++
src/nwfilter/nwfilter_gentech_driver.h | 11 ++++
2 files changed, 97 insertions(+), 0 deletions(-)
diff --git a/src/nwfilter/nwfilter_gentech_driver.c
b/src/nwfilter/nwfilter_gentech_driver.c
index 79350ac..563a1f3 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -620,6 +620,92 @@ virNWFilterRuleInstancesToArray(int nEntries,
/**
+ * virNWFilterChangeVar:
+ * @conn: pointer to virConnect object
+ * @techdriver: The driver to use for instantiation
+ * @filter: The filter to instantiate
+ * @ifname: The name of the interface to apply the rules to
+ * @vars: A map holding variable names and values used for instantiating
+ * the filter and its subfilters.
+ * @var: name of variable to change
+ * @value: value of variable to change
+ * @delete: =0 to create or =1 to delete the rules
+ *
+ * Returns 0 on success, a value otherwise.
+ *
+ * Instantiate or delete a filter and all subfilters with variable "var"
+ * set to value "value".
+ * The name of the interface to which the rules belong must be
+ * provided.
+ *
+ * Call this function while holding the NWFilter filter update lock
+ */
+int
+virNWFilterChangeVar(virConnectPtr conn,
+ virNWFilterTechDriverPtr techdriver,
+ enum virDomainNetType nettype,
+ virNWFilterDefPtr filter,
+ const char *ifname,
+ virNWFilterHashTablePtr vars,
+ virNWFilterDriverStatePtr driver,
+ const char *var,
+ char *value,
+ bool delete)
+{
+ int rc;
+ int j, nptrs;
+ int nEntries = 0;
+ virNWFilterRuleInstPtr *insts = NULL;
+ void **ptrs = NULL;
+ bool foundNewFilter = 0;
+
+ if (virNWFilterHashTablePut(vars, var, value, 1)) {
+ virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Cound not add "
+ "variable \"%s\" to hashmap"), var);
+ return 1;
+ }
+ rc = _virNWFilterInstantiateRec(conn,
+ techdriver,
+ nettype,
+ filter,
+ ifname,
+ vars,
+ NWFILTER_STD_VAR_IP, 0,
+&nEntries,&insts,
+ INSTANTIATE_ALWAYS,&foundNewFilter,
+ driver);
Given the NWFILTER_STD_VAR_IP
parameter, what does it give us at this point?
+ if (rc)
+ goto err_exit;
+ rc = virNWFilterRuleInstancesToArray(nEntries, insts,&ptrs,&nptrs);
+ if (rc)
+ goto err_exit;
+
+ if (virNWFilterHashTableRemoveEntry(vars, var)< 0) {
+ virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not remove "
+ "variable \"%s\" from hashmap"),
var);
+ return 1;
+ }
+
+ if (virNWFilterLockIface(ifname))
+ goto err_exit;
+
+ if (delete)
+ rc = techdriver->removeRules(conn, ifname, nptrs, ptrs);
+ else
+ rc = techdriver->addRules(conn, ifname, nptrs, ptrs);
I am wondering
about this addRules() and whether the rules are being
added to the end of a chain and thus the rules' assumed priority would
have to be such that these rules can actually always be the last ones?
+ virNWFilterUnlockIface(ifname);
+ VIR_FREE(ptrs);
+
+err_exit:
+
+ for (j = 0; j< nEntries; j++)
+ virNWFilterRuleInstFree(insts[j]);
+ VIR_FREE(insts);
+ return rc;
+}
+
+
+/**
* virNWFilterInstantiate:
* @conn: pointer to virConnect object
* @techdriver: The driver to use for instantiation
diff --git a/src/nwfilter/nwfilter_gentech_driver.h
b/src/nwfilter/nwfilter_gentech_driver.h
index fa86030..34e95c7 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -48,6 +48,17 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
int virNWFilterTearOldFilter(virConnectPtr conn,
const virDomainNetDefPtr net);
+int virNWFilterChangeVar(virConnectPtr conn,
+ virNWFilterTechDriverPtr techdriver,
+ enum virDomainNetType nettype,
+ virNWFilterDefPtr filter,
+ const char *ifname,
+ virNWFilterHashTablePtr vars,
+ virNWFilterDriverStatePtr driver,
+ const char *var,
+ char *value,
+ bool delete);
+
int virNWFilterInstantiateFilterLate(virConnectPtr conn,
const char *ifname,
int ifindex,