Re: [libvirt] [PATCH V11 4/7] nwfilter: add DHCP snooping
On 04/19/2012 05:54 AM, Daniel Veillard wrote:
On Tue, Apr 17, 2012 at 10:44:05AM -0400, Stefan Berger wrote:
> Index: libvirt-acl/src/conf/nwfilter_params.h
> ===================================================================
> --- libvirt-acl.orig/src/conf/nwfilter_params.h
> +++ libvirt-acl/src/conf/nwfilter_params.h
> @@ -91,6 +91,11 @@ int virNWFilterHashTablePutAll(virNWFilt
> # define VALID_VARVALUE \
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.:"
>
> +# define NWFILTER_VARNAME_IP "IP"
> +# define NWFILTER_VARNAME_MAC "MAC"
> +# define NWFILTER_VARNAME_IP_LEARNING "ip_learning"
> +# define NWFILTER_VARNAME_DHCPSERVER "DHCPSERVER"
> +
> enum virNWFilterVarAccessType {
> VIR_NWFILTER_VAR_ACCESS_ELEMENT = 0,
> VIR_NWFILTER_VAR_ACCESS_ITERATOR = 1,
A fairly big patch ! I have tried to really read everything, but
finding locking issues, especially when there is multiple layers
of locks is nearly impossible by review.
I think the best is to get this running and tested as much as possible
before the next release,
ACK
Thanks for the ACK.
However, there are some things that I would like to adapt before
checking in:
- rename the 'ip_learning' variable to CTRL_IP_LEARNING to open up a
'namespace' for future extensions providing control to users over the
behavior of the algorithm; someone may be interested in having IP
addresses detected by the DHCP snooper but have no filters instantiated
and for that there could be a variable CTRL_NO_INSTANTIATE (=true)
- some small optimization to not have packets submitted to the worker
that are shorter than the minimal size a valid DHCP packet must have
- forgot about the existence of virSocketAddr and so I needed to replace
the usage of uint32_t's with virSocketAddr
So I would check in patches 1-3 soon and post the rest of the series
again later.
Stefan