Re: [libvirt] [PATCH v4 00/15] Network filtering (ACL) extensions for libvirt

Please respond to "Daniel P. Berrange" On Thu, Mar 25, 2010 at 01:45:58PM -0400, Stefan Berger wrote: > Hi! > > This is a repost of this set of patches with some of the suggested

> applied and ipv6 support on the ebtables layer added. > > Between V3 and V4 of this patch series the following changes were

> - occurrences of typo 'scp' were changed to 'sctp' > - the root ebtables chain for each interface now has the previx

> - additional calls into tear-down functions in case something goes

> while starting the qemu/kvm VM in 2nd level error paths > - additional functions in the driver interface to split up the

> of firewall rules into > - creation of new firewall rules 'tree' > - switch-over to new firewall rules 'tree', tear down of old one and > renaming of new firewall 'tree' > - tear down of new firewall rules 'tree' in case an error happend > during update of several VMs. > - additional patch with example filters FYI, I have pushed this whole v4 series to libvirt GIT. I had to re-order the patches to make the series bisectable, and fix one or two minor syntax check problems, but no code changes. There is one problem I would like to see fixed asap though src/conf/nwfilter_conf.c has a dependancy on the driver implementation nwfilter/ nwfilter_gentech_driver.h which is not good. The 'conf' directory is only allowed to depend on

in util/, or itself, never depend on driver code.

From nwfilter_conf.c I call several functions of the

Regards, Daniel -- |: Red Hat, Engineering, London -o-

|: http://libvirt.org -o- http://virt-manager.org -o-

|: http://autobuild.org -o-

|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B