On 11/18/2011 06:32 AM, Stefan Berger wrote:
This patch enables chains that have a known prefix in their name. Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes are also protocols that can be evaluated on the ebtables level.
+ + if (chainname[strspn(chainname, VALID_CHAINNAME)] != 0) { + virNWFilterReportError(VIR_ERR_INVALID_ARG, + _("Chain name contains illegal characters"));
s/illegal/invalid/ - we aren't breaking laws :)
+++ libvirt-acl/docs/schemas/nwfilter.rng @@ -286,10 +286,18 @@ <attribute name="chain"> <choice> <value>root</value> - <value>arp</value> - <value>rarp</value> - <value>ipv4</value> - <value>ipv6</value> + <data type="string"> + <param name="pattern">arp[a-zA-Z0-9_\.:-]{0,9}</param> + </data> + <data type="string"> + <param name="pattern">rarp[a-zA-Z0-9_\.:-]{0,8}*</param> + </data> + <data type="string"> + <param name="pattern">ipv4[a-zA-Z0-9_\.:-]{0,8}*</param> + </data> + <data type="string"> + <param name="pattern">ipv6[a-zA-Z0-9_\.:-]{0,8}*</param>
Drop the * on the last three patterns. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org