Re: [libvirt] [PATCH v1 2/2] Add ip6tables support for IPv6 filtering

> Index: libvirt-acl/configure.ac > =================================================================== > --- libvirt-acl.orig/configure.ac > +++ libvirt-acl/configure.ac > @@ -300,6 +300,9 @@ AC_DEFINE_UNQUOTED([BASH_PATH], "$BASH_P > AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/ sbin:$PATH]) > AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary]) > > +AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/ usr/sbin:$PATH]) > +AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary]) > + > AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/ sbin:$PATH]) > AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary]) The patch looks fine, based on the existing code, but I'm a bit surprized by the fact that while there is a lookup for ip6tables/iptables at configure time, i.e. when it's compiled, there is no check at runtime to verify that the binaries which were detected then are actually available on the target. I think some of this should be relaxed like we do for other commands launched at runtime and somehow we should instead use virFindFileInPath() from util.h to find the location of the preferred ip[6]tables.

ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit

daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/