[libvirt] [PATCH V1 6/6] Example of adding a new filter called arpmac.

Only as an example show how to add a new 'system filter' called 'arpmac'. Using 'prefix matching' introduced in previous patches, it generates a table 'arpmac' that will be jumped into using '-p arp'. The below patch adds arpmac with a priority of 650, which helps sorting its entry in the 'root' table. Since previous code still doesn't allow arbitrary names we still need to add its name to the virNWFilerChainSuffixType and the list of strings. This patch would enable the following filter using the 'arpmac' chain. <filter name='allow-arpmac' chain='arpmac'> <uuid>94abeecc-c956-0ac8-1f49-a06ee8995688</uuid> <rule action='accept' direction='out' priority='100'> <arp opcode='Request_Reverse' arpsrcmacaddr='$MAC' arpdstmacaddr='$MAC' arpsrcipaddr='0.0.0.0' arpdstipaddr='0.0.0.0'/> </rule> <rule action='accept' direction='inout' priority='500'/> </filter> --- src/conf/nwfilter_conf.c | 5 ++++- src/conf/nwfilter_conf.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) Index: libvirt-acl/src/conf/nwfilter_conf.c =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.c +++ libvirt-acl/src/conf/nwfilter_conf.c @@ -81,7 +81,8 @@ VIR_ENUM_IMPL(virNWFilterChainSuffix, VI "arp", "rarp", "ipv4", - "ipv6"); + "ipv6", + "arpmac"); VIR_ENUM_IMPL(virNWFilterRuleProtocol, VIR_NWFILTER_RULE_PROTOCOL_LAST, "none", @@ -124,6 +125,7 @@ struct int_map { #define NWFILTER_IPV4_FILTER_PRI 200 #define NWFILTER_IPV6_FILTER_PRI 400 #define NWFILTER_ARP_FILTER_PRI 600 +#define NWFILTER_ARPMAC_FILTER_PRI 650 #define NWFILTER_RARP_FILTER_PRI 800 static const struct int_map chain_priorities[] = { @@ -132,6 +134,7 @@ static const struct int_map chain_priori INTMAP_ENTRY(NWFILTER_IPV6_FILTER_PRI, "ipv6"), INTMAP_ENTRY(NWFILTER_ARP_FILTER_PRI , "arp" ), INTMAP_ENTRY(NWFILTER_RARP_FILTER_PRI, "rarp"), + INTMAP_ENTRY(NWFILTER_ARPMAC_FILTER_PRI, "arpmac"), INTMAP_ENTRY_LAST, }; Index: libvirt-acl/src/conf/nwfilter_conf.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.h +++ libvirt-acl/src/conf/nwfilter_conf.h @@ -431,6 +431,7 @@ enum virNWFilterChainSuffixType { VIR_NWFILTER_CHAINSUFFIX_RARP, VIR_NWFILTER_CHAINSUFFIX_IPv4, VIR_NWFILTER_CHAINSUFFIX_IPv6, + VIR_NWFILTER_CHAINSUFFIX_ARPMAC, VIR_NWFILTER_CHAINSUFFIX_LAST, };