On 05/23/2011 05:32 PM, Stefan Berger wrote:
This patch enables filtering of gratuitous ARP packets using the following XML:
<rule action='accept' direction='in' priority='425'> <arp gratuitous='true'/> </rule>
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2033,6 +2033,13 @@ ebtablesCreateRuleInstance(char chainPre
ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPDstMACAddr), macaddr); } + + if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataGratuitousARP) && + rule->p.arpHdrFilter.dataGratuitousARP.u.boolean == true) {
HACKING recommends against direct comparison to 'true', in part because of gnulib <stdbool.h> restrictions. Simplify this to: if (... && rule->p.arpHdrFilter.dataGratuitousARP.u.boolean) { Your mailer messed up indentation on all lines that started with < after an arbitrary amount of whitespace, but I trust that your original patch followed conventions. ACK with the nit fixed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org