[PATCH 0/4] nwfilter-binding create: add support for validation against schema
Kristina Hanicova (4): api: add virNWFilterBindingCreateFlags conf: virnwfilterbindingdef: add validation against schema in create nwfilter_driver: allow VIR_NWFILTER_BINDING_CREATE_VALIDATE flag virsh: add support for '--validate' option in create nwfilter-binding docs/manpages/virsh.rst | 5 ++++- include/libvirt/libvirt-nwfilter.h | 5 +++++ src/conf/virnwfilterbindingdef.c | 14 +++++++++----- src/conf/virnwfilterbindingdef.h | 3 ++- src/libvirt-nwfilter.c | 2 +- src/nwfilter/nwfilter_driver.c | 4 ++-- tools/virsh-nwfilter.c | 10 +++++++++- 7 files changed, 32 insertions(+), 11 deletions(-) -- 2.31.1
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- include/libvirt/libvirt-nwfilter.h | 5 +++++ src/libvirt-nwfilter.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt-nwfilter.h b/include/libvirt/libvirt-nwfilter.h index 9897df6df6..4e28801006 100644 --- a/include/libvirt/libvirt-nwfilter.h +++ b/include/libvirt/libvirt-nwfilter.h @@ -107,6 +107,11 @@ int virNWFilterFree (virNWFilterPtr nwfilter); /* * NWFilter information */ + +typedef enum { + VIR_NWFILTER_BINDING_CREATE_VALIDATE = 1 << 0, /* Validate the XML document against schema */ +} virNWFilterBindingCreateFlags; + const char* virNWFilterGetName (virNWFilterPtr nwfilter); int virNWFilterGetUUID (virNWFilterPtr nwfilter, unsigned char *uuid); diff --git a/src/libvirt-nwfilter.c b/src/libvirt-nwfilter.c index 8d09270296..73b061152e 100644 --- a/src/libvirt-nwfilter.c +++ b/src/libvirt-nwfilter.c @@ -718,7 +718,7 @@ virNWFilterBindingGetFilterName(virNWFilterBindingPtr binding) * virNWFilterBindingCreateXML: * @conn: pointer to the hypervisor connection * @xml: an XML description of the binding - * @flags: currently unused, pass 0 + * @flags: bitwise-OR of virNWFilterBindingCreateFlags * * Define a new network filter, based on an XML description * similar to the one returned by virNWFilterGetXMLDesc(). This -- 2.31.1
We need to validate the XML against schema if option '--validate' was passed to the virsh command. This patch also includes propagation of flags into the virNWFilterBindingDefParse(). Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- src/conf/virnwfilterbindingdef.c | 14 +++++++++----- src/conf/virnwfilterbindingdef.h | 3 ++- src/nwfilter/nwfilter_driver.c | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/conf/virnwfilterbindingdef.c b/src/conf/virnwfilterbindingdef.c index 5f671030bb..488fdbceab 100644 --- a/src/conf/virnwfilterbindingdef.c +++ b/src/conf/virnwfilterbindingdef.c @@ -178,12 +178,15 @@ virNWFilterBindingDefParseNode(xmlDocPtr xml, static virNWFilterBindingDef * virNWFilterBindingDefParse(const char *xmlStr, - const char *filename) + const char *filename, + unsigned int flags) { virNWFilterBindingDef *def = NULL; g_autoptr(xmlDoc) xml = NULL; - if ((xml = virXMLParse(filename, xmlStr, _("(nwfilterbinding_definition)"), NULL, false))) { + if ((xml = virXMLParse(filename, xmlStr, _("(nwfilterbinding_definition)"), + "nwfilterbinding.rng", + flags & VIR_NWFILTER_BINDING_CREATE_VALIDATE))) { def = virNWFilterBindingDefParseNode(xml, xmlDocGetRootElement(xml)); } @@ -192,16 +195,17 @@ virNWFilterBindingDefParse(const char *xmlStr, virNWFilterBindingDef * -virNWFilterBindingDefParseString(const char *xmlStr) +virNWFilterBindingDefParseString(const char *xmlStr, + unsigned int flags) { - return virNWFilterBindingDefParse(xmlStr, NULL); + return virNWFilterBindingDefParse(xmlStr, NULL, flags); } virNWFilterBindingDef * virNWFilterBindingDefParseFile(const char *filename) { - return virNWFilterBindingDefParse(NULL, filename); + return virNWFilterBindingDefParse(NULL, filename, 0); } diff --git a/src/conf/virnwfilterbindingdef.h b/src/conf/virnwfilterbindingdef.h index 68d531b75d..4bf0f252f8 100644 --- a/src/conf/virnwfilterbindingdef.h +++ b/src/conf/virnwfilterbindingdef.h @@ -51,7 +51,8 @@ virNWFilterBindingDefParseNode(xmlDocPtr xml, xmlNodePtr root); virNWFilterBindingDef * -virNWFilterBindingDefParseString(const char *xml); +virNWFilterBindingDefParseString(const char *xml, + unsigned int flags); virNWFilterBindingDef * virNWFilterBindingDefParseFile(const char *filename); diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 2712baa73f..1d4567855e 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -745,7 +745,7 @@ nwfilterBindingCreateXML(virConnectPtr conn, return NULL; } - def = virNWFilterBindingDefParseString(xml); + def = virNWFilterBindingDefParseString(xml, 0); if (!def) return NULL; -- 2.31.1
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- src/nwfilter/nwfilter_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 1d4567855e..200451d6b1 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -737,7 +737,7 @@ nwfilterBindingCreateXML(virConnectPtr conn, virNWFilterBindingObj *obj = NULL; virNWFilterBindingPtr ret = NULL; - virCheckFlags(0, NULL); + virCheckFlags(VIR_NWFILTER_BINDING_CREATE_VALIDATE, NULL); if (!driver->privileged) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -745,7 +745,7 @@ nwfilterBindingCreateXML(virConnectPtr conn, return NULL; } - def = virNWFilterBindingDefParseString(xml, 0); + def = virNWFilterBindingDefParseString(xml, flags); if (!def) return NULL; -- 2.31.1
Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- docs/manpages/virsh.rst | 5 ++++- tools/virsh-nwfilter.c | 10 +++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 2204bed3bb..15ac75d487 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -7586,7 +7586,7 @@ nwfilter-binding-create :: - nwfilter-binding-create xmlfile + nwfilter-binding-create xmlfile [--validate] Associate a network port with a network filter. The network filter backend will immediately attempt to instantiate the filter rules on the port. This @@ -7597,6 +7597,9 @@ command to define a filter for a network port and then starting the guest afterwards may prevent the guest from starting if it attempts to use the network port and finds a filter already defined. +Optionally, the format of the input XML file can be validated against an +internal RNG schema with *--validate*. + nwfilter-binding-delete ----------------------- diff --git a/tools/virsh-nwfilter.c b/tools/virsh-nwfilter.c index e062aa1649..77f211d031 100644 --- a/tools/virsh-nwfilter.c +++ b/tools/virsh-nwfilter.c @@ -503,6 +503,10 @@ static const vshCmdInfo info_nwfilter_binding_create[] = { static const vshCmdOptDef opts_nwfilter_binding_create[] = { VIRSH_COMMON_OPT_FILE(N_("file containing an XML network " "filter binding description")), + {.name = "validate", + .type = VSH_OT_BOOL, + .help = N_("validate the XML against the schema") + }, {.name = NULL} }; @@ -513,15 +517,19 @@ cmdNWFilterBindingCreate(vshControl *ctl, const vshCmd *cmd) const char *from = NULL; bool ret = true; char *buffer; + unsigned int flags = 0; virshControl *priv = ctl->privData; if (vshCommandOptStringReq(ctl, cmd, "file", &from) < 0) return false; + if (vshCommandOptBool(cmd, "validate")) + flags |= VIR_NWFILTER_BINDING_CREATE_VALIDATE; + if (virFileReadAll(from, VSH_MAX_XML_FILE, &buffer) < 0) return false; - binding = virNWFilterBindingCreateXML(priv->conn, buffer, 0); + binding = virNWFilterBindingCreateXML(priv->conn, buffer, flags); VIR_FREE(buffer); if (binding != NULL) { -- 2.31.1
On a Thursday in 2021, Kristina Hanicova wrote:
Kristina Hanicova (4): api: add virNWFilterBindingCreateFlags conf: virnwfilterbindingdef: add validation against schema in create nwfilter_driver: allow VIR_NWFILTER_BINDING_CREATE_VALIDATE flag virsh: add support for '--validate' option in create nwfilter-binding
docs/manpages/virsh.rst | 5 ++++- include/libvirt/libvirt-nwfilter.h | 5 +++++ src/conf/virnwfilterbindingdef.c | 14 +++++++++----- src/conf/virnwfilterbindingdef.h | 3 ++- src/libvirt-nwfilter.c | 2 +- src/nwfilter/nwfilter_driver.c | 4 ++-- tools/virsh-nwfilter.c | 10 +++++++++- 7 files changed, 32 insertions(+), 11 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko -
Kristina Hanicova