git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Stefan Berger <stefanb@linux.vnet.ibm.com>
	Fri, 18 Nov 2011 16:58:18 +0000 (11:58 -0500)
committer	Stefan Berger <stefanb@us.ibm.com>
	Fri, 18 Nov 2011 16:58:18 +0000 (11:58 -0500)
commit	c80296e21ad28af977f924846359bfca20e651c6
tree	f6384a58f4f06962ec3632a72122fc502618a8d7	tree
parent	581d1cea34bc584e8afd65ac9c637177c31aaebf	commit \| diff

Create rules for each member of a list

This patch extends the NWFilter driver for Linux (ebiptables) to create
rules for each member of a previously introduced list. If for example
an attribute value (internally) looks like this:

IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]

then 3 rules will be generated for a rule accessing the variable 'IP',
one for each member of the list. The effect of this is that this now
allows for filtering for multiple values in one field. This can then be
used to support for filtering/allowing of multiple IP addresses per
interface.

An iterator is introduced that extracts each member of a list and
puts it into a hash table which then is passed to the function creating
a rule. For the above example the iterator would cause 3 loops.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

src/conf/nwfilter_params.c		diff \| blob \| blame \| history
src/conf/nwfilter_params.h		diff \| blob \| blame \| history
src/libvirt_private.syms		diff \| blob \| blame \| history
src/nwfilter/nwfilter_ebiptables_driver.c		diff \| blob \| blame \| history