Use the actual names of chains in data structure

Use the name of the chain rather than its type index (enum).
This pushes the later enablement of chains with user-given names
into the XML parser. For now we still only allow those names that
are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index 1024e579c0813947518924b885bfc304679e36d2..debef9f4a96d44126569a91e88e3744d016752fb 100644 (file)
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -309,6 +309,7 @@ virNWFilterDefFree(virNWFilterDefPtr def) {
         virNWFilterEntryFree(def->filterEntries[i]);
 
     VIR_FREE(def->filterEntries);
+    VIR_FREE(def->chainsuffix);
 
     VIR_FREE(def);
 }
@@ -2027,21 +2028,28 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
         goto cleanup;
     }
 
-    ret->chainsuffix = VIR_NWFILTER_CHAINSUFFIX_ROOT;
     chain = virXPathString("string(./@chain)", ctxt);
     if (chain) {
-        if ((ret->chainsuffix =
-             virNWFilterChainSuffixTypeFromString(chain)) < 0) {
+        if (virNWFilterChainSuffixTypeFromString(chain) < 0) {
             virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("unknown chain suffix '%s'"), chain);
             goto cleanup;
         }
+        ret->chainsuffix = chain;
         /* assign an implicit priority -- support XML attribute later */
         if (!intMapGetByString(chain_priorities, chain, 0,
                                &ret->chainPriority)) {
             ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
                                   NWFILTER_MIN_FILTER_PRIORITY) / 2;
         }
+        chain = NULL;
+    } else {
+        ret->chainsuffix = strdup(virNWFilterChainSuffixTypeToString(
+                                  VIR_NWFILTER_CHAINSUFFIX_ROOT));
+        if (ret->chainsuffix == NULL) {
+            virReportOOMError();
+            goto cleanup;
+        }
     }
 
     uuid = virXPathString("string(./uuid)", ctxt);
@@ -2843,7 +2851,7 @@ virNWFilterDefFormat(virNWFilterDefPtr def)
 
     virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
                       def->name,
-                      virNWFilterChainSuffixTypeToString(def->chainsuffix));
+                      def->chainsuffix);
     virBufferAddLit(&buf, ">\n");
 
     virUUIDFormat(def->uuid, uuid);

diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 3d430181b92d3d96daf9765c317d651657c95ae5..0ff14d143a2880812459ad59a1eabb61b1902b99 100644 (file)
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -455,7 +455,7 @@ struct _virNWFilterDef {
     char *name;
     unsigned char uuid[VIR_UUID_BUFLEN];
 
-    int chainsuffix; /*enum virNWFilterChainSuffixType */
+    char *chainsuffix;
     virNWFilterChainPriority chainPriority;
 
     int nentries;

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 3cdd9104e70a784761fa5cb4d01e34ec1f15b57e..d9201d3c9ff47ab1d220c97e5189bad9c489f7d1 100644 (file)
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -385,7 +385,7 @@ ebiptablesRuleInstFree(ebiptablesRuleInstPtr inst)
 static int
 ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
                       char *commandTemplate,
-                      enum virNWFilterChainSuffixType neededChain,
+                      const char *neededChain,
                       virNWFilterChainPriority chainPriority,
                       char chainprefix,
                       unsigned int priority,
@@ -1961,11 +1961,13 @@ ebtablesCreateRuleInstance(char chainPrefix,
         goto err_exit;
     }
 
-    if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
+    if (STREQ(nwfilter->chainsuffix,
+              virNWFilterChainSuffixTypeToString(
+                  VIR_NWFILTER_CHAINSUFFIX_ROOT)))
         PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
     else
         PRINT_CHAIN(chain, chainPrefix, ifname,
-                    virNWFilterChainSuffixTypeToString(nwfilter->chainsuffix));
+                    nwfilter->chainsuffix);
 
 
     switch (rule->prtclType) {
@@ -2532,7 +2534,7 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
     ebiptablesRuleInstPtr inst = (ebiptablesRuleInstPtr)_inst;
     VIR_INFO("Command Template: '%s', Needed protocol: '%s'",
              inst->commandTemplate,
-             virNWFilterChainSuffixTypeToString(inst->neededProtocolChain));
+             inst->neededProtocolChain);
     return 0;
 }
 
@@ -3350,8 +3352,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
     for (i = 0; i < nruleInstances; i++) {
         sa_assert (inst);
         if (inst[i]->ruleType == RT_EBTABLES) {
-            const char *name = virNWFilterChainSuffixTypeToString(
-                                      inst[i]->neededProtocolChain);
+            const char *name = inst[i]->neededProtocolChain;
             if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP) {
                 if (virHashUpdateEntry(chains_in_set, name,
                                        &inst[i]->chainPriority)) {

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.h b/src/nwfilter/nwfilter_ebiptables_driver.h
index 8eb2e26ba9812f2a33b1dae21b8461d30bdba27b..840009cb958dba35e648b0fbd50a5b72a35f75c8 100644 (file)
--- a/src/nwfilter/nwfilter_ebiptables_driver.h
+++ b/src/nwfilter/nwfilter_ebiptables_driver.h
@@ -35,7 +35,7 @@ typedef struct _ebiptablesRuleInst ebiptablesRuleInst;
 typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
 struct _ebiptablesRuleInst {
     char *commandTemplate;
-    enum virNWFilterChainSuffixType neededProtocolChain;
+    const char *neededProtocolChain;
     virNWFilterChainPriority chainPriority;
     char chainprefix;    /* I for incoming, O for outgoing */
     unsigned int priority;