From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Fri, 18 Nov 2011 16:58:17 +0000 (-0500)
Subject: Use the actual names of chains in data structure
X-Git-Tag: v0.9.8-rc1~143
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19028ad6dc9e021c52661066d579f05128f8adae;p=thirdparty%2Flibvirt.git

Use the actual names of chains in data structure

Use the name of the chain rather than its type index (enum).
This pushes the later enablement of chains with user-given names
into the XML parser. For now we still only allow those names that
are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---

diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index 1024e579c0..debef9f4a9 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -309,6 +309,7 @@ virNWFilterDefFree(virNWFilterDefPtr def) {
         virNWFilterEntryFree(def->filterEntries[i]);
 
     VIR_FREE(def->filterEntries);
+    VIR_FREE(def->chainsuffix);
 
     VIR_FREE(def);
 }
@@ -2027,21 +2028,28 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
         goto cleanup;
     }
 
-    ret->chainsuffix = VIR_NWFILTER_CHAINSUFFIX_ROOT;
     chain = virXPathString("string(./@chain)", ctxt);
     if (chain) {
-        if ((ret->chainsuffix =
-             virNWFilterChainSuffixTypeFromString(chain)) < 0) {
+        if (virNWFilterChainSuffixTypeFromString(chain) < 0) {
             virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
                                    _("unknown chain suffix '%s'"), chain);
             goto cleanup;
         }
+        ret->chainsuffix = chain;
         /* assign an implicit priority -- support XML attribute later */
         if (!intMapGetByString(chain_priorities, chain, 0,
                                &ret->chainPriority)) {
             ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
                                   NWFILTER_MIN_FILTER_PRIORITY) / 2;
         }
+        chain = NULL;
+    } else {
+        ret->chainsuffix = strdup(virNWFilterChainSuffixTypeToString(
+                                  VIR_NWFILTER_CHAINSUFFIX_ROOT));
+        if (ret->chainsuffix == NULL) {
+            virReportOOMError();
+            goto cleanup;
+        }
     }
 
     uuid = virXPathString("string(./uuid)", ctxt);
@@ -2843,7 +2851,7 @@ virNWFilterDefFormat(virNWFilterDefPtr def)
 
     virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
                       def->name,
-                      virNWFilterChainSuffixTypeToString(def->chainsuffix));
+                      def->chainsuffix);
     virBufferAddLit(&buf, ">\n");
 
     virUUIDFormat(def->uuid, uuid);
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 3d430181b9..0ff14d143a 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -455,7 +455,7 @@ struct _virNWFilterDef {
     char *name;
     unsigned char uuid[VIR_UUID_BUFLEN];
 
-    int chainsuffix; /*enum virNWFilterChainSuffixType */
+    char *chainsuffix;
     virNWFilterChainPriority chainPriority;
 
     int nentries;
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 3cdd9104e7..d9201d3c9f 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -385,7 +385,7 @@ ebiptablesRuleInstFree(ebiptablesRuleInstPtr inst)
 static int
 ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
                       char *commandTemplate,
-                      enum virNWFilterChainSuffixType neededChain,
+                      const char *neededChain,
                       virNWFilterChainPriority chainPriority,
                       char chainprefix,
                       unsigned int priority,
@@ -1961,11 +1961,13 @@ ebtablesCreateRuleInstance(char chainPrefix,
         goto err_exit;
     }
 
-    if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
+    if (STREQ(nwfilter->chainsuffix,
+              virNWFilterChainSuffixTypeToString(
+                  VIR_NWFILTER_CHAINSUFFIX_ROOT)))
         PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
     else
         PRINT_CHAIN(chain, chainPrefix, ifname,
-                    virNWFilterChainSuffixTypeToString(nwfilter->chainsuffix));
+                    nwfilter->chainsuffix);
 
 
     switch (rule->prtclType) {
@@ -2532,7 +2534,7 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
     ebiptablesRuleInstPtr inst = (ebiptablesRuleInstPtr)_inst;
     VIR_INFO("Command Template: '%s', Needed protocol: '%s'",
              inst->commandTemplate,
-             virNWFilterChainSuffixTypeToString(inst->neededProtocolChain));
+             inst->neededProtocolChain);
     return 0;
 }
 
@@ -3350,8 +3352,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
     for (i = 0; i < nruleInstances; i++) {
         sa_assert (inst);
         if (inst[i]->ruleType == RT_EBTABLES) {
-            const char *name = virNWFilterChainSuffixTypeToString(
-                                      inst[i]->neededProtocolChain);
+            const char *name = inst[i]->neededProtocolChain;
             if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP) {
                 if (virHashUpdateEntry(chains_in_set, name,
                                        &inst[i]->chainPriority)) {
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.h b/src/nwfilter/nwfilter_ebiptables_driver.h
index 8eb2e26ba9..840009cb95 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.h
+++ b/src/nwfilter/nwfilter_ebiptables_driver.h
@@ -35,7 +35,7 @@ typedef struct _ebiptablesRuleInst ebiptablesRuleInst;
 typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
 struct _ebiptablesRuleInst {
     char *commandTemplate;
-    enum virNWFilterChainSuffixType neededProtocolChain;
+    const char *neededProtocolChain;
     virNWFilterChainPriority chainPriority;
     char chainprefix;    /* I for incoming, O for outgoing */
     unsigned int priority;