提交 · 51d3fb02768bb10fbba70e9c4466456c0488ced6 · openeuler / libvirt

18 6月, 2010 1 次提交

nwfilter: add XML attribute to control iptables state match · 51d3fb02

由 Stefan Berger 提交于 6月 17, 2010

This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).

[...]
<rule action='accept' direction='in' statematch='false'>
<tcp srcmacaddr='1:2:3:4:5:6'
           srcipaddr='10.1.2.3' srcipmask='32'
           dscp='33'
           srcportstart='20' srcportend='21'
           dstportstart='100' dstportend='1111'/>
</rule>
[...]

I am also extending the nwfilter schema and add this attribute to a test case.

51d3fb02

28 4月, 2010 1 次提交

nwfilter: allow to mix filterrefs and rules in the schema · 42f8b25b

由 Stefan Berger 提交于 4月 28, 2010

So far the references to other filters needed to appear before filtering
rules. With the below patch they can now appear in any order.

Also I forgot to add a couple of 'rarp's.

42f8b25b

27 4月, 2010 2 次提交

nwfilter: add support for RAPR protocol · aea68ce9

由 Stefan Berger 提交于 4月 27, 2010

This patch adds support for the RARP protocol. This may be needed due to
qemu sending out a RARP packet (at least that's what it seems to want to
do even though the protocol id is wrong) when migration finishes and
we'd need a rule to let the packets pass.

Unfortunately my installation of ebtables does not understand -p RARP
and also seems to otherwise depend on strings in /etc/ethertype
translated to protocol identifiers. Therefore I need to pass -p 0x8035
for RARP. To generally get rid of the dependency of that file I switch
all so far supported protocols to use their protocol identifier in the
-p parameter rather than the string.

I am also extending the schema and added a test case.

changes from v1 to v2:
- added test case into patch

aea68ce9

nwfilter: enable hex number inputs in filter XML · 5c7c755f

由 Stefan Berger 提交于 4月 26, 2010

With this patch I want to enable hex number inputs in the filter XML. A
number that was entered as hex is also printed as hex unless a string
representing the meaning can be found.

I am also extending the schema and adding a test case. A problem with
the DSCP value is fixed on the way as well.

Changes from V1 to V2:

- using asHex boolean in all printf type of functions to select the
output format in hex or decimal format

5c7c755f

23 4月, 2010 1 次提交

nwfilter: extend schema + add testcase w/ connlimit-above · 9db01465

由 Stefan Berger 提交于 4月 23, 2010

I am extending the schema with the recently added connlimit-above
attribute and adding a test case for it to the test suite.

9db01465

07 4月, 2010 1 次提交
- S
  Fix for nwfilter: Add filter schema for nwfilter XML, extend domain XML schema · 479dfbb0
  由 Stefan Berger 提交于 4月 06, 2010
```
Fixing the regular expressions for variables where the first letter must be a $.
```
  479dfbb0
06 4月, 2010 1 次提交

nwfilter: Add filter schema for nwfilter XML, extend domain XML schema · 8cf0ed02

由 Stefan Berger 提交于 4月 06, 2010

This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.

8cf0ed02