- 05 4月, 2010 1 次提交
-
-
由 Laine Stump 提交于
-
- 03 4月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
- ebtables requires that some of the command line parameters are passed as hex numbers; so have those attributes call a function that prints 16 and 8 bit integers as hex nunbers. - ip6tables requires '--icmpv6-type' rather than '--icmp-type' - ebtables complains about protocol identifiers lower than 0x600, so already discard anything lower than 0x600 in the parser - make the protocol entry types more readable using a #define for its entries - continue parsing a filtering rule even if a faulty entry is encountered; return an error value at the end and let the caller decide what to do with the rule's object - fix an error message
-
- 02 4月, 2010 1 次提交
-
-
由 Laine Stump 提交于
-
- 01 4月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
found some cases where the output ended up not looking as expected. So the following changes are in the patch below: - if the protocol ID in the MAC header is an integer, just write it into the datastructure without trying to find a corresponding string for it and if none is found failing - when writing the protocol ID as string, simply write it as integer if no corresponding string can be found - same changes for arpOpcode parsing and printing - same changes for protocol ID in an IP packet - DSCP value needs to be written into the data structure - IP protocol version number is redundant at this level, so remove it - parse the protocol ID found inside an IP packet not only as string but also as uint8 - arrange the display of the src and destination masks to be shown after the src and destination ip address respectively in the XML - the existing libvirt IP address parser accepts for example '25' as an IP address. I want this to be parsed as a CIDR type netmask. So try to parse it as an integer first (CIDR netmask) and if that doesn't work as a dotted IP address style netmask. - instantiation of rules with MAC masks didn't work because they weren't printed into a buffer, yet.
-
- 30 3月, 2010 3 次提交
-
-
由 Stefan Berger 提交于
This patch changes the network filtering code to use libvirt's existing IPv4 and IPv6 address parsers/printers rather than my self-written ones. I am introducing a new function in network.c that counts the number of bits in a netmask and ensures that the given address is indeed a netmask, return -1 on error or values of 0-32 for IPv4 addresses and 0-128 for IPv6 addresses. I then based the function checking for valid netmask on invoking this function.
-
由 Stefan Berger 提交于
This patch adds IPv6 filtering support for the following protocols: - tcp-ipv6 - udp-ipv6 - udplite-ipv6 - esp-ipv6 - ah-ipv6 - sctp-ipv6 - all-ipv6 - icmpv6 Many of the IPv4 data structure could be re-used for IPv6 support. Since ip6tables also supports pretty much the same command line parameters as iptables does, also much of the code could be re-used and now command lines are invoked with the ip(6)tables tool parameter passed through the functions as a parameter.
-
由 Stefan Berger 提交于
This patch adds filtering support for the so-far missing protocols 'ah', 'esp' and 'udplite'.
-
- 27 3月, 2010 3 次提交
-
-
由 Stefan Berger 提交于
This patch adds support for L3/L4 filtering using iptables. This adds support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering. As mentioned in the introduction, a .c file provided by this patch is #include'd into a .c file. This will need work, but should be alright for review. Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch adds IPv6 support for the ebtables layer. Since the parser etc. are all parameterized, it was fairly easy to add this... Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch implements the core driver and provides - management functionality for managing the filter XMLs - compiling the internal filter representation into ebtables rules - applying ebtables rules on a network (tap,macvtap) interface - tearing down ebtables rules that were applied on behalf of an interface - updating of filters while VMs are running and causing the firewalls to be rebuilt - other bits and pieces Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-