Daniel Veillard <veill...@redhat.com> wrote on 03/30/2010 10:02:09 AM:
> > Please respond to veillard > > On Fri, Mar 26, 2010 at 04:41:19PM -0400, Stefan Berger wrote: > > This patch adds IPv6 filtering support for the following protocols: > > - tcp-ipv6 > > - udp-ipv6 > > - udplite-ipv6 > > - esp-ipv6 > > - ah-ipv6 > > - sctp-ipv6 > > - all-ipv6 > > - icmpv6 > > > > > > Many of the IPv4 data structure could be re-used for IPv6 support. > > Since ip6tables also supports pretty much the same command line parameters > > as iptables does, also much of the code could be re-used and now > > command lines are invoked with the ip(6)tables tool parameter passed > > through the functions as a parameter. > > > > Signed-off-by: Stefan Berger <stef...@us.ibm.com> > > > > > > --- > > configure.ac | 3 > > src/conf/nwfilter_conf.c | 165 +++++++++++++++-- > > src/conf/nwfilter_conf.h | 8 > > src/nwfilter/nwfilter_ebiptables_driver.c | 287 ++++++++++++++++ > ++++++-------- > > src/nwfilter/nwfilter_ebiptables_driver.h | 2 > > 5 files changed, 370 insertions(+), 95 deletions(-) > > > > Index: libvirt-acl/configure.ac > > =================================================================== > > --- libvirt-acl.orig/configure.ac > > +++ libvirt-acl/configure.ac > > @@ -300,6 +300,9 @@ AC_DEFINE_UNQUOTED([BASH_PATH], "$BASH_P > > AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/ > sbin:$PATH]) > > AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to > iptables binary]) > > > > +AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/ > usr/sbin:$PATH]) > > +AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to > ip6tables binary]) > > + > > AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/ > sbin:$PATH]) > > AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to > ebtables binary]) > > The patch looks fine, based on the existing code, but I'm a bit > surprized by the fact that while there is a lookup for > ip6tables/iptables at configure time, i.e. when it's compiled, there > is no check at runtime to verify that the binaries which were detected > then are actually available on the target. > I think some of this should be relaxed like we do for other commands > launched at runtime and somehow we should instead use > virFindFileInPath() from util.h > to find the location of the preferred ip[6]tables. I followed a previous example of what was originally ebtables that's detected like this as well. Sure, this can be changed to rely on the function you are mentioning. Pushed. Regards, Stefan > > ACK, > > Daniel > > -- > Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ > dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ > http://veillard.com/ | virtualization library http://libvirt.org/
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list