[libvirt] [PATCH v3 04/14] Implementation of the public API

This patch adds the implementation of the public API for the network filtering (ACL) extensions to libvirt.c . Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/libvirt.c | 586 ++ 1 file changed, 586 insertions(+) Index:

[libvirt] [PATCH v3 09/14] Add XML parser extensions to the domain XML processing

This patch extends the domain XML processing to parse the top level referenced filter along with potentially provided parameters and also converts the internal data back into XML representation. Signed-off-by: Stefan Berger stef...@us.ibm.com Signed-off-by: Gerhard Stenzel

[libvirt] [PATCH v3 02/14] Add public API

This patch adds extensions to libvirt's public API necessary for controlling the new functionality from remote for example. Signed-off-by: Stefan Berger stef...@us.ibm.com --- include/libvirt/libvirt.h.in | 63 +++ 1 file changed, 63 insertions(+)

[libvirt] [PATCH v3 13/14] Add IPv6 support for the ebtables layer

This patch adds IPv6 support for the ebtables layer. Since the parser etc. are all parameterized, it was fairly easy to add this... Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/conf/nwfilter_conf.c | 230 +- src/conf/nwfilter_conf.h

[libvirt] [PATCH v3 03/14] Add internal API

This patch adds the internal API extensions for network filtering (ACL) support. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/driver.h | 53 + 1 file changed, 53 insertions(+) Index: libvirt-acl/src/driver.h

[libvirt] [PATCH v3 05/14] Definition of the wire format

This patch adds the definition of the wire format for RPC calls for the new network filtering (ACL) functionality added to libvirt. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/remote/remote_protocol.x | 72 ++- 1 file changed, 71

[libvirt] [PATCH v3 00/14] Network filtering (ACL) extensions for libvirt

Hi! This is a repost of this set of patches with some of the suggested fixes applied and ipv6 support on the ebtables layer added. The following set of patches add network filtering (ACL) extensions to libvirt and enable network traffic filtering for VMs using ebtables and, depending on the

[libvirt] [PATCH v3 01/14] Add recursive locks

This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. Signed-off-by: Stefan Berger stef...@us.ibm.com ---

[libvirt] [PATCH v3 12/14] Add build support

This patch adds build support for the network filtering framework. Signed-off-by: Stefan Berger stef...@us.ibm.com --- configure.ac | 12 daemon/Makefile.am |4 src/Makefile.am | 34 +- src/libvirt_private.syms

[libvirt] [PATCH v3 06/14] Implementation of the RPC client

This patch extends the RPC client for the new network filtering (ACL) functionality. Signed-off-by: Stefan Berger stef...@us.ibm.com --- daemon/remote.c | 194 1 file changed, 194 insertions(+) Index: libvirt-acl/daemon/remote.c

[libvirt] [PATCH v3 10/14] Add qemu support

Add support for Qemu to have firewall rules applied and removed on VM startup and shutdown respectively. This patch also provides support for the updating of a filter that causes all VMs that reference the filter to have their ebtables/iptables rules updated. Signed-off-by: Stefan Berger

[libvirt] [PATCH v3 07/14] Implementation of the RPC call dispatch

This patch extends the RPC dispatcher to support the newly added RPC calls for network filtering (ACL) support. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/remote/remote_driver.c | 311 + 1 file changed, 311 insertions(+) Index:

[libvirt] [PATCH v3 08/14] Add virsh support for new CLI commands

This patch adds virsh support for the five new CLI commands to manage network filters. Signed-off-by: Stefan Berger stef...@us.ibm.com --- tools/virsh.c | 349 ++ 1 file changed, 349 insertions(+) Index: libvirt-acl/tools/virsh.c