So far rules' priorities have only been valid in the range [0,1000].
Now I am extending their priority into the range [-1000, 1000] for subsequently
being able to sort rules and the access of (jumps into) chains following
priorities.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/conf/nwfilter_conf.c | 7 ++++---
src/conf/nwfilter_conf.h | 6 ++++--
src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
src/nwfilter/nwfilter_ebiptables_driver.h | 2 +-
4 files changed, 10 insertions(+), 7 deletions(-)
Index: libvirt-acl/src/conf/nwfilter_conf.c
===================================================================
--- libvirt-acl.orig/src/conf/nwfilter_conf.c
+++ libvirt-acl/src/conf/nwfilter_conf.c
@@ -1897,7 +1897,7 @@ virNWFilterRuleParse(xmlNodePtr node)
char *statematch;
int found;
int found_i = 0;
- unsigned int priority;
+ int priority;
xmlNodePtr cur;
virNWFilterRuleDefPtr ret;
@@ -1943,8 +1943,9 @@ virNWFilterRuleParse(xmlNodePtr node)
ret->priority = MAX_RULE_PRIORITY / 2;
if (prio) {
- if (virStrToLong_ui(prio, NULL, 10, &priority) >= 0) {
- if (priority <= MAX_RULE_PRIORITY)
+ if (virStrToLong_i(prio, NULL, 10, &priority) >= 0) {
+ if (priority <= MAX_RULE_PRIORITY &&
+ priority >= MIN_RULE_PRIORITY)
ret->priority = priority;
}
}
Index: libvirt-acl/src/conf/nwfilter_conf.h
===================================================================
--- libvirt-acl.orig/src/conf/nwfilter_conf.h
+++ libvirt-acl/src/conf/nwfilter_conf.h
@@ -357,7 +357,7 @@ enum virNWFilterEbtablesTableType {
};
-# define MIN_RULE_PRIORITY 0
+# define MIN_RULE_PRIORITY -1000
# define MAX_RULE_PRIORITY 1000
# define NWFILTER_MIN_FILTER_PRIORITY -1000
@@ -389,10 +389,12 @@ enum virNWFilterRuleFlags {
void virNWFilterPrintStateMatchFlags(virBufferPtr buf, const char *prefix,
int32_t flags, bool disp_none);
+typedef int32_t virNWFilterRulePriority;
+
typedef struct _virNWFilterRuleDef virNWFilterRuleDef;
typedef virNWFilterRuleDef *virNWFilterRuleDefPtr;
struct _virNWFilterRuleDef {
- unsigned int priority;
+ virNWFilterRulePriority priority;
enum virNWFilterRuleFlags flags;
int action; /*enum virNWFilterRuleActionType*/
int tt; /*enum virNWFilterRuleDirectionType*/
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.h
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.h
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.h
@@ -38,7 +38,7 @@ struct _ebiptablesRuleInst {
const char *neededProtocolChain;
virNWFilterChainPriority chainPriority;
char chainprefix; /* I for incoming, O for outgoing */
- unsigned int priority;
+ virNWFilterRulePriority priority;
enum RuleType ruleType;
};
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -388,7 +388,7 @@ ebiptablesAddRuleInst(virNWFilterRuleIns
const char *neededChain,
virNWFilterChainPriority chainPriority,
char chainprefix,
- unsigned int priority,
+ virNWFilterRulePriority priority,
enum RuleType ruleType)
{
ebiptablesRuleInstPtr inst;
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
