"Daniel P. Berrange" <[email protected]> wrote on 03/25/2010 11:49:05 AM:
> Please respond to "Daniel P. Berrange" > > On Tue, Mar 23, 2010 at 10:54:17AM -0400, [email protected] wrote: > > +/* > > + char macaddr[VIR_MAC_STRING_BUFLEN], > > + ipaddr[INET_ADDRSTRLEN], > > + number[20]; > > + char chain[MAX_CHAINNAME_LENGTH]; > > + virBuffer buf = VIR_BUFFER_INITIALIZER; > > + > > + if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT) > > + PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); > > + else > > + PRINT_CHAIN(chain, chainPrefix, ifname, > > + virNWFilterChainSuffixTypeToString > (nwfilter->chainsuffix)); > > Since we're passing this into the shell, I think we should do paranoid > validation on the 'chain' and 'ifname' fields, since they ultimately come > from the user specified XML. Validate that it only contains a-Z, 0-0, -, _ Actually the user specified XML only currently allows the chain names 'arp', 'ipv4', 'ipv6' and 'root'. Others will already be rejected when parsing the filter. With the interface names I was assuming that at the point where this part here gets called is already well after the establishment of tap interfaces and the net->ifname contains valid values otherwise the creation of the tap or macvtap would have blown earlier. > > > It would also be nice to put a variety of XML files in a tests/nwfilterdata > directory and making a test suite to run the parser API against them, as > well as adding some real world examples in the examples/nwfilter directory > for end users to start from. In the v4 patch series I am adding filters to examples/xml/nwfilter that are automatically copied to /etc/libvirt/nwfilter for libvirt to pick up. Gerhard has written a couple of test cases but they are for the external test suite from what I know. So, yes, we'll add test cases over time. Regards, Stefan > > Regards, > Daniel > -- > |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/:| > |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org:| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| > |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
