Introduce an internal priority for chains

For better handling of the sorting of chains introduce an internally used
priority. Use a lookup table to store the priorities. For now their actual
values do not matter just that the values cause the chains to be properly
sorted through changes in the following patches. However, the values are
chosen as negative so that once they are sorted along with filtering rules
(whose priority may only be positive for now) they will always be instantiated
before them (lower values cause instantiation before higher values). This
is done to maintain backwards compatibility.


Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index f48c7cd1d..3d430181b 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -357,8 +357,18 @@ enum virNWFilterEbtablesTableType {
 };
 
 
+# define MIN_RULE_PRIORITY  0
 # define MAX_RULE_PRIORITY  1000
 
+# define NWFILTER_MIN_FILTER_PRIORITY -1000
+# define NWFILTER_MAX_FILTER_PRIORITY MAX_RULE_PRIORITY
+
+# define NWFILTER_ROOT_FILTER_PRI 0
+# define NWFILTER_IPV4_FILTER_PRI -700
+# define NWFILTER_IPV6_FILTER_PRI -600
+# define NWFILTER_ARP_FILTER_PRI  -500
+# define NWFILTER_RARP_FILTER_PRI -400
+
 enum virNWFilterRuleFlags {
     RULE_FLAG_NO_STATEMATCH      = (1 << 0),
     RULE_FLAG_STATE_NEW          = (1 << 1),
@@ -436,6 +446,7 @@ enum virNWFilterChainSuffixType {
     VIR_NWFILTER_CHAINSUFFIX_LAST,
 };
 
+typedef int32_t virNWFilterChainPriority;
 
 typedef struct _virNWFilterDef virNWFilterDef;
 typedef virNWFilterDef *virNWFilterDefPtr;
@@ -445,6 +456,7 @@ struct _virNWFilterDef {
     unsigned char uuid[VIR_UUID_BUFLEN];
 
     int chainsuffix; /*enum virNWFilterChainSuffixType */
+    virNWFilterChainPriority chainPriority;
 
     int nentries;
     virNWFilterEntryPtr *filterEntries;