nwfilter: add XML attribute to control iptables state match

This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).

[...]
<rule action='accept' direction='in' statematch='false'>
<tcp srcmacaddr='1:2:3:4:5:6'
           srcipaddr='10.1.2.3' srcipmask='32'
           dscp='33'
           srcportstart='20' srcportend='21'
           dstportstart='100' dstportend='1111'/>
</rule>
[...]

I am also extending the nwfilter schema and add this attribute to a test case.

1 files changed, 5 insertions, 0 deletions

diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index b7b62adc3..99ef1d448 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -345,11 +345,16 @@ enum virNWFilterEbtablesTableType {
 
 # define MAX_RULE_PRIORITY  1000
 
+enum virNWFilterRuleFlags {
+    RULE_FLAG_NO_STATEMATCH = (1 << 0),
+};
+
 
 typedef struct _virNWFilterRuleDef  virNWFilterRuleDef;
 typedef virNWFilterRuleDef *virNWFilterRuleDefPtr;
 struct _virNWFilterRuleDef {
     unsigned int priority;
+    enum virNWFilterRuleFlags flags;
     int action; /*enum virNWFilterRuleActionType*/
     int tt; /*enum virNWFilterRuleDirectionType*/
     enum virNWFilterRuleProtocolType prtclType;