diff options
| author |   Stefan Berger <stefanb@us.ibm.com> | 2011-04-07 20:13:38 -0400 |
|---|---|---|
| committer | Stefan Berger <stefanb@us.ibm.com> | 2011-04-07 20:13:38 -0400 |
| commit | 6ab24feb44a0cb3a7de5ad89619c14cfd4be44ce (patch) | |
| tree | 868a528708c588bd43afa70cf2d5dd55d4cc3d6b /src/conf/nwfilter_conf.h | |
| parent | setmem: add --current option to virsh setmem command (diff) | |
| download | libvirt-6ab24feb44a0cb3a7de5ad89619c14cfd4be44ce.tar.gz libvirt-6ab24feb44a0cb3a7de5ad89619c14cfd4be44ce.tar.bz2 libvirt-6ab24feb44a0cb3a7de5ad89619c14cfd4be44ce.zip | |
nwfilters: support for TCP flags evaluation
This patch adds support for the evaluation of TCP flags in nwfilters.
It adds documentation to the web page and extends the tests as well.
Also, the nwfilter schema is extended.
The following are some example for rules using the tcp flags:
<rule action='accept' direction='in'>
<tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/>
</rule>
<rule action='drop' direction='in'>
<tcp state='NONE' flags='SYN/ALL'/>
</rule>
Diffstat (limited to 'src/conf/nwfilter_conf.h')
| -rw-r--r-- | src/conf/nwfilter_conf.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 40da8c37c..9281f567b 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -122,6 +122,10 @@ struct _nwItemDesc { uint16_t u16; char protocolID[10]; char *string; + struct { + uint8_t mask; + uint8_t flags; + } tcpFlags; } u; }; @@ -242,6 +246,7 @@ struct _tcpHdrFilterDef { ipHdrDataDef ipHdr; portDataDef portData; nwItemDesc dataTCPOption; + nwItemDesc dataTCPFlags; }; @@ -667,6 +672,10 @@ void virNWFilterCallbackDriversLock(void); void virNWFilterCallbackDriversUnlock(void); +void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask, + char sep, uint8_t flags); + + VIR_ENUM_DECL(virNWFilterRuleAction); VIR_ENUM_DECL(virNWFilterRuleDirection); VIR_ENUM_DECL(virNWFilterRuleProtocol); |