From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 8436F1FF142 for ; Mon, 02 Mar 2026 13:38:58 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C13E41E72D; Mon, 2 Mar 2026 13:40:00 +0100 (CET) Message-ID: Date: Mon, 2 Mar 2026 13:39:57 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC proxmox 12/22] firewall-api-types: add FirewallIpsetReference type To: Dietmar Maurer , pve-devel@lists.proxmox.com References: <20260216104401.3959270-1-dietmar@proxmox.com> <20260216104401.3959270-13-dietmar@proxmox.com> Content-Language: en-US From: Stefan Hanreich In-Reply-To: <20260216104401.3959270-13-dietmar@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.724 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: KAGNMVKN4LZA4A75II2UCZA2WJH67EH3 X-Message-ID-Hash: KAGNMVKN4LZA4A75II2UCZA2WJH67EH3 X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: comments inline On 2/16/26 11:45 AM, Dietmar Maurer wrote: > This adds a new type to reference ipsets with proper scope handling > (Datacenter, Guest, SDN, or None for legacy ipsets). > > The implementation includes: > - FirewallIpsetScope enum for scope variants > - FirewallIpsetReference struct with validation > - Proper encapsulation with constructor and accessor methods > - FromStr implementation for parsing ipset references > > Signed-off-by: Dietmar Maurer > --- > proxmox-firewall-api-types/src/ipset.rs | 191 ++++++++++++++++++++++++ > proxmox-firewall-api-types/src/lib.rs | 3 + > 2 files changed, 194 insertions(+) > create mode 100644 proxmox-firewall-api-types/src/ipset.rs > > diff --git a/proxmox-firewall-api-types/src/ipset.rs b/proxmox-firewall-api-types/src/ipset.rs > new file mode 100644 > index 00000000..02659394 > --- /dev/null > +++ b/proxmox-firewall-api-types/src/ipset.rs > @@ -0,0 +1,191 @@ > +use std::fmt; > +use std::str::FromStr; > + > +use anyhow::{bail, Error}; > + > +#[cfg(feature = "enum-fallback")] > +use proxmox_fixed_string::FixedString; > + > +/// The scope of an ipset. > +#[derive(Debug, Clone, Copy, Eq, PartialEq)] > +pub enum FirewallIpsetScope { > + /// Datacenter scope. > + Datacenter, > + /// Guest scope. > + Guest, > + /// SDN scope. > + Sdn, > + /// No scope (e.g. for legacy ipsets). > + None, would it potentially be better to remove the None here... > + #[cfg(feature = "enum-fallback")] > + /// Unknown variants for forward compatibility. > + UnknownEnumValue(FixedString), > +} > + > +/// A reference to an ipset, including its scope. > +#[derive(Debug, Clone, Eq, PartialEq)] > +pub struct FirewallIpsetReference { > + scope: FirewallIpsetScope, ...and then use Option here? Would make it clearer imo that the scope is optional. Might make handling the scope less ergonomic though. Same goes for the Alias scope in the next patch. [snip]