On 11/18/2011 11:01 AM, Eric Blake wrote:
On 11/18/2011 06:32 AM, Stefan Berger wrote:
> This patch adds several aspects of documentation about the network filtering
> system:
>
> - chains, chains' priorities and chains' default priorities
> - talks about lists of elements, i.e., a variable assigned multiple values
> (part of already ACK-ed series)
> - already mentions the vlan, stp and mac chains added later on
> (
https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
> - mentions limitations of vlan filtering (when sent by VM) on Linux systems
Thanks for shuffling this work in sooner. Guess that means we're
committing to adding some of the other series in short order :)
Adding stp, vlan
and mac should be 'easy' -- more or less 'mechanical'
> + Filtering rules are organized in filter chains. These
chains can be
> + thought of as having a tree structure with packet
> + filtering rules as entries in individual chains (branches).<br>
> + Packets start their filter evaluation in the<code>root</code>
chain
> + and can then continue their evaluation in other chains, return from
> + those chains back into the<code>root</code> chain or be
> + dropped or accepted by a filtering rule in one of the traversed chains.
> +<br/>
> + Libvirt's network filtering system automatically creates individual
I don't know if the convention is to use</p><p> instead of<br/>
between paragraphs; I'm not too fussed, though, as the rendered page
still looked okay to me.
> +<ul>
> +<li>root</li>
> +<li>mac<span class="since">(since
0.9.8)</span></li>
> +<li>stp (spanning tree protocol)
> +<span class="since">(since 0.9.8)</span></li>
> +<li>vlan (802.1Q)<span class="since">(since
0.9.8)</span></li>
> +<li>arp, rarp</li>
> +<li>ip</li>
Is this right? My recollection of the code was that your prefix lookup
had ipv4 and ipv6, not ip and ipv6, given that I had you add a comment
Good catch!
It's supposed to be 'ipv4' in the name of the chain. I may
later on try to add an alias 'ip'...
about none of the prefixes being subsumed by another entry in the
table.
On the other hand, using 'ip' as short for 'ipv4' is nice. Is there
more code work to do on this front? And if it does work as 'ip' vs.
On
this 'particular' front, I would say 'no'. There are other aspects
that I have done work, though...
'ipv6', we probably ought to list this line as<li>ip
(IPv4)</li>.
> @@ -1431,6 +1566,8 @@
> </p>
> <ul>
> <li>mac</li>
> +<li>stp (spanning tree protocol)</li>
> +<li>vlan (802.1Q)</li>
> <li>arp, rarp</li>
> <li>ip</li>
> <li>ipv6</li>
Hmm, we already have another table with just 'ip'. Okay, then, what you
have is okay to commit as-is, and any further tweaks (such as if we add
code to explicitly allow 'ipv4' as an alias for 'ip') can come later
with the code changes.
I fixed this typo. The above table is a c&p of this one...
Stefan
ACK.