10:53 a.m.
The contents of a <rule> are a choice of exactly one union member. The
RNG schema, however, was allowing an arbitrary number of instances of every
union member at once.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/schemas/nwfilter.rng | 98 +----------------------------------------------
1 file changed, 2 insertions(+), 96 deletions(-)
diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng
index 7cfc05fa2e..cca6ff2954 100644
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -19,58 +19,37 @@
</element>
<element name="rule">
<ref name="rule-node-attributes"/>
- <optional>
- <zeroOrMore>
+ <choice>
<element name="mac">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="mac-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="vlan">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="vlan-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="stp">
<ref name="match-attribute"/>
<ref name="srcmacandmask-attributes"/>
<ref name="stp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="arp">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="arp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="rarp">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="arp-attributes"/> <!-- same as arp
-->
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ip">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
@@ -80,10 +59,6 @@
<ref name="dscp-attribute"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ipv6">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
@@ -93,10 +68,6 @@
<ref name="icmp-attribute-ranges"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="tcp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -106,10 +77,6 @@
<ref name="tcp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -118,10 +85,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="sctp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -130,10 +93,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="icmp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -142,10 +101,6 @@
<ref name="icmp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="igmp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -153,10 +108,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="all">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -164,10 +115,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="esp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -175,10 +122,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ah">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -186,10 +129,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udplite">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -197,10 +136,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="tcp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -210,10 +145,6 @@
<ref name="tcp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -222,10 +153,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="sctp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -234,10 +161,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="icmpv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -246,10 +169,6 @@
<ref name="icmp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="all-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -257,10 +176,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="esp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -268,10 +183,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ah-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -279,10 +190,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udplite-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -290,8 +197,7 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
+ </choice>
</element>
</choice>
</zeroOrMore>
--
2.14.3
2:16 p.m.
On 12/06/2017 11:53 AM, Daniel P. Berrange wrote:
The contents of a <rule> are a choice of exactly one union
member. The
RNG schema, however, was allowing an arbitrary number of instances of every
union member at once.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/schemas/nwfilter.rng | 98 +----------------------------------------------
1 file changed, 2 insertions(+), 96 deletions(-)
Reviewed-by: John Ferlan <jferlan(a)redhat.com>
John
2544
days inactive
2544
days old
1 comments
2 participants
participants (2)
-
Daniel P. Berrange -
John Ferlan