2010/2/18 Stefan Berger <stefanb@us.ibm.com>:
libvir-list-bounces@redhat.com wrote on 01/26/2010 08:24:43 AM:
Daniel,
ok, trying to combine your suggestions:
- guest contains a single filter reference per interface
guest.xml: ---------- <domain type='kvm'> <name>demo</name> <memory>256000</memory> <devices> <interface type="bridge"> <filter name='demofilter' ipaddr='10.0.0.1'/> </interface> </devices> </domain>
As the implementation of this progresses and we make design decision, we now introduced attributes and values for the filters to be passed in the format of
att%d='<attribute>' val%d='<value>'
thus we would rewrite the above example to:
<domain type='kvm'> <name>demo</name> <memory>256000</memory> <devices> <interface type="bridge"> <filter name='demofilter' att0='IP' val0='10.0.0.1'/> </interface> </devices> </domain>
This allows us to pass any necessary parameters to the filters for instantiation in the respective environment. So, if a filter is to be instantiated and holds the variable XYZ, then one may add
att1='XYZ' val1='<some value>'
Passing parameters this way seems a bit unexpected for XML. How about something like this: <interface type="bridge"> <filter name='demofilter'> <parameter name='IP' value='10.0.0.1'/> </filter> </interface>
- complex filter include other filter and can contain rules
complex demofilter.xml: ----------------------- <filter name='demofilter'> <include href='drop-all'/> <include href='no-arp-spoofing' srcipaddr='$IP'/>
--> <include href='no-arp-spoofing' att0='IP' val0='1.2.3.4'.
And the same pattern for the includes: <include href='no-arp-spoofing'> <parameter name='IP' value='1.2.3.4'/> </include> Matthias