[libvirt] [PATCH] nwfilter: allow to mix filterrefs and rules in the schema

So far the references to other filters needed to appear before filtering rules. With the below patch they can now appear in any order. Also I forgot to add a couple of 'rarp's. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com&gt; --- docs/schemas/nwfilter.rng | 472 +++++++++++++++++++++++----------------------- 1 file changed, 237 insertions(+), 235 deletions(-) Index: libvirt-acl/docs/schemas/nwfilter.rng =================================================================== --- libvirt-acl.orig/docs/schemas/nwfilter.rng +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -6,249 +6,249 @@ <define name="filter"> <element name="filter"> <ref name="filter-node-attributes"/> + <optional> + <element name="uuid"> + <ref name="UUID"/> + </element> + </optional> <zeroOrMore> <choice> <element name="filterref"> <ref name="filterref-node-attributes"/> </element> - <element name="uuid"> - <ref name="UUID"/> + <element name="rule"> + <ref name="rule-node-attributes"/> + <optional> + <zeroOrMore> + <element name="mac"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="mac-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="arp"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="arp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="rarp"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="arp-attributes"/> <!-- same as arp --> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ip"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + <ref name="dscp-attribute"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ipv6"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="igmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmpv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> </element> </choice> </zeroOrMore> - <zeroOrMore> - <element name="rule"> - <ref name="rule-node-attributes"/> - <optional> - <zeroOrMore> - <element name="mac"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="mac-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="arp"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="arp-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="rarp"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="arp-attributes"/> <!-- same as arp --> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ip"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-port-attributes"/> - <ref name="ip-attributes"/> - <ref name="dscp-attribute"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ipv6"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-port-attributes"/> - <ref name="ip-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="tcp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="sctp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="icmp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - <ref name="icmp-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="igmp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="all"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="esp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ah"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udplite"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="tcp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="sctp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="icmpv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - <ref name="icmp-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="all-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="esp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ah-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udplite-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - </element> - </zeroOrMore> </element> </define> @@ -263,6 +263,7 @@ <choice> <value>root</value> <value>arp</value> + <value>rarp</value> <value>ipv4</value> <value>ipv6</value> </choice> @@ -690,6 +691,7 @@ <choice> <value>arp</value> + <value>rarp</value> <value>ipv4</value> <value>ipv6</value> </choice>