Matthias Bolte <matthias.bolte@googlemail.com> wrote on 02/18/2010 09:15:47 AM:

> "Daniel P. Berrange", veillard, libvir-list, Vivek Kashyap
>
> 2010/2/18 Stefan Berger <stefanb@us.ibm.com>:

> >
> > <domain type='kvm'>
> >  <name>demo</name>
> >  <memory>256000</memory>
> >  <devices>
> >    <interface type="bridge">
> >      <filter name='demofilter' att0='IP' val0='10.0.0.1'/>
> >    </interface>
> >  </devices>
> > </domain>
> >
> > This allows us to pass any necessary parameters to the filters for
> > instantiation in
> > the respective environment. So, if a filter is to be instantiated and holds
> > the variable
> > XYZ, then one may add
> >
> > att1='XYZ' val1='<some value>'
>
> Passing parameters this way seems a bit unexpected for XML. How about
> something like this:
>
> <interface type="bridge">
>   <filter name='demofilter'>
>     <parameter name='IP' value='10.0.0.1'/>
>   </filter>
> </interface>
>

I think we'll change this to ...

<interface type="bridge">
 <filterref ref='demofilter'>
   <parameter name='IP' value='10.0.0.1'/>
 </filter>
</interface>


> >
> >> - complex filter include other filter and can contain rules
> >>
> >> complex demofilter.xml:
> >> -----------------------
> >> <filter name='demofilter'>
> >>   <include href='drop-all'/>
> >>   <include href='no-arp-spoofing' srcipaddr='$IP'/>
> >
> > -->   <include href='no-arp-spoofing' att0='IP' val0='1.2.3.4'.
> >
>
> And the same pattern for the includes:

... and this to ...
>
> <include href='no-arp-spoofing'>
>   <parameter name='IP' value='1.2.3.4'/>
> </include>


 <filterref ref='no-arp-spoofing'>
  <parameter name='IP' value='1.2.3.4'/>
</include>

... to be consistent.


Thanks for feedback.

   Stefan


>
> Matthias