[libvirt] [PATCH] nwfilter: allow to mix filterrefs and rules in the schema
So far the references to other filters needed to appear before filtering rules. With the below patch they can now appear in any order. Also I forgot to add a couple of 'rarp's. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> --- docs/schemas/nwfilter.rng | 472 +++++++++++++++++++++++----------------------- 1 file changed, 237 insertions(+), 235 deletions(-) Index: libvirt-acl/docs/schemas/nwfilter.rng =================================================================== --- libvirt-acl.orig/docs/schemas/nwfilter.rng +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -6,249 +6,249 @@ <define name="filter"> <element name="filter"> <ref name="filter-node-attributes"/> + <optional> + <element name="uuid"> + <ref name="UUID"/> + </element> + </optional> <zeroOrMore> <choice> <element name="filterref"> <ref name="filterref-node-attributes"/> </element> - <element name="uuid"> - <ref name="UUID"/> + <element name="rule"> + <ref name="rule-node-attributes"/> + <optional> + <zeroOrMore> + <element name="mac"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="mac-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="arp"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="arp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="rarp"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="arp-attributes"/> <!-- same as arp --> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ip"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + <ref name="dscp-attribute"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ipv6"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="igmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmpv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> </element> </choice> </zeroOrMore> - <zeroOrMore> - <element name="rule"> - <ref name="rule-node-attributes"/> - <optional> - <zeroOrMore> - <element name="mac"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="mac-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="arp"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="arp-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="rarp"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="arp-attributes"/> <!-- same as arp --> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ip"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-port-attributes"/> - <ref name="ip-attributes"/> - <ref name="dscp-attribute"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ipv6"> - <ref name="match-attribute"/> - <ref name="common-l2-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-port-attributes"/> - <ref name="ip-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="tcp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="sctp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="icmp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - <ref name="icmp-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="igmp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="all"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="esp"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ah"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udplite"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ip-attributes-p1"/> - <ref name="common-ip-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="tcp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="sctp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-port-attributes"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="icmpv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - <ref name="icmp-attributes"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="all-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="esp-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="ah-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> - <element name="udplite-ipv6"> - <ref name="match-attribute"/> - <ref name="srcmac-attribute"/> - <ref name="common-ipv6-attributes-p1"/> - <ref name="common-ipv6-attributes-p2"/> - </element> - </zeroOrMore> - </optional> - </element> - </zeroOrMore> </element> </define> @@ -263,6 +263,7 @@ <choice> <value>root</value> <value>arp</value> + <value>rarp</value> <value>ipv4</value> <value>ipv6</value> </choice> @@ -690,6 +691,7 @@ <choice> <value>arp</value> + <value>rarp</value> <value>ipv4</value> <value>ipv6</value> </choice>
On Tue, Apr 27, 2010 at 07:43:23PM -0400, Stefan Berger wrote:
So far the references to other filters needed to appear before filtering rules. With the below patch they can now appear in any order.
Also I forgot to add a couple of 'rarp's.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
--- docs/schemas/nwfilter.rng | 472 +++++++++++++++++++++++----------------------- 1 file changed, 237 insertions(+), 235 deletions(-)
Okay, looks fine, ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel Veillard -
Stefan Berger