[libvirt] [PATCH V6 11/11] Documentation about chains priorities, lists of elements etc.

Eric Blake eblake at redhat.com
Fri Nov 18 16:01:58 UTC 2011


On 11/18/2011 06:32 AM, Stefan Berger wrote:
> This patch adds several aspects of documentation about the network filtering
> system:
> 
> - chains, chains' priorities and chains' default priorities
> - talks about lists of elements, i.e., a variable assigned multiple values
>   (part of already ACK-ed series)
> - already mentions the vlan, stp and mac chains added later on
>   (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
> - mentions limitations of vlan filtering (when sent by VM) on Linux systems

Thanks for shuffling this work in sooner.  Guess that means we're
committing to adding some of the other series in short order :)

> +      Filtering rules are organized in filter chains. These chains can be
> +      thought of as having a tree structure with packet
> +      filtering rules as entries in individual chains (branches). <br>
> +      Packets start their filter evaluation in the <code>root</code> chain
> +      and can then continue their evaluation in other chains, return from
> +      those chains back into the <code>root</code> chain or be
> +      dropped or accepted by a filtering rule in one of the traversed chains.
> +      <br/>
> +      Libvirt's network filtering system automatically creates individual

I don't know if the convention is to use </p><p> instead of <br/>
between paragraphs; I'm not too fussed, though, as the rendered page
still looked okay to me.

> +    <ul>
> +     <li>root</li>
> +     <li>mac <span class="since">(since 0.9.8)</span></li>
> +     <li>stp (spanning tree protocol)
> +         <span class="since">(since 0.9.8)</span></li>
> +     <li>vlan (802.1Q) <span class="since">(since 0.9.8)</span></li>
> +     <li>arp, rarp</li>
> +     <li>ip</li>

Is this right?  My recollection of the code was that your prefix lookup
had ipv4 and ipv6, not ip and ipv6, given that I had you add a comment
about none of the prefixes being subsumed by another entry in the table.
 On the other hand, using 'ip' as short for 'ipv4' is nice.  Is there
more code work to do on this front?  And if it does work as 'ip' vs.
'ipv6', we probably ought to list this line as <li>ip (IPv4)</li>.

> @@ -1431,6 +1566,8 @@
>      </p>
>      <ul>
>       <li>mac</li>
> +     <li>stp (spanning tree protocol)</li>
> +     <li>vlan (802.1Q)</li>
>       <li>arp, rarp</li>
>       <li>ip</li>
>       <li>ipv6</li>

Hmm, we already have another table with just 'ip'.  Okay, then, what you
have is okay to commit as-is, and any further tweaks (such as if we add
code to explicitly allow 'ipv4' as an alias for 'ip') can come later
with the code changes.

ACK.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20111118/d1f691e4/attachment-0001.sig>


More information about the libvir-list mailing list