2010/2/18 Stefan Berger <stefanb@xxxxxxxxxx>:
>
> libvir-list-bounces@xxxxxxxxxx wrote on 01/26/2010 08:24:43 AM:
>
>
>
>>
>> Daniel,
>>
>> ok, trying to combine your suggestions:
>>
>> - guest contains a single filter reference per interface
>>
>> guest.xml:
>> ----------
>> <domain type='kvm'>
>> <name>demo</name>
>> <memory>256000</memory>
>> <devices>
>> <interface type="bridge">
>> <filter name='demofilter' ipaddr='10.0.0.1'/>
>> </interface>
>> </devices>
>> </domain>
>>
>
> As the implementation of this progresses and we make design decision, we now
> introduced attributes and values for the
> filters to be passed in the format of
>
> att%d='<attribute>' val%d='<value>'
>
> thus we would rewrite the above example to:
>
> <domain type='kvm'>
> <name>demo</name>
> <memory>256000</memory>
> <devices>
> <interface type="bridge">
> <filter name='demofilter' att0='IP' val0='10.0.0.1'/>
> </interface>
> </devices>
> </domain>
>
> This allows us to pass any necessary parameters to the filters for
> instantiation in
> the respective environment. So, if a filter is to be instantiated and holds
> the variable
> XYZ, then one may add
>
> att1='XYZ' val1='<some value>'
Passing parameters this way seems a bit unexpected for XML. How about
something like this:
<interface type="bridge">
<filter name='demofilter'>
<parameter name='IP' value='10.0.0.1'/>
</filter>
</interface>
>
>> - complex filter include other filter and can contain rules
>>
>> complex demofilter.xml:
>> -----------------------
>> <filter name='demofilter'>
>> <include href='drop-all'/>
>> <include href='no-arp-spoofing' srcipaddr='$IP'/>
>
> --> <include href='no-arp-spoofing' att0='IP' val0='1.2.3.4'.
>
And the same pattern for the includes:
<include href='no-arp-spoofing'>
<parameter name='IP' value='1.2.3.4'/>
</include>
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list