So far the references to other filters needed to appear before filtering
rules. With the below patch they can now appear in any order.
Also I forgot to add a couple of 'rarp's.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
docs/schemas/nwfilter.rng | 472
+++++++++++++++++++++++-----------------------
1 file changed, 237 insertions(+), 235 deletions(-)
Index: libvirt-acl/docs/schemas/nwfilter.rng
===================================================================
--- libvirt-acl.orig/docs/schemas/nwfilter.rng
+++ libvirt-acl/docs/schemas/nwfilter.rng
@@ -6,249 +6,249 @@
<define name="filter">
<element name="filter">
<ref name="filter-node-attributes"/>
+ <optional>
+ <element name="uuid">
+ <ref name="UUID"/>
+ </element>
+ </optional>
<zeroOrMore>
<choice>
<element name="filterref">
<ref name="filterref-node-attributes"/>
</element>
- <element name="uuid">
- <ref name="UUID"/>
+ <element name="rule">
+ <ref name="rule-node-attributes"/>
+ <optional>
+ <zeroOrMore>
+ <element name="mac">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="mac-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="arp">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="arp-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="rarp">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="arp-attributes"/> <!-- same as arp -->
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ip">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-port-attributes"/>
+ <ref name="ip-attributes"/>
+ <ref name="dscp-attribute"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ipv6">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-port-attributes"/>
+ <ref name="ip-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="tcp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="sctp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="icmp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ <ref name="icmp-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="igmp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="all">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="esp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ah">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udplite">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="tcp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="sctp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="icmpv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ <ref name="icmp-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="all-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="esp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ah-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udplite-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
</element>
</choice>
</zeroOrMore>
- <zeroOrMore>
- <element name="rule">
- <ref name="rule-node-attributes"/>
- <optional>
- <zeroOrMore>
- <element name="mac">
- <ref name="match-attribute"/>
- <ref name="common-l2-attributes"/>
- <ref name="mac-attributes"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="arp">
- <ref name="match-attribute"/>
- <ref name="common-l2-attributes"/>
- <ref name="arp-attributes"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="rarp">
- <ref name="match-attribute"/>
- <ref name="common-l2-attributes"/>
- <ref name="arp-attributes"/> <!-- same as arp -->
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="ip">
- <ref name="match-attribute"/>
- <ref name="common-l2-attributes"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-port-attributes"/>
- <ref name="ip-attributes"/>
- <ref name="dscp-attribute"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="ipv6">
- <ref name="match-attribute"/>
- <ref name="common-l2-attributes"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-port-attributes"/>
- <ref name="ip-attributes"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="tcp">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-port-attributes"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="udp">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-port-attributes"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="sctp">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-port-attributes"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="icmp">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- <ref name="icmp-attributes"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="igmp">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="all">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="esp">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="ah">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="udplite">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ip-attributes-p1"/>
- <ref name="common-ip-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="tcp-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-port-attributes"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="udp-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-port-attributes"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="sctp-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-port-attributes"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="icmpv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- <ref name="icmp-attributes"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="all-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="esp-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="ah-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
- <element name="udplite-ipv6">
- <ref name="match-attribute"/>
- <ref name="srcmac-attribute"/>
- <ref name="common-ipv6-attributes-p1"/>
- <ref name="common-ipv6-attributes-p2"/>
- </element>
- </zeroOrMore>
- </optional>
- </element>
- </zeroOrMore>
</element>
</define>
@@ -263,6 +263,7 @@
<choice>
<value>root</value>
<value>arp</value>
+ <value>rarp</value>
<value>ipv4</value>
<value>ipv6</value>
</choice>
@@ -690,6 +691,7 @@
<choice>
<value>arp</value>
+ <value>rarp</value>
<value>ipv4</value>
<value>ipv6</value>
</choice>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list