On 11/18/2011 06:32 AM, Stefan Berger wrote: > This patch adds several aspects of documentation about the network filtering > system: > > - chains, chains' priorities and chains' default priorities > - talks about lists of elements, i.e., a variable assigned multiple values > (part of already ACK-ed series) > - already mentions the vlan, stp and mac chains added later on > (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html) > - mentions limitations of vlan filtering (when sent by VM) on Linux systems Thanks for shuffling this work in sooner. Guess that means we're committing to adding some of the other series in short order :) > + Filtering rules are organized in filter chains. These chains can be > + thought of as having a tree structure with packet > + filtering rules as entries in individual chains (branches). <br> > + Packets start their filter evaluation in the <code>root</code> chain > + and can then continue their evaluation in other chains, return from > + those chains back into the <code>root</code> chain or be > + dropped or accepted by a filtering rule in one of the traversed chains. > + <br/> > + Libvirt's network filtering system automatically creates individual I don't know if the convention is to use </p><p> instead of <br/> between paragraphs; I'm not too fussed, though, as the rendered page still looked okay to me. > + <ul> > + <li>root</li> > + <li>mac <span class="since">(since 0.9.8)</span></li> > + <li>stp (spanning tree protocol) > + <span class="since">(since 0.9.8)</span></li> > + <li>vlan (802.1Q) <span class="since">(since 0.9.8)</span></li> > + <li>arp, rarp</li> > + <li>ip</li> Is this right? My recollection of the code was that your prefix lookup had ipv4 and ipv6, not ip and ipv6, given that I had you add a comment about none of the prefixes being subsumed by another entry in the table. On the other hand, using 'ip' as short for 'ipv4' is nice. Is there more code work to do on this front? And if it does work as 'ip' vs. 'ipv6', we probably ought to list this line as <li>ip (IPv4)</li>. > @@ -1431,6 +1566,8 @@ > </p> > <ul> > <li>mac</li> > + <li>stp (spanning tree protocol)</li> > + <li>vlan (802.1Q)</li> > <li>arp, rarp</li> > <li>ip</li> > <li>ipv6</li> Hmm, we already have another table with just 'ip'. Okay, then, what you have is okay to commit as-is, and any further tweaks (such as if we add code to explicitly allow 'ipv4' as an alias for 'ip') can come later with the code changes. ACK. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list