[libvirt] [PATCH] nwfilter: Add filter schema for nwfilter XML, extend domain XML schema

Stefan Berger stefanb at us.ibm.com
Mon Apr 5 16:53:19 UTC 2010


This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.

Signed-off-by: Stefan Berger <stefanb at us.ibm.com>
Signed-off-by: Gerhard Stenzel <gerhard.stenzel at de.ibm.com>

---
 docs/schemas/Makefile.am  |    3 
 docs/schemas/domain.rng   |   31 +
 docs/schemas/nwfilter.rng |  783
++++++++++++++++++++++++++++++++++++++++++++++
 libvirt.spec.in           |    1 
 tests/Makefile.am         |    4 
 tests/nwfilterschematest  |   11 
 6 files changed, 831 insertions(+), 2 deletions(-)

Index: libvirt-acl/docs/schemas/Makefile.am
===================================================================
--- libvirt-acl.orig/docs/schemas/Makefile.am
+++ libvirt-acl/docs/schemas/Makefile.am
@@ -10,6 +10,7 @@ schema_DATA = \
 	storagepool.rng \
 	storagevol.rng \
 	nodedev.rng \
-	capability.rng
+	capability.rng \
+	nwfilter.rng
 
 EXTRA_DIST = $(schema_DATA)
Index: libvirt-acl/libvirt.spec.in
===================================================================
--- libvirt-acl.orig/libvirt.spec.in
+++ libvirt-acl/libvirt.spec.in
@@ -785,6 +785,7 @@ fi
 %{_datadir}/libvirt/schemas/interface.rng
 %{_datadir}/libvirt/schemas/secret.rng
 %{_datadir}/libvirt/schemas/storageencryption.rng
+%{_datadir}/libvirt/schemas/filter.rng
 
 %{_datadir}/libvirt/cpu_map.xml
 
Index: libvirt-acl/docs/schemas/nwfilter.rng
===================================================================
--- /dev/null
+++ libvirt-acl/docs/schemas/nwfilter.rng
@@ -0,0 +1,783 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar ns="" xmlns="http://relaxng.org/ns/structure/1.0"
datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <start>
+    <ref name="filter"/>
+  </start>
+  <define name="filter">
+    <element name="filter">
+      <ref name="filter-node-attributes"/>
+      <zeroOrMore>
+        <choice>
+          <element name="filterref">
+            <ref name="filterref-node-attributes"/>
+          </element>
+          <element name="uuid">
+            <ref name="UUID"/>
+          </element>
+        </choice>
+      </zeroOrMore>
+      <zeroOrMore>
+        <element name="rule">
+        <ref name="rule-node-attributes"/>
+          <optional>
+            <zeroOrMore>
+              <element name="mac">
+                <ref name="match-attribute"/>
+                <ref name="common-l2-attributes"/>
+                <ref name="mac-attributes"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="arp">
+                <ref name="match-attribute"/>
+                <ref name="common-l2-attributes"/>
+                <ref name="arp-attributes"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="ip">
+                <ref name="match-attribute"/>
+                <ref name="common-l2-attributes"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-port-attributes"/>
+                <ref name="ip-attributes"/>
+                <ref name="dscp-attribute"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="ipv6">
+                <ref name="match-attribute"/>
+                <ref name="common-l2-attributes"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-port-attributes"/>
+                <ref name="ip-attributes"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="tcp">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-port-attributes"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="udp">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-port-attributes"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="sctp">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-port-attributes"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="icmp">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+                <ref name="icmp-attributes"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="igmp">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="all">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="esp">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="ah">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="udplite">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ip-attributes-p1"/>
+                <ref name="common-ip-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="tcp-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-port-attributes"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="udp-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-port-attributes"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="sctp-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-port-attributes"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="icmpv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+                <ref name="icmp-attributes"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="all-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="esp-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="ah-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+          <optional>
+            <zeroOrMore>
+              <element name="udplite-ipv6">
+                <ref name="match-attribute"/>
+                <ref name="srcmac-attribute"/>
+                <ref name="common-ipv6-attributes-p1"/>
+                <ref name="common-ipv6-attributes-p2"/>
+              </element>
+            </zeroOrMore>
+          </optional>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
+  <!-- ########### attributes of XML nodes ############ -->
+
+  <define name="filter-node-attributes">
+    <attribute name="name">
+      <data type="NCName"/>
+    </attribute>
+    <optional>
+      <attribute name="chain">
+        <choice>
+          <value>root</value>
+          <value>arp</value>
+          <value>ipv4</value>
+          <value>ipv6</value>
+        </choice>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="filterref-node-attributes">
+    <attribute name="filter">
+      <data type="NCName"/>
+    </attribute>
+    <optional>
+      <element name="parameter">
+        <attribute name="name">
+          <ref name="parameter-name"/>
+        </attribute>
+        <attribute name="value">
+          <ref name="parameter-value"/>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
+  <define name="rule-node-attributes">
+    <attribute name="action">
+      <ref name='action-type'/>
+    </attribute>
+    <attribute name="direction">
+       <ref name='direction-type'/>
+    </attribute>
+    <optional>
+      <attribute name="priority">
+        <ref name='priority-type'/>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="match-attribute">
+    <interleave>
+      <optional>
+         <attribute name="match">
+           <choice>
+             <value>yes</value>
+             <value>no</value>
+           </choice>
+         </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="srcmac-attribute">
+    <interleave>
+      <optional>
+         <attribute name="srcmacaddr">
+           <ref name="addrMAC"/>
+         </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="common-l2-attributes">
+    <interleave>
+      <ref name="srcmac-attribute"/>
+      <optional>
+         <attribute name="srcmacmask">
+           <ref name="addrMAC"/>
+         </attribute>
+      </optional>
+      <optional>
+         <attribute name="dstmacaddr">
+           <ref name="addrMAC"/>
+         </attribute>
+      </optional>
+      <optional>
+         <attribute name="dstmacmask">
+           <ref name="addrMAC"/>
+         </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="common-ip-attributes-p1">
+    <interleave>
+      <optional>
+        <attribute name="srcipaddr">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="srcipmask">
+          <ref name="addrMask"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipaddr">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipmask">
+          <ref name="addrMask"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="common-ip-attributes-p2">
+    <interleave>
+      <optional>
+        <attribute name="srcipfrom">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="srcipto">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipfrom">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipto">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dscp">
+          <ref name="sixbitrange"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="common-ipv6-attributes-p1">
+    <interleave>
+      <optional>
+        <attribute name="srcipaddr">
+          <ref name="addrIPv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="srcipmask">
+          <ref name="addrMaskv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipaddr">
+          <ref name="addrIPv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipmask">
+          <ref name="addrMaskv6"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="common-ipv6-attributes-p2">
+    <interleave>
+      <optional>
+        <attribute name="srcipfrom">
+          <ref name="addrIPv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="srcipto">
+          <ref name="addrIPv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipfrom">
+          <ref name="addrIPv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstipto">
+          <ref name="addrIPv6"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dscp">
+          <ref name="sixbitrange"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="common-port-attributes">
+    <interleave>
+      <optional>
+        <attribute name="srcportstart">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="srcportend">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstportstart">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="dstportend">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="icmp-attributes">
+    <interleave>
+      <optional>
+        <attribute name="type">
+          <ref name="uint8range"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="code">
+          <ref name="uint8range"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="mac-attributes">
+    <interleave>
+      <optional>
+        <attribute name="protocolid">
+          <ref name="mac-protocolid"/>
+        </attribute>
+      </optional>
+    </interleave>
+  </define>
+
+  <define name="arp-attributes">
+    <interleave>
+      <optional>
+        <attribute name="arpsrcmacaddr">
+          <ref name="addrMAC"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="arpsrcipaddr">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="arpdstmacaddr">
+          <ref name="addrMAC"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="arpdstipaddr">
+          <ref name="addrIP"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="hwtype">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="opcode">
+          <ref name="arpOpcodeType"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="protocoltype">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
+   </interleave>
+  </define>
+
+  <define name="ip-attributes">
+    <optional>
+      <attribute name="protocol">
+          <ref name="ipProtocolType"/>
+      </attribute>
+    </optional>
+  </define>
+
+  <define name="dscp-attribute">
+    <optional>
+      <attribute name="dscp">
+        <ref name="sixbitrange"/>
+      </attribute>
+    </optional>
+  </define>
+
+  <!-- ################  type library ################ -->
+
+  <define name="UUID">
+    <choice>
+      <data type="string">
+        <param name="pattern">[a-fA-F0-9]{32}</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">[a-fA-F0-9]{8}\-([a-fA-F0-9]{4}\-){3}[a-fA-F0-9]{12}</param>
+      </data>
+    </choice>
+  </define>
+
+  <define name="addrMAC">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param>
+      </data>
+    </choice>
+  </define>
+
+  <define name="addrIP">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param>
+      </data>
+   </choice>
+  </define>
+
+  <define name="addrIPv6">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)(([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9])?</param>
+      </data>
+   </choice>
+  </define>
+
+  <define name="addrMask">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">32</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param>
+      </data>
+   </choice>
+  </define>
+
+  <define name="addrMaskv6">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">128</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)</param>
+      </data>
+   </choice>
+  </define>
+
+  <define name="sixbitrange">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">63</param>
+      </data>
+    </choice>
+  </define>
+
+  <define name="mac-protocolid">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">1536</param>
+        <param name="maxInclusive">65535</param>
+      </data>
+
+      <choice>
+        <value>arp</value>
+        <value>ipv4</value>
+        <value>ipv6</value>
+      </choice>
+    </choice>
+  </define>
+
+  <define name="uint8range">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">255</param>
+      </data>
+    </choice>
+  </define>
+
+  <define name="uint16range">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">65535</param>
+      </data>
+    </choice>
+  </define>
+
+  <define name="arpOpcodeType">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">65535</param>
+      </data>
+
+      <data type="string">
+        <param
name="pattern">([Rr]eply|[Rr]equest|[Rr]equest_[Rr]everse|[Rr]eply_[Rr]everse|DRARP_[Rr]equest|DRARP_[Rr]eply|DRARP_[Ee]rror|InARP_[Rr]equest|ARP_NAK)</param>
+      </data>
+
+    </choice>
+  </define>
+
+  <define name="ipProtocolType">
+    <choice>
+      <!-- variable -->
+      <data type="string">
+        <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+      </data>
+
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">255</param>
+      </data>
+
+      <choice>
+        <value>tcp</value>
+        <value>udp</value>
+        <value>udplite</value>
+        <value>esp</value>
+        <value>ah</value>
+        <value>icmp</value>
+        <value>igmp</value>
+        <value>sctp</value>
+        <value>icmpv6</value>
+      </choice>
+    </choice>
+  </define>
+
+  <define name="parameter-name">
+    <data type="string">
+      <param name="pattern">[a-zA-Z0-9_]+</param>
+    </data>
+  </define>
+
+  <define name="parameter-value">
+    <data type="string">
+      <param name="pattern">[a-zA-Z0-9_\.:]+</param>
+    </data>
+  </define>
+
+  <define name='action-type'>
+    <choice>
+      <value>drop</value>
+      <value>accept</value>
+    </choice>
+  </define>
+
+  <define name='direction-type'>
+    <choice>
+      <value>in</value>
+      <value>out</value>
+      <value>inout</value>
+    </choice>
+  </define>
+
+  <define name='priority-type'>
+      <data type="int">
+        <param name="minInclusive">0</param>
+        <param name="maxInclusive">1000</param>
+      </data>
+  </define>
+</grammar>
Index: libvirt-acl/tests/Makefile.am
===================================================================
--- libvirt-acl.orig/tests/Makefile.am
+++ libvirt-acl/tests/Makefile.am
@@ -74,6 +74,7 @@ EXTRA_DIST =		\
 	xml2vmxdata \
 	nwfilterxml2xmlout \
 	nwfilterxml2xmlin \
+	nwfilterschematest \
 	$(patsubst %,qemuhelpdata/%,$(qemuhelpdata))
 
 noinst_PROGRAMS = virshtest conftest \
@@ -120,7 +121,8 @@ test_scripts = \
 	storagepoolschematest \
 	storagevolschematest \
 	domainschematest \
-	nodedevschematest
+	nodedevschematest \
+	nwfilterschematest
 
 if WITH_LIBVIRTD
 test_scripts +=				\
Index: libvirt-acl/tests/nwfilterschematest
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterschematest
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+: ${srcdir=.}
+. $srcdir/test-lib.sh
+. $abs_srcdir/schematestutils.sh
+
+DIRS="nwfilterxml2xmlout"
+SCHEMA="nwfilter.rng"
+
+check_schema "$DIRS" "$SCHEMA"
+
Index: libvirt-acl/docs/schemas/domain.rng
===================================================================
--- libvirt-acl.orig/docs/schemas/domain.rng
+++ libvirt-acl/docs/schemas/domain.rng
@@ -894,6 +894,11 @@
       <optional>
         <ref name="address"/>
       </optional>
+      <optional>
+        <element name="filterref">
+          <ref name="filterref-node-attributes"/>
+        </element>
+      </optional>
     </interleave>
   </define>
   <!--
@@ -1577,6 +1582,22 @@
     </element>
   </define>
 
+  <define name="filterref-node-attributes">
+    <attribute name="filter">
+      <data type="NCName"/>
+    </attribute>
+    <optional>
+      <element name="parameter">
+        <attribute name="name">
+          <ref name="parameter-name"/>
+        </attribute>
+        <attribute name="value">
+          <ref name="parameter-value"/>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
   <!--
        Type library
 
@@ -1737,4 +1758,14 @@
       <param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param>
     </data>
   </define>
+  <define name="parameter-name">
+    <data type="string">
+      <param name="pattern">[a-zA-Z0-9_]+</param>
+    </data>
+  </define>
+  <define name="parameter-value">
+    <data type="string">
+      <param name="pattern">[a-zA-Z0-9_\.:]+</param>
+    </data>
+  </define>
 </grammar>




More information about the libvir-list mailing list