[libvirt] [PATCH V6 11/11] Documentation about chains priorities, lists of elements etc.

Stefan Berger stefanb at linux.vnet.ibm.com
Fri Nov 18 16:41:45 UTC 2011 

On 11/18/2011 11:01 AM, Eric Blake wrote:
> On 11/18/2011 06:32 AM, Stefan Berger wrote:
>> This patch adds several aspects of documentation about the network filtering
>> system:
>>
>> - chains, chains' priorities and chains' default priorities
>> - talks about lists of elements, i.e., a variable assigned multiple values
>>    (part of already ACK-ed series)
>> - already mentions the vlan, stp and mac chains added later on
>>    (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
>> - mentions limitations of vlan filtering (when sent by VM) on Linux systems
> Thanks for shuffling this work in sooner.  Guess that means we're
> committing to adding some of the other series in short order :)
Adding stp, vlan and mac should be 'easy' -- more or less 'mechanical'
>> +      Filtering rules are organized in filter chains. These chains can be
>> +      thought of as having a tree structure with packet
>> +      filtering rules as entries in individual chains (branches).<br>
>> +      Packets start their filter evaluation in the<code>root</code>  chain
>> +      and can then continue their evaluation in other chains, return from
>> +      those chains back into the<code>root</code>  chain or be
>> +      dropped or accepted by a filtering rule in one of the traversed chains.
>> +<br/>
>> +      Libvirt's network filtering system automatically creates individual
> I don't know if the convention is to use</p><p>  instead of<br/>
> between paragraphs; I'm not too fussed, though, as the rendered page
> still looked okay to me.
>
>> +<ul>
>> +<li>root</li>
>> +<li>mac<span class="since">(since 0.9.8)</span></li>
>> +<li>stp (spanning tree protocol)
>> +<span class="since">(since 0.9.8)</span></li>
>> +<li>vlan (802.1Q)<span class="since">(since 0.9.8)</span></li>
>> +<li>arp, rarp</li>
>> +<li>ip</li>
> Is this right?  My recollection of the code was that your prefix lookup
> had ipv4 and ipv6, not ip and ipv6, given that I had you add a comment
Good catch! It's supposed to be 'ipv4' in the name of the chain. I may 
later on try to add an alias 'ip'...

> about none of the prefixes being subsumed by another entry in the table.
>   On the other hand, using 'ip' as short for 'ipv4' is nice.  Is there
> more code work to do on this front?  And if it does work as 'ip' vs.
On this 'particular' front, I would say 'no'. There are other aspects 
that I have done work, though...
> 'ipv6', we probably ought to list this line as<li>ip (IPv4)</li>.
>

>> @@ -1431,6 +1566,8 @@
>>       </p>
>>       <ul>
>>        <li>mac</li>
>> +<li>stp (spanning tree protocol)</li>
>> +<li>vlan (802.1Q)</li>
>>        <li>arp, rarp</li>
>>        <li>ip</li>
>>        <li>ipv6</li>
> Hmm, we already have another table with just 'ip'.  Okay, then, what you
> have is okay to commit as-is, and any further tweaks (such as if we add
> code to explicitly allow 'ipv4' as an alias for 'ip') can come later
> with the code changes.
>
I fixed this typo. The above table is a c&p of this one...

    Stefan

> ACK.
>

More information about the libvir-list mailing list