[libvirt] [libvirt PATCH] support continue/return targets in nwfilter

Eric Blake eblake at redhat.com
Thu Oct 20 23:41:37 UTC 2011 

On 10/19/2011 01:51 AM, Daniel P. Berrange wrote:
> On Tue, Oct 18, 2011 at 12:55:25PM -0700, David L Stevens wrote:
>>
>>
>> 	This patch adds support for "continue" and "return" actions
>> in filter rules.
>>
>> Signed-off-by: David L Stevens<dlstevens at us.ibm.com>
>>

>
> ACK
>
> Though it'd be good to update docs/nwfilter.html.in too to mention this

I'm squashing in this, so they are at least documented, but I didn't 
know how to work them into an example, so further content updates from 
you would be helpful.  I also added you to AUTHORS; let me know if any 
spelling updates are needed.

diff --git i/docs/formatnwfilter.html.in w/docs/formatnwfilter.html.in
index 8df4a93..5e9daea 100644
--- i/docs/formatnwfilter.html.in
+++ w/docs/formatnwfilter.html.in
@@ -258,11 +258,19 @@
      </p>
      <ul>
       <li>
-        action -- mandatory; must either be <code>drop</code>,
-        <code>reject</code><span class="since">(since 0.9.0)</span>,
-        or <code>accept</code> if
-        the evaluation of the filtering rule is supposed to drop,
-        reject (using ICMP message), or accept a packet
+        action -- mandatory; must either be <code>drop</code>
+        (matching the rule silently discards the packet with no
+        further analysis),
+        <code>reject</code> (matching the rule generates an ICMP
+        reject message with no further analysis) <span class="since">(since
+        0.9.0)</span>, <code>accept</code> (matching the rule accepts
+        the packet with no further analysis), <code>return</code>
+        (matching the rule passes this filter, but returns control to
+        the calling filter for further
+        analysis) <span class="since">(since 0.9.7)</span>,
+        or <code>continue<code> (matching the rule goes on to the next
+        rule for further analysis) <span class="since">(since
+        0.9.7)</span>.
       </li>
       <li>
          direction -- mandatory; must either be <code>in</code>, 
<code>out</code> or


-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

More information about the libvir-list mailing list