docs: domain: Document network <filterref>

Message ID 98d6ef74ddf625f4a24ee7d02f4355b4970caaa5.1460757667.git.crobinso@redhat.com
State New
Headers show

Commit Message

Cole Robinson April 15, 2016, 10:01 p.m.
The proper nwfilter docs go into full detail, but we should still
have a brief bit about domain XML in the domain documentation
---
 docs/formatdomain.html.in | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

-- 
2.7.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Comments

Cole Robinson April 20, 2016, 8:34 p.m. | #1
On 04/20/2016 12:27 PM, Andrea Bolognani wrote:
> On Fri, 2016-04-15 at 18:01 -0400, Cole Robinson wrote:

>> The proper nwfilter docs go into full detail, but we should still

>> have a brief bit about domain XML in the domain documentation

>> ---

>>   docs/formatdomain.html.in | 41 +++++++++++++++++++++++++++++++++++++++++

>>   1 file changed, 41 insertions(+)

> 

> This is neat, thanks for working on it.

> 

> A few minor comments below.

> 

>> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in

>> index 9bcef6a..f6ce22d 100644

>> --- a/docs/formatdomain.html.in

>> +++ b/docs/formatdomain.html.in

>> @@ -4908,6 +4908,47 @@ qemu-kvm -net nic,model=? /dev/null

>>         <code>&lt;model&gt;</code> element is mandatory.

>>       </p>

>>   

>> +    <h5><a name="elementNwfilter">Traffic filtering with NWFilter</a></h5>

>> +

>> +    <p>

>> +    <span class="since">Since 0.8.0</span> an <code>nwfilter</code> profile

>> +    can be assigned to an interface device, which allows configuring

> 

> [...] can be assigned to a domain interface, [...]

> 

> Perhaps? Not really sure, go with whatever you like better.

> 


I used your wording, thanks

>> +    traffic filter rules for the virtual machine.

>> +

>> +    See the <a href="formatnwfilter.html">nwfilter</a> documentation for more

>> +    complete details.

>> +    </p>

> 

> This is the first link to the complete documentation. There

> are two more later on. Maybe that's overdoing it a little ;)

> 

> Keep just this one and get rid of the other two. Or replace

> the last one with this one, whatever you like better.

> 


I got rid of the second one, but kept the third, since it links to an explicit
section in the nwfilter docs about parameters

>> +<pre>

>> +  ...

>> +  &lt;devices&gt;

>> +    &lt;interface ...&gt;

>> +      ...

>> +      &lt;filterref filter='clean-traffic'/&gt;

>> +    &lt;/interface&gt;

>> +    &lt;interface ...&gt;

>> +      ...

>> +      &lt;filterref filter='myfilter'&gt;

>> +        &lt;parameter name='IP' value='104.207.129.11'/&gt;

>> +        &lt;parameter name='IP6_ADDR' value='2001:19f0:300:2102::'/&gt;

>> +        &lt;parameter name='IP6_MASK' value='64'/&gt;

>> +        ...

>> +      &lt;/filterref&gt;

>> +    &lt;/interface&gt;

>> +  &lt;/devices&gt;

>> +  ...</pre>

>> +

>> +    <p>

>> +      The <code>&lt;filterref&gt;</code> <code>filter</code> attribute

> 

> The filter attribute of the <filterref/> element [...]

> 


Actually I just dropped the filterref bit since it seemed redundant

Pushed now, thanks!

- Cole

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patch

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 9bcef6a..f6ce22d 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4908,6 +4908,47 @@  qemu-kvm -net nic,model=? /dev/null
       <code>&lt;model&gt;</code> element is mandatory.
     </p>
 
+    <h5><a name="elementNwfilter">Traffic filtering with NWFilter</a></h5>
+
+    <p>
+    <span class="since">Since 0.8.0</span> an <code>nwfilter</code> profile
+    can be assigned to an interface device, which allows configuring
+    traffic filter rules for the virtual machine.
+
+    See the <a href="formatnwfilter.html">nwfilter</a> documentation for more
+    complete details.
+    </p>
+
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface ...&gt;
+      ...
+      &lt;filterref filter='clean-traffic'/&gt;
+    &lt;/interface&gt;
+    &lt;interface ...&gt;
+      ...
+      &lt;filterref filter='myfilter'&gt;
+        &lt;parameter name='IP' value='104.207.129.11'/&gt;
+        &lt;parameter name='IP6_ADDR' value='2001:19f0:300:2102::'/&gt;
+        &lt;parameter name='IP6_MASK' value='64'/&gt;
+        ...
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>
+
+    <p>
+      The <code>&lt;filterref&gt;</code> <code>filter</code> attribute
+      specifies the name of the <a href="formatnwfilter.html">nwfilter</a>
+      to use. Optional <code>&lt;parameter&gt;</code> values may be
+      specified for passing additional info to the nwfilter via the
+      <code>name</code> and <code>value</code> attributes. See
+      the <a href="formatnwfilter.html#nwfconceptsvars">nwfilter</a>
+      docs for info on parameters.
+    </p>
+
+
     <h4><a name="elementsInput">Input devices</a></h4>
 
     <p>