Commit Graph

16 Commits

Author SHA1 Message Date
Stefan Berger
d64208888d Add documentation for STP filtering support
Add documentation for the STP filtering support. Describe the XML attributes
that are supported.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-22 15:12:03 -05:00
Stefan Berger
83ac18937e Add documentation for VLAN filtering support
Add documentation for the VLAN filtering support. Describe the XML attributes
that are supported.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-11-19 07:26:56 -05:00
Stefan Berger
1d8a00cd22 Documentation about chains' priorities, lists of elements etc.
This patch adds several aspects of documentation about the network filtering
system:

- chains, chains' priorities and chains' default priorities
- talks about lists of elements, i.e., a variable assigned multiple values
  (part of already ACK-ed series)
- already mentions the vlan, stp and mac chains added later on
  (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
- mentions limitations of vlan filtering (when sent by VM) on Linux systems
2011-11-18 11:58:18 -05:00
David L Stevens
a61e9ff60d support continue/return targets in nwfilter
This patch adds support for "continue" and "return" actions
in filter rules.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
2011-10-20 17:37:38 -06:00
Stefan Berger
fcb0e8c227 nwfilter: enable filtering of gratuitous ARP packets
This patch enables filtering of gratuitous ARP packets using the following XML:

<rule action='accept' direction='in' priority='425'>
<arp gratuitous='true'/>
</rule>
2011-05-23 19:41:18 -04:00
Stefan Berger
973b681bdf nwfilter: no support for direct type of interface
Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.
2011-04-19 16:23:59 -04:00
Stefan Berger
6ab24feb44 nwfilters: support for TCP flags evaluation
This patch adds support for the evaluation of TCP flags in nwfilters.

It adds documentation to the web page and extends the tests as well.
Also, the nwfilter schema is extended.

The following are some example for rules using the tcp flags:

<rule action='accept' direction='in'>
    <tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/>
</rule>
<rule action='drop' direction='in'>
    <tcp state='NONE' flags='SYN/ALL'/>
</rule>
2011-04-07 20:13:38 -04:00
Eric Blake
b5ec89d955 docs: correct invalid xml
* docs/internals.html.in: Fix xml errors.
* docs/formatstorageencryption.html.in: Likewise.
* docs/drvesx.html.in: Likewise.
* docs/archnetwork.html.in: Likewise.
* docs/logging.html.in: Likewise.
* docs/drvvmware.html.in: Likewise.
* docs/api.html.in: Likewise.
* docs/formatnwfilter.html.in: Likewise.
* docs/formatdomain.html.in: Likewise.
* docs/windows.html.in: Likewise.
2011-04-01 16:03:11 -06:00
Daniel Veillard
6c8f24751e The next release is 0.9.0 not 0.8.9
Fix this which went into documentation
2011-03-30 21:30:54 +08:00
Stefan Berger
912d170f87 nwfilter: enable rejection of packets
This patch adds the possibility to not just drop packets, but to also have them rejected where iptables at least sends an ICMP msg back to the originator. On ebtables this again maps into dropping packets since rejecting is not supported.

I am adding 'since 0.8.9' to the docs assuming this will be the next version of libvirt.
2011-02-18 20:13:40 -05:00
Stefan Berger
5e760a91ab nwfilter: Add 2nd example to the html docs
This patch adds another example to the nwfilter html page and provides 2 solutions for how to write a filter meeting the given requirements using newly added features.
2010-10-07 06:50:26 -04:00
Stefan Berger
3d112d3642 nwfilter: Extend docs with info about the state attribute
I am adding a row with information about the newly supported state
attribute to each of the tables describing supported attributes of protocols.
2010-10-07 06:45:46 -04:00
Stefan Berger
4bb2b16d07 nwfilter: Extend docs with information about comment attr.
I am adding a row with information about the newly supported comment
attribute to each of the tables describing supported attributes of protocols.
2010-09-30 16:01:51 -04:00
Stefan Berger
7057f39c51 nwfilter: extensions of docs with
As requested, here a couple of paragraphs about the recently added statematch attribute and some advanced (and tricky) traffic filtering topics.
2010-06-18 13:44:17 -04:00
Eric Blake
6e6acb776b build: fix HTML errors in nwfilter docs
A build on Ubuntu reported:

|| Generating formatnwfilter.html.tmp
/dados/develop/libvirt/docs/formatnwfilter.html.in|390| HTML parser error : Unexpected end tag : p
||     </p>
||         ^
/dados/develop/libvirt/docs/formatnwfilter.html.in|705| HTML parser error : Unexpected end tag : code
||          <td>End of range of valid source ports</code></td>
||                                                       ^
/dados/develop/libvirt/docs/formatnwfilter.html.in|710| HTML parser error : Unexpected end tag : code
||          <td>Start of range of valid destination ports</code></td>
||                                                              ^

* docs/formatnwfilter.html.in: Fix invalid HTML constructs.
Reported by Eduardo Otubo.
2010-05-25 17:33:21 -06:00
Stefan Berger
f36eb6935d nwfilter: documentation
This patch adds documentation of the nwfilter subsystem of libvirt to
the existing (web) docs.
2010-05-25 07:09:31 -04:00