[libvirt] [PATCH 2/3][TCK] nwfilter: test access via iterators
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Jan 11 12:18:05 UTC 2012
Test access to variables using different iterators.
---
scripts/nwfilter/nwfilter2vmtest.sh | 6
scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall | 193 +++++++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/iter-test2.xml | 23 ++
3 files changed, 222 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -348,9 +348,15 @@ createVM() {
<parameter name='A' value='1.1.1.1'/>
<parameter name='A' value='2.2.2.2'/>
<parameter name='A' value='3.3.3.3'/>
+ <parameter name='A' value='3.3.3.3'/>
<parameter name='B' value='80'/>
<parameter name='B' value='90'/>
<parameter name='B' value='80'/>
+ <parameter name='B' value='80'/>
+ <parameter name='C' value='1080'/>
+ <parameter name='C' value='1090'/>
+ <parameter name='C' value='1100'/>
+ <parameter name='C' value='1110'/>
</filterref>
<target dev='${vmname}'/>
</interface>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
@@ -0,0 +1,193 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 1.1.1.1 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 2.2.2.2 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 3.3.3.3 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x01tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x01tcp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x01tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x03sctp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x03sctp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1080 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1080 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1080 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1080 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1090 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1090 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1090 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1090 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1100 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1100 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1100 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1110 dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x04tcp spt:1110 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x04tcp spt:1110 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x04tcp spt:1110 dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 1.1.1.1 1.1.1.1 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 1.1.1.1 2.2.2.2 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 1.1.1.1 3.3.3.3 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 2.2.2.2 1.1.1.1 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 2.2.2.2 2.2.2.2 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 2.2.2.2 3.3.3.3 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 3.3.3.3 1.1.1.1 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 3.3.3.3 2.2.2.2 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 3.3.3.3 3.3.3.3 DSCP match 0x05state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 1.1.1.1 1.1.1.1 DSCP match 0x06state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 2.2.2.2 2.2.2.2 DSCP match 0x06state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 3.3.3.3 3.3.3.3 DSCP match 0x06state ESTABLISHED ctdir ORIGINAL
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1080 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1090 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:80 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x04tcp spt:90 dpt:1110 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 1.1.1.1 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 2.2.2.2 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 1.1.1.1 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 3.3.3.3 3.3.3.3 DSCP match 0x05state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 1.1.1.1 1.1.1.1 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 2.2.2.2 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 3.3.3.3 3.3.3.3 DSCP match 0x06state NEW,ESTABLISHED ctdir REPLY
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L FORWARD -n --line-number | grep libvirt
+1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
+2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
+3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test2.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test2.xml
@@ -0,0 +1,23 @@
+<filter name='tck-testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A' srcportstart='$B[@0]' dscp='1'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <udp srcipaddr='$A[@1]' srcportstart='$B[@2]' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <sctp srcipaddr='$A[@1]' srcportstart='$B[@2]' dstportstart='$C[@2]'
+ dscp='3'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A[@1]' srcportstart='$B[@2]' dstportstart='$C[@3]'
+ dscp='4'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <udp srcipaddr='$A[@1]' dstipaddr='$A[@2]' dscp='5'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <sctp srcipaddr='$A' dstipaddr='$A' dscp='6'/>
+ </rule>
+</filter>
More information about the libvir-list
mailing list