[libvirt] [PATCH 3/3][TCK] nwfilter: test access via index and iterators
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Jan 11 12:19:25 UTC 2012
Test access to variables using index and iterators
---
scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall | 37 +++++++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/iter-test3.xml | 13 +++++
2 files changed, 50 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall
@@ -0,0 +1,37 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x01tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x01tcp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L FORWARD -n --line-number | grep libvirt
+1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
+2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
+3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test3.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test3.xml
@@ -0,0 +1,13 @@
+<filter name='tck-testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A[ 0]' srcportstart='$B[ @0 ] ' dscp='1'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <udp srcipaddr='$A[1 ]' srcportstart='$B[ @2 ]' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <sctp srcipaddr='$A[ 1 ] ' srcportstart='$B[2 ] ' dstportstart='$C[ 2 ]'
+ dscp='3'/>
+ </rule>
+</filter>
More information about the libvir-list
mailing list