[libvirt] [TCK] [PATCH] follow reordering of match extensions relative to state match

This patch adjusts the tck test cases following the reordering of the match extensions relative to the state match in libvirt. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 30 +++++++-------- scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall | 14 +++---- 2 files changed, 22 insertions(+), 22 deletions(-) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall @@ -11,15 +11,15 @@ #iptables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination -RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY/* udp rule */ #iptables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination -ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL +ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL/* udp rule */ #iptables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination -RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY/* udp rule */ #iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " " HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " " @@ -31,24 +31,24 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #ip6tables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination -RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL -RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir ORIGINAL -RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \, $x, and two spaces */ state ESTABLISHED ctdir ORIGINAL -RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED ctdir ORIGINAL +RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ +RETURN udp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ +RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */ +RETURN ah ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ #ip6tables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination -ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY -ACCEPT udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED ctdir REPLY -ACCEPT sctp ::/0 ::/0 /* comment with lone ', `, ", `, \, $x, and two spaces */ state NEW,ESTABLISHED ctdir REPLY -ACCEPT ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state NEW,ESTABLISHED ctdir REPLY +ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule */ +ACCEPT udp ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ +ACCEPT sctp ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* comment with lone ', `, ", `, \, $x, and two spaces */ +ACCEPT ah ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ #ip6tables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination -RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL -RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir ORIGINAL -RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \, $x, and two spaces */ state ESTABLISHED ctdir ORIGINAL -RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED ctdir ORIGINAL +RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ +RETURN udp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ +RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */ +RETURN ah ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " " HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-in -n | grep vnet0 | tr -s " " Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall @@ -1,20 +1,20 @@ #iptables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination -RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out: existing and related (ftp) connections */ state RELATED,ESTABLISHED -RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out: DNS lookups */ udp dpt:53 state NEW +RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* out: existing and related (ftp) connections */ +RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW /* out: DNS lookups */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout: drop all non-accepted traffic */ #iptables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination -ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* in: existing connections */ state ESTABLISHED -ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* in: ftp and ssh */ tcp dpts:21:22 state NEW -ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* in: icmp */ state NEW +ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED /* in: existing connections */ +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:21:22 state NEW /* in: ftp and ssh */ +ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW /* in: icmp */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout: drop all non-accepted traffic */ #iptables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination -RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out: existing and related (ftp) connections */ state RELATED,ESTABLISHED -RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out: DNS lookups */ udp dpt:53 state NEW +RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* out: existing and related (ftp) connections */ +RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW /* out: DNS lookups */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout: drop all non-accepted traffic */