Devel
Threads by month
- ----- 2025 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
October 2010
- 65 participants
- 276 discussions
I am wondering if someone could interpret the valgind output for
memory leak check that I see when I look for memory leaks...
When a thread for creating a VM was spawned I see this output for example:
==15488== LEAK SUMMARY:
==15488== definitely lost: 9,133 bytes in 12 blocks
==15488== indirectly lost: 10,248 bytes in 5 blocks
==15488== possibly lost: 319,199 bytes in 2,887 blocks
==15488== still reachable: 4,635,633 bytes in 30,308 blocks
==15488== suppressed: 0 bytes in 0 blocks
==15488== Reachable blocks (those to which a pointer was found) are not
shown.
==15488== To see them, rerun with: --leak-check=full --show-reachable=yes
The traces above it show some 'wild' paths into libraries. We may either
not be using the libraries correctly or they have leaks themselves ...
When terminating the valgrind process by sending a -SIGTERM to it I then
get this:
==15488== LEAK SUMMARY:
==15488== definitely lost: 0 bytes in 0 blocks
==15488== indirectly lost: 0 bytes in 0 blocks
==15488== possibly lost: 2,701 bytes in 25 blocks
==15488== still reachable: 543,655 bytes in 7,928 blocks
==15488== suppressed: 0 bytes in 0 blocks
==15488== Reachable blocks (those to which a pointer was found) are not
shown.
==15488== To see them, rerun with: --leak-check=full --show-reachable=yes
So in the end is there no leak with 'defintely and indirectly' lost
being '0'?
Actually other tests are not as favorable in the end:
==17333== LEAK SUMMARY:
==17333== definitely lost: 32 bytes in 1 blocks
==17333== indirectly lost: 1,449,440 bytes in 2,020 blocks
==17333== possibly lost: 1,007,275 bytes in 9,780 blocks
==17333== still reachable: 543,827 bytes in 7,933 blocks
==17333== suppressed: 0 bytes in 0 blocks
==17333== Reachable blocks (those to which a pointer was found) are not
shown.
==17333== To see them, rerun with: --leak-check=full --show-reachable=yes
Stefan
3
2
[libvirt] [PATCH] [TCK] nwfilter: Adapt to changes how filters are instantiated
by Stefan Berger 21 Oct '10
by Stefan Berger 21 Oct '10
21 Oct '10
Recent changes to how filters are being instantiated require follow-up
changes to the test suite. The following changes are related to
- usage of 'ctdir'
- changes to the host's incoming filter chain
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall |
10 +++++-----
scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall |
4 ++--
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall |
4 ++--
scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall |
4 ++--
scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall |
6 +++---
24 files changed, 63 insertions(+), 63 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN ah ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED
-RETURN ah ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED
-ACCEPT ah a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT ah ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT ah a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT ah ::/0 a:b:c::/128 DSCP match
0x21
-ACCEPT ah ::/0 ::10.1.2.3/128 DSCP match
0x21
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT ah -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN all ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED
-RETURN all ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED
-ACCEPT all a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT all ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT all a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT all ::/0 a:b:c::/128 DSCP match
0x21
-ACCEPT all ::/0 ::10.1.2.3/128 DSCP match
0x21
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT all -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,24 +31,24 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED
-RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED
-RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED
-RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir
ORIGINAL
+RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir
ORIGINAL
+RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED ctdir
ORIGINAL
+RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED
-ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
-ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
-ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
ctdir REPLY
+ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
ctdir REPLY
+ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33
-ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
-ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */
-ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir
ORIGINAL
+RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir
ORIGINAL
+RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED ctdir
ORIGINAL
+RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
@@ -1,22 +1,22 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED
-RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED ctdir ORIGINAL
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW,ESTABLISHED
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW,ESTABLISHED ctdir REPLY
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED ctdir ORIGINAL
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
@@ -11,7 +11,7 @@ DROP icmp -- 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 state NEW,ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
@@ -11,7 +11,7 @@ DROP icmp -- 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
0 state NEW,ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
@@ -1,17 +1,17 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
@@ -2,17 +2,17 @@
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED
-RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21icmp type 255 code 255 state
NEW,ESTABLISHED
-ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11
-ACCEPT icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
@@ -2,17 +2,17 @@
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state
NEW,ESTABLISHED
-RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED
+RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT icmpv6 a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state
NEW,ESTABLISHED
-ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11
-ACCEPT icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21
+RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state
NEW,ESTABLISHED
+RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT 2 -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT 2 -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED
-ACCEPT sctp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT sctp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21
-ACCEPT sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256
+RETURN sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP
match 0x21tcp spts:100:1111 dpts:20:21
RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP
match 0x3ftcp spt:65535 dpts:255:256
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
+ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111
ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21tcp spts:100:1111 dpts:20:21
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3ftcp spt:65535 dpts:255:256
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21tcp spts:100:1111 dpts:20:21
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3ftcp spt:65535 dpts:255:256
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT tcp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT tcp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21
-ACCEPT tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256
+RETURN tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED
-ACCEPT udp ::/0 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT udp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp ::/0 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21
-ACCEPT udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256
+RETURN udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
@@ -3,17 +3,17 @@ Chain FI-vnet0 (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 2
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 2
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN esp ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED
-RETURN esp ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED
-ACCEPT esp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT esp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT esp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT esp ::/0 a:b:c::/128 DSCP match
0x21
-ACCEPT esp ::/0 ::10.1.2.3/128 DSCP match
0x21
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 |tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udplite ::/0 a:b:c::/128 DSCP
match 0x21state ESTABLISHED
-RETURN udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c::/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP
match 0x02state ESTABLISHED
-ACCEPT udplite a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT udplite ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP
match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udplite ::/0 a:b:c::/128 DSCP
match 0x21
-ACCEPT udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c::/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED
-RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED
+RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite-- 10.1.2.3 0.0.0.0/0 DSCP
match 0x02state ESTABLISHED
-ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT udplite-- 10.1.2.3 0.0.0.0/0 DSCP
match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21
-ACCEPT udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21
+RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,15 +31,15 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED
+RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33
+RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
2
3
----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
> On Tue, Oct 19, 2010 at 03:40:15AM -0400, Osier wrote:
> > From ebab27920ed2bc1984a8b93c354c31947b58f942 Mon Sep 17 00:00:00
> 2001
> > From: Osier Yang <jyang(a)redhat.com>
> > Date: Tue, 19 Oct 2010 15:31:12 +0800
> > Subject: [libvirt-tck 3/4] Add module for hooks testing
> >
> > To validate daemon, qemu, and lxc hook is invoked correctly
> > ---
> > lib/Sys/Virt/TCK/Hooks.pm | 257
> +++++++++++++++++++++++++++++++++++++++++++++
> > 1 files changed, 257 insertions(+), 0 deletions(-)
> > create mode 100644 lib/Sys/Virt/TCK/Hooks.pm
>
> ACK, looks good now.
Thanks, for Slurp requirement, do we need to update the yum repo?
http://people.redhat.com/berrange/yum-libvirt-tck-rhel6/x86_64/
guess only you can do it.. :-)
- Osier
>
>
> Daniel
> --
> |: Red Hat, Engineering, London -o-
> http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o-
> http://deltacloud.org :|
> |: http://autobuild.org -o-
> http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B
> 9505 :|
1
0
* src/libvirt_private.syms: Sort by header name, then within
header, and drop duplicate virNetworkDefParseNode,
virFileLinkPointsTo and virXPathBoolean.
---
Fixes the duplication first noted here, and hopefully makes the
file easier to maintain.
https://www.redhat.com/archives/libvir-list/2010-October/msg00283.html
src/libvirt_private.syms | 746 +++++++++++++++++++++++-----------------------
1 files changed, 376 insertions(+), 370 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 0b1c482..1fdd44c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -4,91 +4,91 @@
#
# authhelper.h
-virRequestUsername;
virRequestPassword;
+virRequestUsername;
# bitmap.h
virBitmapAlloc;
-virBitmapFree;
-virBitmapSetBit;
virBitmapClearBit;
+virBitmapFree;
virBitmapGetBit;
+virBitmapSetBit;
# buf.h
-virBufferVSprintf;
-virBufferEscapeString;
virBufferAdd;
virBufferAddChar;
virBufferContentAndReset;
virBufferError;
-virBufferURIEncodeString;
+virBufferEscapeString;
virBufferFreeAndReset;
-virBufferUse;
virBufferStrcat;
+virBufferURIEncodeString;
+virBufferUse;
+virBufferVSprintf;
# caps.h
virCapabilitiesAddGuest;
virCapabilitiesAddGuestDomain;
virCapabilitiesAddGuestFeature;
+virCapabilitiesAddHostFeature;
virCapabilitiesAddHostMigrateTransport;
virCapabilitiesAddHostNUMACell;
-virCapabilitiesAddHostFeature;
+virCapabilitiesAllocMachines;
virCapabilitiesDefaultGuestArch;
virCapabilitiesDefaultGuestEmulator;
virCapabilitiesDefaultGuestMachine;
virCapabilitiesFormatXML;
virCapabilitiesFree;
+virCapabilitiesFreeMachines;
virCapabilitiesFreeNUMAInfo;
-virCapabilitiesNew;
-virCapabilitiesSetMacPrefix;
virCapabilitiesGenerateMac;
-virCapabilitiesSetEmulatorRequired;
virCapabilitiesIsEmulatorRequired;
-virCapabilitiesAllocMachines;
-virCapabilitiesFreeMachines;
+virCapabilitiesNew;
+virCapabilitiesSetEmulatorRequired;
virCapabilitiesSetHostCPU;
-
-
-# conf.h
-virConfNew;
-virConfReadFile;
-virConfReadMem;
-virConfFree;
-virConfFreeValue;
-virConfGetValue;
-virConfSetValue;
-virConfWriteFile;
-virConfWriteMem;
+virCapabilitiesSetMacPrefix;
# cgroup.h
+virCgroupAddTask;
+virCgroupAllowDeviceMajor;
+virCgroupAllowDevicePath;
+virCgroupControllerTypeFromString;
+virCgroupControllerTypeToString;
+virCgroupDenyAllDevices;
+virCgroupDenyDevicePath;
virCgroupForDomain;
virCgroupForDriver;
-virCgroupRemove;
virCgroupFree;
-virCgroupAddTask;
-virCgroupSetMemory;
-virCgroupGetMemoryUsage;
-virCgroupSetCpuShares;
virCgroupGetCpuShares;
-virCgroupDenyDevicePath;
-virCgroupAllowDevicePath;
-virCgroupDenyAllDevices;
-virCgroupAllowDeviceMajor;
-virCgroupControllerTypeToString;
-virCgroupControllerTypeFromString;
virCgroupGetCpuacctUsage;
virCgroupGetFreezerState;
+virCgroupGetMemoryHardLimit;
+virCgroupGetMemorySoftLimit;
+virCgroupGetMemoryUsage;
+virCgroupGetSwapHardLimit;
+virCgroupRemove;
+virCgroupSetCpuShares;
virCgroupSetFreezerState;
+virCgroupSetMemory;
virCgroupSetMemoryHardLimit;
-virCgroupGetMemoryHardLimit;
virCgroupSetMemorySoftLimit;
-virCgroupGetMemorySoftLimit;
virCgroupSetSwapHardLimit;
-virCgroupGetSwapHardLimit;
+
+
+# conf.h
+virConfFree;
+virConfFreeValue;
+virConfGetValue;
+virConfNew;
+virConfReadFile;
+virConfReadMem;
+virConfSetValue;
+virConfWriteFile;
+virConfWriteMem;
# cpu.h
@@ -100,204 +100,214 @@ cpuDataFree;
cpuDecode;
cpuEncode;
cpuGuestData;
+cpuHasFeature;
cpuNodeData;
cpuUpdate;
-cpuHasFeature;
# cpu_conf.h
-virCPUDefFree;
-virCPUDefParseXML;
-virCPUDefFormat;
-virCPUDefFormatBuf;
virCPUDefAddFeature;
virCPUDefCopy;
+virCPUDefFormat;
+virCPUDefFormatBuf;
+virCPUDefFree;
+virCPUDefParseXML;
# datatypes.h
virGetDomain;
+virGetDomainSnapshot;
virGetInterface;
+virGetNWFilter;
virGetNetwork;
+virGetNodeDevice;
+virGetSecret;
virGetStoragePool;
virGetStorageVol;
-virGetSecret;
-virUnrefStorageVol;
-virGetNodeDevice;
-virUnrefDomain;
+virGetStream;
virUnrefConnect;
+virUnrefDomain;
+virUnrefNWFilter;
virUnrefSecret;
-virGetStream;
+virUnrefStorageVol;
virUnrefStream;
-virGetNWFilter;
-virUnrefNWFilter;
-virGetDomainSnapshot;
+
+
+# dnsmasq.h
+dnsmasqAddDhcpHost;
+dnsmasqContextFree;
+dnsmasqContextNew;
+dnsmasqDelete;
+dnsmasqReload;
+dnsmasqSave;
# domain_conf.h
virDiskNameToBusDeviceIndex;
virDiskNameToIndex;
virDomainAssignDef;
-virDomainConfigFile;
-virDomainCpuSetFormat;
-virDomainCpuSetParse;
+virDomainChrConsoleTargetTypeFromString;
+virDomainChrConsoleTargetTypeToString;
+virDomainChrDefForeach;
virDomainChrDefFree;
+virDomainChrTcpProtocolTypeFromString;
+virDomainChrTcpProtocolTypeToString;
virDomainChrTypeFromString;
virDomainChrTypeToString;
+virDomainClockOffsetTypeFromString;
+virDomainClockOffsetTypeToString;
+virDomainConfigFile;
+virDomainControllerDefFree;
+virDomainControllerInsert;
+virDomainControllerInsertPreAlloced;
+virDomainControllerModelTypeFromString;
+virDomainControllerModelTypeToString;
+virDomainControllerTypeToString;
+virDomainCpuSetFormat;
+virDomainCpuSetParse;
+virDomainDefAddImplicitControllers;
+virDomainDefClearDeviceAliases;
+virDomainDefClearPCIAddresses;
virDomainDefFormat;
virDomainDefFree;
virDomainDefParseFile;
virDomainDefParseNode;
virDomainDefParseString;
virDomainDeleteConfig;
+virDomainDeviceAddressIsValid;
+virDomainDeviceAddressTypeToString;
virDomainDeviceDefFree;
virDomainDeviceDefParse;
+virDomainDeviceInfoIsSet;
+virDomainDeviceInfoIterate;
+virDomainDevicePCIAddressIsValid;
virDomainDeviceTypeToString;
virDomainDiskBusTypeToString;
+virDomainDiskCacheTypeFromString;
+virDomainDiskCacheTypeToString;
+virDomainDiskDefAssignAddress;
+virDomainDiskDefForeachPath;
virDomainDiskDefFree;
virDomainDiskDeviceTypeToString;
+virDomainDiskErrorPolicyTypeToString;
virDomainDiskInsert;
virDomainDiskInsertPreAlloced;
virDomainDiskRemove;
-virDomainDiskDefAssignAddress;
-virDomainDiskTypeToString;
virDomainDiskTypeFromString;
-virDomainControllerInsert;
-virDomainControllerInsertPreAlloced;
-virDomainControllerModelTypeFromString;
-virDomainControllerModelTypeToString;
+virDomainDiskTypeToString;
+virDomainFSDefFree;
virDomainFindByID;
virDomainFindByName;
virDomainFindByUUID;
virDomainGetRootFilesystem;
+virDomainGraphicsDefFree;
virDomainGraphicsTypeFromString;
virDomainGraphicsTypeToString;
-virDomainGraphicsDefFree;
virDomainHostdevDefFree;
virDomainHostdevModeTypeToString;
virDomainHostdevSubsysTypeToString;
virDomainInputDefFree;
-virDomainLifecycleTypeFromString;
-virDomainLifecycleTypeToString;
virDomainLifecycleCrashTypeFromString;
virDomainLifecycleCrashTypeToString;
+virDomainLifecycleTypeFromString;
+virDomainLifecycleTypeToString;
virDomainLoadAllConfigs;
+virDomainMemballoonModelTypeFromString;
+virDomainMemballoonModelTypeToString;
virDomainNetDefFree;
virDomainNetTypeToString;
+virDomainObjAssignDef;
+virDomainObjIsDuplicate;
+virDomainObjListDeinit;
+virDomainObjListGetActiveIDs;
+virDomainObjListGetInactiveNames;
+virDomainObjListInit;
+virDomainObjListNumOfDomains;
+virDomainObjLock;
+virDomainObjRef;
+virDomainObjUnlock;
+virDomainObjUnref;
virDomainRemoveInactive;
-virDomainSaveXML;
virDomainSaveConfig;
virDomainSaveStatus;
+virDomainSaveXML;
+virDomainSnapshotAssignDef;
+virDomainSnapshotDefFormat;
+virDomainSnapshotDefFree;
+virDomainSnapshotDefParseString;
+virDomainSnapshotFindByName;
+virDomainSnapshotHasChildren;
+virDomainSnapshotObjListGetNames;
+virDomainSnapshotObjListNum;
+virDomainSnapshotObjListRemove;
+virDomainSnapshotObjUnref;
virDomainSoundDefFree;
virDomainSoundModelTypeFromString;
virDomainSoundModelTypeToString;
-virDomainMemballoonModelTypeFromString;
-virDomainMemballoonModelTypeToString;
-virDomainWatchdogModelTypeFromString;
-virDomainWatchdogModelTypeToString;
-virDomainWatchdogActionTypeFromString;
-virDomainWatchdogActionTypeToString;
+virDomainStateTypeFromString;
+virDomainStateTypeToString;
+virDomainTimerModeTypeFromString;
+virDomainTimerModeTypeToString;
+virDomainTimerNameTypeFromString;
+virDomainTimerNameTypeToString;
+virDomainTimerTickpolicyTypeFromString;
+virDomainTimerTickpolicyTypeToString;
+virDomainTimerTrackTypeFromString;
+virDomainTimerTrackTypeToString;
virDomainVideoDefFree;
-virDomainVideoTypeToString;
-virDomainVideoTypeFromString;
virDomainVideoDefaultRAM;
virDomainVideoDefaultType;
+virDomainVideoTypeFromString;
+virDomainVideoTypeToString;
virDomainVirtTypeToString;
-virDomainFSDefFree;
-virDomainObjLock;
-virDomainObjUnlock;
-virDomainStateTypeToString;
-virDomainStateTypeFromString;
-virDomainObjIsDuplicate;
-virDomainObjListGetInactiveNames;
-virDomainObjListGetActiveIDs;
-virDomainObjListNumOfDomains;
-virDomainObjListInit;
-virDomainObjListDeinit;
-virDomainObjRef;
-virDomainObjUnref;
-virDomainDeviceAddressIsValid;
-virDomainDevicePCIAddressIsValid;
-virDomainDeviceInfoIsSet;
-virDomainControllerTypeToString;
-virDomainControllerDefFree;
-virDomainDeviceAddressTypeToString;
-virDomainDefAddImplicitControllers;
-virDomainDefClearPCIAddresses;
-virDomainDefClearDeviceAliases;
-virDomainDeviceInfoIterate;
-virDomainClockOffsetTypeToString;
-virDomainClockOffsetTypeFromString;
-virDomainDiskErrorPolicyTypeToString;
-virDomainTimerNameTypeToString;
-virDomainTimerNameTypeFromString;
-virDomainTimerTrackTypeToString;
-virDomainTimerTrackTypeFromString;
-virDomainTimerTickpolicyTypeToString;
-virDomainTimerTickpolicyTypeFromString;
-virDomainTimerModeTypeToString;
-virDomainTimerModeTypeFromString;
-virDomainSnapshotObjListGetNames;
-virDomainSnapshotObjListNum;
-virDomainSnapshotFindByName;
-virDomainSnapshotObjListRemove;
-virDomainSnapshotHasChildren;
-virDomainSnapshotObjUnref;
-virDomainSnapshotDefParseString;
-virDomainSnapshotDefFormat;
-virDomainSnapshotDefFree;
-virDomainSnapshotAssignDef;
-virDomainObjAssignDef;
-virDomainChrDefForeach;
-virDomainDiskDefForeachPath;
-virDomainChrConsoleTargetTypeToString;
-virDomainChrConsoleTargetTypeFromString;
-virDomainChrTcpProtocolTypeToString;
-virDomainChrTcpProtocolTypeFromString;
-virDomainDiskCacheTypeToString;
-virDomainDiskCacheTypeFromString;
+virDomainWatchdogActionTypeFromString;
+virDomainWatchdogActionTypeToString;
+virDomainWatchdogModelTypeFromString;
+virDomainWatchdogModelTypeToString;
# domain_event.h
virDomainEventCallbackListAdd;
virDomainEventCallbackListAddID;
+virDomainEventCallbackListCount;
+virDomainEventCallbackListCountID;
+virDomainEventCallbackListEventID;
virDomainEventCallbackListFree;
-virDomainEventCallbackListRemove;
-virDomainEventCallbackListRemoveID;
-virDomainEventCallbackListRemoveConn;
virDomainEventCallbackListMarkDelete;
virDomainEventCallbackListMarkDeleteID;
virDomainEventCallbackListPurgeMarked;
-virDomainEventCallbackListCount;
-virDomainEventCallbackListCountID;
-virDomainEventCallbackListEventID;
-virDomainEventQueueNew;
-virDomainEventQueueFree;
-virDomainEventQueuePop;
-virDomainEventQueuePush;
+virDomainEventCallbackListRemove;
+virDomainEventCallbackListRemoveConn;
+virDomainEventCallbackListRemoveID;
+virDomainEventDispatch;
+virDomainEventDispatchDefaultFunc;
+virDomainEventFree;
+virDomainEventGraphicsNewFromDom;
+virDomainEventGraphicsNewFromObj;
+virDomainEventIOErrorNewFromDom;
+virDomainEventIOErrorNewFromObj;
+virDomainEventIOErrorReasonNewFromDom;
+virDomainEventIOErrorReasonNewFromObj;
virDomainEventNew;
+virDomainEventNewFromDef;
virDomainEventNewFromDom;
virDomainEventNewFromObj;
-virDomainEventNewFromDef;
-virDomainEventRebootNewFromDom;
-virDomainEventRebootNewFromObj;
+virDomainEventQueueDispatch;
+virDomainEventQueueFree;
+virDomainEventQueueNew;
+virDomainEventQueuePop;
+virDomainEventQueuePush;
virDomainEventRTCChangeNewFromDom;
virDomainEventRTCChangeNewFromObj;
+virDomainEventRebootNewFromDom;
+virDomainEventRebootNewFromObj;
virDomainEventWatchdogNewFromDom;
virDomainEventWatchdogNewFromObj;
-virDomainEventIOErrorNewFromDom;
-virDomainEventIOErrorNewFromObj;
-virDomainEventIOErrorReasonNewFromDom;
-virDomainEventIOErrorReasonNewFromObj;
-virDomainEventGraphicsNewFromDom;
-virDomainEventGraphicsNewFromObj;
-virDomainEventFree;
-virDomainEventDispatchDefaultFunc;
-virDomainEventDispatch;
-virDomainEventQueueDispatch;
+
# domain_nwfilter.h
-virDomainConfNWFilterRegister;
virDomainConfNWFilterInstantiate;
+virDomainConfNWFilterRegister;
virDomainConfNWFilterTeardown;
virDomainConfVMNWFilterTeardown;
@@ -322,6 +332,10 @@ virEventUpdateHandle;
virEventUpdateTimeout;
+# files.h
+virClose;
+
+
# hash.h
virHashAddEntry;
virHashCreate;
@@ -340,19 +354,28 @@ virHookInitialize;
virHookPresent;
+# interface.h
+ifaceCheck;
+ifaceCtrl;
+ifaceGetFlags;
+ifaceGetIndex;
+ifaceGetVlanID;
+ifaceIsUp;
+
+
# interface_conf.h
+virInterfaceAssignDef;
virInterfaceDefFormat;
+virInterfaceDefFree;
virInterfaceDefParseFile;
-virInterfaceDefParseString;
virInterfaceDefParseNode;
-virInterfaceDefFree;
-virInterfaceFindByName;
+virInterfaceDefParseString;
virInterfaceFindByMACString;
-virInterfaceAssignDef;
-virInterfaceRemove;
+virInterfaceFindByName;
+virInterfaceObjListFree;
virInterfaceObjLock;
virInterfaceObjUnlock;
-virInterfaceObjListFree;
+virInterfaceRemove;
# iptables.h
@@ -380,105 +403,96 @@ iptablesRemoveTcpInput;
iptablesRemoveUdpInput;
-# dnsmasq.h
-dnsmasqContextNew;
-dnsmasqContextFree;
-dnsmasqAddDhcpHost;
-dnsmasqSave;
-dnsmasqDelete;
-dnsmasqReload;
-
-
-# libvirt_internal.h
-virDrvSupportsFeature;
-virDomainMigratePrepare;
-virDomainMigratePerform;
-virDomainMigrateFinish;
-virDomainMigratePrepare2;
-virDomainMigrateFinish2;
-virDomainMigratePrepareTunnel;
-virRegisterDriver;
-virRegisterInterfaceDriver;
-virRegisterNetworkDriver;
-virRegisterStorageDriver;
-virRegisterDeviceMonitor;
-virRegisterSecretDriver;
-virRegisterNWFilterDriver;
-
-
# json.h
+virJSONValueArrayAppend;
+virJSONValueArrayGet;
+virJSONValueArraySize;
virJSONValueFree;
-virJSONValueNewString;
-virJSONValueNewStringLen;
+virJSONValueFromString;
+virJSONValueGetBoolean;
+virJSONValueGetNumberDouble;
+virJSONValueGetNumberInt;
+virJSONValueGetNumberLong;
+virJSONValueGetNumberUint;
+virJSONValueGetNumberUlong;
+virJSONValueGetString;
+virJSONValueIsNull;
+virJSONValueNewArray;
+virJSONValueNewBoolean;
+virJSONValueNewNull;
+virJSONValueNewNumberDouble;
virJSONValueNewNumberInt;
-virJSONValueNewNumberUint;
virJSONValueNewNumberLong;
+virJSONValueNewNumberUint;
virJSONValueNewNumberUlong;
-virJSONValueNewNumberDouble;
-virJSONValueNewBoolean;
-virJSONValueNewNull;
-virJSONValueNewArray;
virJSONValueNewObject;
+virJSONValueNewString;
+virJSONValueNewStringLen;
virJSONValueObjectAppend;
-virJSONValueObjectAppendString;
+virJSONValueObjectAppendBoolean;
+virJSONValueObjectAppendNull;
+virJSONValueObjectAppendNumberDouble;
virJSONValueObjectAppendNumberInt;
-virJSONValueObjectAppendNumberUint;
virJSONValueObjectAppendNumberLong;
+virJSONValueObjectAppendNumberUint;
virJSONValueObjectAppendNumberUlong;
-virJSONValueObjectAppendNumberDouble;
-virJSONValueObjectAppendBoolean;
-virJSONValueObjectAppendNull;
-virJSONValueArrayAppend;
-virJSONValueObjectHasKey;
+virJSONValueObjectAppendString;
virJSONValueObjectGet;
-virJSONValueArraySize;
-virJSONValueArrayGet;
-virJSONValueGetString;
-virJSONValueGetNumberInt;
-virJSONValueGetNumberUint;
-virJSONValueGetNumberLong;
-virJSONValueGetNumberUlong;
-virJSONValueGetNumberDouble;
-virJSONValueGetBoolean;
-virJSONValueIsNull;
-virJSONValueObjectGetString;
+virJSONValueObjectGetBoolean;
+virJSONValueObjectGetNumberDouble;
virJSONValueObjectGetNumberInt;
-virJSONValueObjectGetNumberUint;
virJSONValueObjectGetNumberLong;
+virJSONValueObjectGetNumberUint;
virJSONValueObjectGetNumberUlong;
-virJSONValueObjectGetNumberDouble;
-virJSONValueObjectGetBoolean;
+virJSONValueObjectGetString;
+virJSONValueObjectHasKey;
virJSONValueObjectIsNull;
-virJSONValueFromString;
virJSONValueToString;
+# libvirt_internal.h
+virDomainMigrateFinish2;
+virDomainMigrateFinish;
+virDomainMigratePerform;
+virDomainMigratePrepare2;
+virDomainMigratePrepare;
+virDomainMigratePrepareTunnel;
+virDrvSupportsFeature;
+virRegisterDeviceMonitor;
+virRegisterDriver;
+virRegisterInterfaceDriver;
+virRegisterNWFilterDriver;
+virRegisterNetworkDriver;
+virRegisterSecretDriver;
+virRegisterStorageDriver;
+
+
# logging.h
-virLogMessage;
+virLogDefineFilter;
+virLogDefineOutput;
+virLogGetDefaultPriority;
+virLogGetFilters;
virLogGetNbFilters;
virLogGetNbOutputs;
-virLogGetFilters;
virLogGetOutputs;
-virLogGetDefaultPriority;
-virLogSetDefaultPriority;
-virLogSetFromEnv;
-virLogDefineFilter;
-virLogDefineOutput;
+virLogLock;
+virLogMessage;
virLogParseDefaultPriority;
virLogParseFilters;
virLogParseOutputs;
-virLogStartup;
-virLogShutdown;
virLogReset;
-virLogLock;
+virLogSetDefaultPriority;
+virLogSetFromEnv;
+virLogShutdown;
+virLogStartup;
virLogUnlock;
# memory.h
virAlloc;
virAllocN;
-virReallocN;
virFree;
+virReallocN;
# network.h
@@ -505,70 +519,69 @@ virNetworkDeleteConfig;
virNetworkFindByName;
virNetworkFindByUUID;
virNetworkLoadAllConfigs;
+virNetworkObjIsDuplicate;
virNetworkObjListFree;
-virNetworkDefParseNode;
+virNetworkObjLock;
+virNetworkObjUnlock;
virNetworkRemoveInactive;
virNetworkSaveConfig;
virNetworkSetBridgeName;
-virNetworkObjLock;
-virNetworkObjUnlock;
-virNetworkObjIsDuplicate;
-
-
-# nodeinfo.h
-nodeGetInfo;
-nodeCapsInitNUMA;
-nodeGetCellsFreeMemory;
-nodeGetFreeMemory;
# node_device_conf.h
-virNodeDeviceHasCap;
-virNodeDeviceObjRemove;
virNodeDevCapTypeToString;
-virNodeDeviceFindByName;
-virNodeDeviceFindBySysfsPath;
-virNodeDeviceObjListFree;
-virNodeDeviceDefFree;
virNodeDevCapsDefFree;
+virNodeDeviceAssignDef;
virNodeDeviceDefFormat;
-virNodeDeviceDefParseString;
-virNodeDeviceDefParseNode;
+virNodeDeviceDefFree;
virNodeDeviceDefParseFile;
+virNodeDeviceDefParseNode;
+virNodeDeviceDefParseString;
+virNodeDeviceFindByName;
+virNodeDeviceFindBySysfsPath;
+virNodeDeviceGetParentHost;
+virNodeDeviceGetWWNs;
+virNodeDeviceHasCap;
+virNodeDeviceObjListFree;
virNodeDeviceObjLock;
+virNodeDeviceObjRemove;
virNodeDeviceObjUnlock;
-virNodeDeviceAssignDef;
-virNodeDeviceGetWWNs;
-virNodeDeviceGetParentHost;
+
+
+# nodeinfo.h
+nodeCapsInitNUMA;
+nodeGetCellsFreeMemory;
+nodeGetFreeMemory;
+nodeGetInfo;
# nwfilter_conf.h
+virNWFilterCallbackDriversLock;
+virNWFilterCallbackDriversUnlock;
+virNWFilterChainSuffixTypeToString;
+virNWFilterConfLayerInit;
+virNWFilterConfLayerShutdown;
+virNWFilterDefFormat;
+virNWFilterDefFree;
+virNWFilterDefParseString;
+virNWFilterJumpTargetTypeToString;
+virNWFilterLockFilterUpdates;
virNWFilterPoolLoadAllConfigs;
virNWFilterPoolObjAssignDef;
-virNWFilterPoolObjSaveDef;
+virNWFilterPoolObjDeleteDef;
virNWFilterPoolObjFindByName;
virNWFilterPoolObjFindByUUID;
+virNWFilterPoolObjListFree;
virNWFilterPoolObjLock;
-virNWFilterPoolObjUnlock;
virNWFilterPoolObjRemove;
-virNWFilterDefFree;
-virNWFilterDefParseString;
-virNWFilterPoolObjDeleteDef;
-virNWFilterPoolObjListFree;
-virNWFilterDefFormat;
-virNWFilterChainSuffixTypeToString;
+virNWFilterPoolObjSaveDef;
+virNWFilterPoolObjUnlock;
+virNWFilterPrintStateMatchFlags;
+virNWFilterRegisterCallbackDriver;
virNWFilterRuleActionTypeToString;
virNWFilterRuleProtocolTypeToString;
-virNWFilterJumpTargetTypeToString;
-virNWFilterRegisterCallbackDriver;
virNWFilterTestUnassignDef;
-virNWFilterConfLayerInit;
-virNWFilterConfLayerShutdown;
-virNWFilterLockFilterUpdates;
virNWFilterUnlockFilterUpdates;
-virNWFilterPrintStateMatchFlags;
-virNWFilterCallbackDriversLock;
-virNWFilterCallbackDriversUnlock;
# nwfilter_params.h
@@ -580,205 +593,201 @@ virNWFilterHashTableRemoveEntry;
# pci.h
-pciGetDevice;
-pciFreeDevice;
pciDettachDevice;
-pciReAttachDevice;
-pciWaitForDeviceCleanup;
-pciResetDevice;
-pciDeviceSetManaged;
+pciDeviceFileIterate;
pciDeviceGetManaged;
-pciDeviceListNew;
-pciDeviceListFree;
+pciDeviceIsAssignable;
pciDeviceListAdd;
-pciDeviceListDel;
-pciDeviceFileIterate;
pciDeviceListCount;
+pciDeviceListDel;
+pciDeviceListFree;
pciDeviceListGet;
+pciDeviceListNew;
pciDeviceListSteal;
-pciDeviceIsAssignable;
+pciDeviceSetManaged;
+pciFreeDevice;
+pciGetDevice;
+pciReAttachDevice;
+pciResetDevice;
+pciWaitForDeviceCleanup;
# processinfo.h
-virProcessInfoSetAffinity;
virProcessInfoGetAffinity;
+virProcessInfoSetAffinity;
# qparams.h
+free_qparam_set;
qparam_get_query;
qparam_query_parse;
-free_qparam_set;
+
# secret_conf.h
+virSecretDefFormat;
virSecretDefFree;
-virSecretDefParseString;
virSecretDefParseFile;
-virSecretDefFormat;
+virSecretDefParseString;
# security.h
-virSecurityDriverVerify;
-virSecurityDriverStartup;
-virSecurityDriverInit;
-virSecurityDriverSetDOI;
virSecurityDriverGetDOI;
virSecurityDriverGetModel;
+virSecurityDriverInit;
+virSecurityDriverSetDOI;
+virSecurityDriverStartup;
+virSecurityDriverVerify;
# storage_conf.h
+virStoragePartedFsTypeTypeToString;
virStoragePoolDefFormat;
virStoragePoolDefFree;
-virStoragePoolDefParseString;
virStoragePoolDefParseFile;
virStoragePoolDefParseNode;
+virStoragePoolDefParseSourceString;
+virStoragePoolDefParseString;
+virStoragePoolFormatDiskTypeToString;
+virStoragePoolFormatFileSystemNetTypeToString;
+virStoragePoolFormatFileSystemTypeToString;
virStoragePoolLoadAllConfigs;
virStoragePoolObjAssignDef;
virStoragePoolObjClearVols;
virStoragePoolObjDeleteDef;
virStoragePoolObjFindByName;
virStoragePoolObjFindByUUID;
+virStoragePoolObjIsDuplicate;
virStoragePoolObjListFree;
+virStoragePoolObjLock;
virStoragePoolObjRemove;
virStoragePoolObjSaveDef;
+virStoragePoolObjUnlock;
virStoragePoolSourceFree;
-virStoragePoolDefParseSourceString;
-virStoragePoolSourceListNewSource;
virStoragePoolSourceListFormat;
+virStoragePoolSourceListNewSource;
+virStoragePoolTypeFromString;
virStorageVolDefFindByKey;
virStorageVolDefFindByName;
virStorageVolDefFindByPath;
virStorageVolDefFormat;
virStorageVolDefFree;
virStorageVolDefParseFile;
-virStorageVolDefParseString;
virStorageVolDefParseNode;
-virStoragePoolFormatDiskTypeToString;
-virStoragePoolFormatFileSystemTypeToString;
-virStoragePoolFormatFileSystemNetTypeToString;
-virStoragePoolTypeFromString;
-virStoragePartedFsTypeTypeToString;
-virStoragePoolObjLock;
-virStoragePoolObjUnlock;
-virStoragePoolObjIsDuplicate;
+virStorageVolDefParseString;
+
# storage_encryption_conf.h
+virStorageEncryptionFormat;
virStorageEncryptionFree;
virStorageEncryptionParseNode;
-virStorageEncryptionFormat;
virStorageGenerateQcowPassphrase;
+
# storage_file.h
-virStorageFileFormatTypeToString;
virStorageFileFormatTypeFromString;
-virStorageFileProbeFormat;
-virStorageFileProbeFormatFromFD;
+virStorageFileFormatTypeToString;
virStorageFileGetMetadata;
virStorageFileGetMetadataFromFD;
virStorageFileIsSharedFS;
+virStorageFileProbeFormat;
+virStorageFileProbeFormatFromFD;
+
# threads.h
+virCondBroadcast;
+virCondDestroy;
+virCondInit;
+virCondSignal;
+virCondWait;
+virCondWaitUntil;
+virMutexDestroy;
virMutexInit;
virMutexInitRecursive;
-virMutexDestroy;
virMutexLock;
virMutexUnlock;
-virCondInit;
-virCondDestroy;
-virCondWait;
-virCondWaitUntil;
-virCondSignal;
-virCondBroadcast;
+
+# usb.h
+usbDeviceFileIterate;
+usbDeviceGetBus;
+usbDeviceGetDevno;
+usbFindDevice;
+usbFreeDevice;
+usbGetDevice;
+
# util.h
-virFileReadAll;
-virFileWriteStr;
-virStrToLong_i;
-virStrToLong_ll;
-virStrToLong_ull;
-virStrToLong_ui;
-virStrToDouble;
-virFileLinkPointsTo;
-virFileResolveLink;
saferead;
safewrite;
safezero;
-virHexToBin;
-virMacAddrCompare;
+virArgvToString;
+virAsprintf;
+virBuildPathInternal;
+virDirCreate;
virEnumFromString;
virEnumToString;
virEventAddHandle;
virEventRemoveHandle;
virExec;
virExecDaemonize;
-virSetCloseExec;
-virSetNonBlock;
-virFormatMacAddr;
-virGetHostname;
-virParseMacAddr;
+virFileAbsPath;
virFileDeletePid;
-virFindFileInPath;
virFileExists;
+virFileFindMountPoint;
virFileHasSuffix;
virFileLinkPointsTo;
virFileMakePath;
-virFileAbsPath;
+virFileMatchesNameSuffix;
virFileOpenTty;
-virFileReadLimFD;
+virFileOperation;
virFilePid;
+virFileReadAll;
+virFileReadLimFD;
virFileReadPid;
-virFileLinkPointsTo;
+virFileResolveLink;
virFileSanitizePath;
+virFileStripSuffix;
+virFileWaitForDevices;
+virFileWriteStr;
+virFindFileInPath;
+virFork;
+virFormatMacAddr;
+virGetGroupID;
+virGetHostname;
+virGetUserDirectory;
+virGetUserID;
+virGetUserName;
+virHexToBin;
+virIndexToDiskName;
+virKillProcess;
+virMacAddrCompare;
+virParseMacAddr;
virParseNumber;
virParseVersionString;
virPipeReadUntilEOF;
-virAsprintf;
+virRandom;
+virRandomInitialize;
virRun;
virRunWithHook;
+virSetCloseExec;
+virSetNonBlock;
virSkipSpaces;
-virKillProcess;
-virGetUserDirectory;
-virGetUserName;
-virGetUserID;
-virGetGroupID;
-virFileFindMountPoint;
-virFileWaitForDevices;
-virFileMatchesNameSuffix;
-virArgvToString;
+virStrToDouble;
+virStrToLong_i;
+virStrToLong_ll;
+virStrToLong_ui;
+virStrToLong_ull;
virStrcpy;
virStrncpy;
-virBuildPathInternal;
-virFileStripSuffix;
-virFileOperation;
-virFork;
-virRandom;
-virRandomInitialize;
-virDirCreate;
-virIndexToDiskName;
-
-
-# interface.h
-ifaceCtrl;
-ifaceCheck;
-ifaceGetIndex;
-ifaceGetFlags;
-ifaceIsUp;
-ifaceGetVlanID;
-# usb.h
-usbGetDevice;
-usbFindDevice;
-usbFreeDevice;
-usbDeviceGetBus;
-usbDeviceGetDevno;
-usbDeviceFileIterate;
# uuid.h
+virGetHostUUID;
+virSetHostUUIDStr;
virUUIDFormat;
virUUIDGenerate;
virUUIDParse;
-virSetHostUUIDStr;
-virGetHostUUID;
+
# virtaudit.h
virAuditClose;
@@ -788,31 +797,28 @@ virAuditSend;
# virterror_internal.h
-virReportErrorHelper;
+virDispatchError;
virErrorMsg;
virRaiseErrorFull;
-virReportSystemErrorFull;
+virReportErrorHelper;
virReportOOMErrorFull;
-virStrerror;
+virReportSystemErrorFull;
virSetError;
-virDispatchError;
+virStrerror;
# xml.h
+virXMLPropString;
virXPathBoolean;
virXPathLong;
+virXPathLongHex;
+virXPathLongLong;
virXPathNode;
virXPathNodeSet;
+virXPathNumber;
virXPathString;
-virXMLPropString;
virXPathStringLimit;
-virXPathBoolean;
-virXPathNumber;
virXPathULong;
-virXPathLongLong;
-virXPathULongLong;
-virXPathLongHex;
virXPathULongHex;
+virXPathULongLong;
-# files.h
-virClose;
--
1.7.2.3
2
3
[libvirt] [PATCH] [TCK] nwfilter: add test data for recently added extensions
by Stefan Berger 21 Oct '10
by Stefan Berger 21 Oct '10
21 Oct '10
This patch adds more test data for the recently added comment and
state attribute.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 77
+++++++++++++++
scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall | 22 ++++
scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall | 20 +++
scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml | 71
+++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/example-1.xml | 24 ++++
scripts/nwfilter/nwfilterxml2xmlin/example-2.xml | 37 +++++++
6 files changed, 251 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml
@@ -0,0 +1,71 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <rule action='accept' direction='in'>
+ <mac protocolid='0x1234' comment='mac rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ protocol='udp'
+ srcportstart='0x123' srcportend='0x234'
+ dstportstart='0x3456' dstportend='0x4567'
+ dscp='0x32' comment='ip rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
+ srcipaddr='::10.1.2.3' srcipmask='22'
+ dstipaddr='::10.1.2.3'
+ dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
+ protocol='tcp'
+ srcportstart='0x111' srcportend='400'
+ dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ hwtype='0x12'
+ protocoltype='0x56'
+ opcode='Request'
+ arpsrcmacaddr='1:2:3:4:5:6'
+ arpdstmacaddr='a:b:c:d:e:f'
+ comment='arp rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <udp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='0x22'
+ srcportstart='0x123' srcportend='400'
+ dstportstart='0x234' dstportend='0x444'
+ comment='udp rule'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='0x40'
+ srcportstart='0x20' srcportend='0x21'
+ dstportstart='0x100' dstportend='0x1111'
+ comment='tcp/ipv6 rule'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <udp-ipv6 comment='`ls`;${COLUMNS};$(ls);"test";&'3
spaces''/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <sctp-ipv6 comment='comment with lone ', `, ", `, \, $x, and two
spaces'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat <
${tmp}; rm -f ${tmp}'/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -0,0 +1,77 @@
+#ebtables -t nat -L PREROUTING | grep vnet0 | grep -v "^Bridge" | grep
-v "^$"
+-i vnet0 -j libvirt-I-vnet0
+#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep
-v "^$"
+-o vnet0 -j libvirt-O-vnet0
+#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst
10.1.2.3 --ip-tos 0x32 --ip-proto udp --ip-sport 291:564 --ip-dport
13398:17767 -j ACCEPT
+-p IPv6 -s 1:2:3:4:5:6/ff:ff:ff:ff:ff:fe -d
aa:bb:cc:dd:ee:80/ff:ff:ff:ff:ff:80 --ip6-src ::/ffff:fc00:: --ip6-dst
::10.1.0.0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000 --ip6-proto tcp
--ip6-sport 273:400 --ip6-dport 13107:65535 -j ACCEPT
+-p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype
18 --arp-ptype 0x56 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f
-j ACCEPT
+#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p 0x1234 -j ACCEPT
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092
+#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out
vnet0
+#ip6tables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED
+RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED
+RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED
+RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED
+#ip6tables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED
+ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
+ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
+ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED
+#ip6tables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33
+ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
+ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */
+ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
+#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in-post -n | grep vnet0
+ACCEPT all ::/0 ::/0 PHYSDEV
match --physdev-in vnet0
+#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out
vnet0
+#ip6tables -L INPUT -n --line-numbers | grep libvirt
+1 libvirt-host-in all ::/0 ::/0
+#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in-post -n | grep vnet0
+ACCEPT all ::/0 ::/0 PHYSDEV
match --physdev-in vnet0
+#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
@@ -0,0 +1,22 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+DROP all -- 0.0.0.0/0 0.0.0.0/0
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW,ESTABLISHED
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+DROP all -- 0.0.0.0/0 0.0.0.0/0
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+DROP all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-1.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-1.xml
@@ -0,0 +1,24 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <!-- allow incoming ssh connections -->
+ <rule action='accept' direction='in' priority='100'>
+ <tcp dstportstart='22'/>
+ </rule>
+
+ <!-- allow incoming ICMP (ping) packets -->
+ <rule action='accept' direction='in' priority='200'>
+ <icmp/>
+ </rule>
+
+ <!-- allow all outgoing traffic -->
+ <rule action='accept' direction='in' priority='300'>
+ <all/>
+ </rule>
+
+ <!-- drop all other traffic -->
+ <rule action='drop' direction='inout' priority='1000'>
+ <all/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-2.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-2.xml
@@ -0,0 +1,37 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <!-- VM outgoing: allow all established and related connections -->
+ <rule action='accept' direction='out' priority='100'>
+ <all state='ESTABLISHED,RELATED'
+ comment='out: existing and related (ftp) connections'/>
+ </rule>
+
+ <!-- VM incoming: allow all established connections -->
+ <rule action='accept' direction='in' priority='100'>
+ <all state='ESTABLISHED'
+ comment='in: existing connections'/>
+ </rule>
+
+ <!-- allow incoming ssh and ftp traffic -->
+ <rule action='accept' direction='in' priority='200'>
+ <tcp dstportstart='21' dstportend='22' state='NEW'
+ comment='in: ftp and ssh'/>
+ </rule>
+
+ <!-- allow incoming ICMP (ping) packets -->
+ <rule action='accept' direction='in' priority='300'>
+ <icmp state='NEW' comment='in: icmp'/>
+ </rule>
+
+ <!-- allow outgong DNS lookups -->
+ <rule action='accept' direction='out' priority='300'>
+ <udp dstportstart='53' state='NEW' comment='out: DNS lookups'/>
+ </rule>
+
+ <!-- drop all other traffic -->
+ <rule action='drop' direction='inout' priority='1000'>
+ <all comment='inout: drop all non-accepted traffic'/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
@@ -0,0 +1,20 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out:
existing and related (ftp) connections */ state RELATED,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out:
DNS lookups */ udp dpt:53 state NEW
+DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* in:
existing connections */ state ESTABLISHED
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* in: ftp
and ssh */ tcp dpts:21:22 state NEW
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* in:
icmp */ state NEW
+DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out:
existing and related (ftp) connections */ state RELATED,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out:
DNS lookups */ udp dpt:53 state NEW
+DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
+
2
2
21 Oct '10
attach updated patch for daemon hook testing..
replaced "cat" with "slurp", corrected typos.
- Osier
----- "Osier" <jyang(a)redhat.com> wrote:
> ----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
>
> > On Mon, Oct 18, 2010 at 07:18:09AM +0800, Osier Yang wrote:
> > > Validate daemon hook is invocated correctly while start, restart,
> > > stop, reload libvirtd
> > > ---
> > > scripts/hooks/051-daemon-hook.t | 156
> > +++++++++++++++++++++++++++++++++++++++
> > > 1 files changed, 156 insertions(+), 0 deletions(-)
> > > create mode 100644 scripts/hooks/051-daemon-hook.t
> > >
> > > diff --git a/scripts/hooks/051-daemon-hook.t
> > b/scripts/hooks/051-daemon-hook.t
> > > new file mode 100644
> > > index 0000000..2d44e45
> > > --- /dev/null
> > > +++ b/scripts/hooks/051-daemon-hook.t
> > > @@ -0,0 +1,156 @@
> > > +# -*- perl -*-
> > > +#
> > > +# Copyright (C) 203 Red Hat, Inc.
> > > +# Copyright (C) 203 Osier Yang <jyang(a)redhat.com>
> > > +#
> > > +# This program is free software; You can redistribute it and/or
> > modify
> > > +# it under the GNU General Public License as published by the
> Free
> > > +# Software Foundation; either version 2, or (at your option) any
> > > +# later version
> > > +#
> > > +# The file "LICENSE" distributed along with this file provides
> > full
> > > +# details of the terms and conditions
> > > +#
> > > +
> > > +=pod
> > > +
> > > +=head1 NAME
> > > +
> > > +domain/051-start-daemon.t - hooks testing for daemon
> > > +
> > > +=head1 DESCRIPTION
> > > +
> > > +The test case validates that the hook script is invocated while
> > > +start, stop, or reload daemon.
> > > +
> > > +=cut
> > > +
> > > +use strict;
> > > +use warnings;
> > > +
> > > +use Test::More tests => 12;
> > > +
> > > +use Sys::Virt::TCK::Hooks;
> > > +
> > > +my $hook = Sys::Virt::TCK::Hooks->new(type => 'daemon',
> > > + conf_dir =>
> > '/etc/libvirt/hooks',
> > > + log_name =>
> > '/tmp/daemon.log');
> > > +
> > > +$hook->libvirtd_status;
> > > +BAIL_OUT "libvirtd is not running, Exit..."
> > > + if ($hook->{libvirtd_status} eq 'stopped');
> > > +
> > > +eval { $hook->prepare; };
> > > +BAIL_OUT "failed to setup hooks testing ENV: $@" if $@;
> > > +
> > > +diag "restart libvirtd for hooks scripts taking effect";
> > > +$hook->action('restart');
> > > +$hook->service_libvirtd;
> > > +unlink $hook->{log_name} unless -f $hook->{log_name};
> > > +
> > > +# stop libvirtd
> > > +$hook->action('stop');
> > > +$hook->expect_log;
> > > +
> > > +diag "$hook->{action} libvirtd";
> > > +$hook->service_libvirtd;
> > > +
> > > +diag "hook script: $hook->{name}";
> > > +system "cat $hook->{name}";
> >
> > These 'cat' calls should all really be reported as diagnostics
> > rather than just sent to stdout directly. We should probably
> > just use the standard 'Slurp' module from CPAN.
>
> yes, indeed.
>
> >
> > eg, put a 'use Slurp' at the top of the script then
> > replace those 2 lines with
> >
> > my $hookdata = slurp($hook->{name});
> > diag "hook script: $hook->{name} '$hookdata'";
> >
>
> Thanks. will update.. think need to add it in 'Build.pl' as a
> requirement at the meantime..
>
> >
> > > +
> > > +sleep 3;
> > > +diag "check if $hook->{name} is invocated";
> > > +ok(-f "$hook->{name}", "$hook->{name} is invocated");
> >
> > s/invocated/invoked/ (and in a few other places later)
>
> yep, will update.
>
> >
> > > +
> > > +diag "actual log: $hook->{log_name}";
> > > +system "cat $hook->{log_name}";
> > > +
> > > +diag "expected log:";
> > > +print $hook->{expect_log}."\n";
> > > +
> > > +diag "check if the actual log is same with expected log";
> > > +ok($hook->compare_log, "$hook->{name} is invocated correctly
> while
> > $hook->{action} libvirtd");
> > > +
> > > +diag "check if libvirtd is stopped";
> > > +ok(`service libvirtd status` =~ /stopped/, "libvirtd is
> stopped");
> >
> > > +
> > > +# start libvirtd
> > > +$hook->action('start');
> > > +$hook->expect_log;
> > > +
> > > +diag "$hook->{action} libvirtd";
> > > +$hook->service_libvirtd;
> > > +
> > > +diag "hook script: $hook->{name}";
> > > +system "cat $hook->{name}";
> > > +
> > > +sleep 3;
> > > +diag "check if $hook->{name} is invocated";
> > > +ok(-f "$hook->{name}", "$hook->{name} is invocated");
> > > +
> > > +diag "actual log: $hook->{log_name}";
> > > +system "cat $hook->{log_name}";
> > > +
> > > +diag "expected log:";
> > > +print $hook->{expect_log}."\n";
> > > +
> > > +diag "check if the actual log is same with expected log";
> > > +ok($hook->compare_log, "$hook->{name} is invocated correctly
> while
> > $hook->{action} libvirtd");
> > > +
> > > +diag "check if libvirtd is still running";
> > > +ok(`service libvirtd status` =~ /running/, "libvirtd is
> running");
> >
> > > +
> > > +# restart libvirtd
> > > +$hook->action('restart');
> > > +$hook->expect_log;
> > > +
> > > +diag "$hook->{action} libvirtd";
> > > +$hook->service_libvirtd;
> > > +
> > > +diag "hook script: $hook->{name}";
> > > +system "cat $hook->{name}";
> > > +
> > > +sleep 3;
> > > +diag "check if $hook->{name} is invocated";
> > > +ok(-f "$hook->{name}", "$hook->{name} is invocated");
> > > +
> > > +diag "actual log: $hook->{log_name}";
> > > +system "cat $hook->{log_name}";
> > > +
> > > +diag "expected log:";
> > > +print $hook->{expect_log}."\n";
> > > +
> > > +diag "check if the actual log is same with expected log";
> > > +ok($hook->compare_log, "$hook->{name} is invocated correctly
> while
> > $hook->{action} libvirtd");
> > > +
> > > +diag "check if libvirtd is still running";
> > > +ok(`service libvirtd status` =~ /running/, "libvirtd is
> running");
> >
> > > +
> > > +# reload libvirtd
> > > +$hook->action('reload');
> > > +$hook->expect_log;
> > > +
> > > +diag "$hook->{action} libvirtd";
> > > +$hook->service_libvirtd;
> > > +
> > > +diag "hook script: $hook->{name}";
> > > +system "cat $hook->{name}";
> > > +
> > > +sleep 3;
> > > +diag "check if $hook->{name} is invocated";
> > > +ok(-f "$hook->{name}", "$hook->{name} is invocated");
> > > +
> > > +diag "actual log: $hook->{log_name}";
> > > +system "cat $hook->{log_name}";
> > > +
> > > +diag "expected log:";
> > > +print $hook->{expect_log}."\n";
> > > +
> > > +diag "check if the actual log is same with expected log";
> > > +ok($hook->compare_log, "$hook->{name} is invocated correctly
> while
> > $hook->{action} libvirtd");
> > > +
> > > +diag "check if libvirtd is still running";
> > > +ok(`service libvirtd status` =~ /running/, "libvirtd is
> running");
> >
> > > +
> > > +$hook->cleanup;
> >
> > As mentioned in the previous patch, it is probably best to wrap the
> > entire test block in a
> >
> > SKIP: {
> > my $uri = $conn->get_uri();
> > skip 12, "Not using QEMU/LXC driver" unless
> > $uri eq "qemu:///system" or $uri eq "lxc:///";
> >
> > ....all test cases...
> > }
> >
>
> As explained in previous mail. will not "SKIP" it. :-/
>
> - Osier
>
> > Regards,
> > Daniel
> > --
> > |: Red Hat, Engineering, London -o-
> > http://people.redhat.com/berrange/ :|
> > |: http://libvirt.org -o- http://virt-manager.org -o-
> > http://deltacloud.org :|
> > |: http://autobuild.org -o-
> > http://search.cpan.org/~danberr/ :|
> > |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742
> 7D3B
> > 9505 :|
>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
2
1
updated patches attached.. adopted 'Slurp' in function 'compare_log'
instead of using "$/". :-)
and add 'Slurp' requirement in 'Build.pl'
- Osier
----- "Osier" <jyang(a)redhat.com> wrote:
> ----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
>
> > On Mon, Oct 18, 2010 at 07:18:08AM +0800, Osier Yang wrote:
> > > To test daemon, qemu, lxc hook.
> > >
> > > * lib/Sys/Virt/TCK/Hooks.pm
> > > ---
> > > lib/Sys/Virt/TCK/Hooks.pm | 262
> > +++++++++++++++++++++++++++++++++++++++++++++
> > > 1 files changed, 262 insertions(+), 0 deletions(-)
> > > create mode 100644 lib/Sys/Virt/TCK/Hooks.pm
> > >
> > > diff --git a/lib/Sys/Virt/TCK/Hooks.pm
> b/lib/Sys/Virt/TCK/Hooks.pm
> >
> > > +sub libvirtd_status {
> > > + my $self = shift;
> > > + my $status = `service libvirtd status`;
> > > + my $_ = $status;
> > > +
> > > + if (/running/) {
> > > + $self->{libvirtd_status} = 'running';
> > > + } elsif (/stopped/) {
> > > + $self->{libvirtd_status} = 'stopped';
> > > + }
> > > +
> > > + return $self;
> > > +}
> >
> > > +sub service_libvirtd {
> > > + my $self = shift;
> > > + my $action = $self->{action};
> > > +
> > > + truncate $self->{log_name}, 0 if -f $self->{log_name};
> > > +
> > > + die "failed on $action daemon" if system "service libvirtd
> > $action";
> > > +
> > > + $self->libvirtd_status;
> > > +}
> >
> > Is there any way we can avoid having to start/stop libvirtd
> > for this testing ? The general goal of the TCK is that it
> > is testing an existing deployment, so it should be expecting
> > that libvirtd is already up & running in a desired configuration.
> >
> > If we have to stop/start libvirtd, then the test script using
> > these APIs will need to be protected to make sure it only
> > runs when used with 'qemu:///system' or 'lxc://'. ie is skipped
> > with qemu:///session or vmware, or virtualbox, etc
> >
>
> For daemon hook testing, It's neccessary to start/stop/restart the
> libvirtd. Otherwise we can't see if the hook script is invoked or
> not.
> It doesn't relate to which hypervisor driver is used..
>
> > > +
> > > +sub compare_log {
> > > + my $self = shift;
> > > +
> > > + my $expect_log = $self->{expect_log};
> > > + my $log_name = $self->{log_name};
> > > +
> > > + open LOG, "< $log_name" or die "failed on opening $log_name:
> > $!";
> > > +
> > > + my @lines = <LOG>;
> > > +
> > > + return 0 unless @lines;
> > > +
> > > + chomp foreach @lines;
> > > + my $actual_log = join "\n", @lines;
> > > +
> > > + close LOG;
> >
> > Little perl black magic tip for you....
> >
> > If you want to read the entire file contents into a single
> > string, then you can do
> >
> > open LOG, "<$log_name";
> > local $/ = undef;
> > my $actual_log = <LOG>;
> > close LOG;
> >
> > '$/' is the line separator. By setting it to 'undef' we tell
> > Perl that there is no line separator, so it will immediately
> > read until end of file :-) BTW see 'man perlvar' for this
> > particular example
> >
>
> cool trick.. will update it.. thanks.. :-)
>
> >
> > Daniel
> > --
> > |: Red Hat, Engineering, London -o-
> > http://people.redhat.com/berrange/ :|
> > |: http://libvirt.org -o- http://virt-manager.org -o-
> > http://deltacloud.org :|
> > |: http://autobuild.org -o-
> > http://search.cpan.org/~danberr/ :|
> > |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742
> 7D3B
> > 9505 :|
>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
2
1
21 Oct '10
The QEMU 0.13 release is finally out and from testing in RHEL-6
we know that its JSON and netdev features are now good enough
for us to use by default.
* src/qemu/qemu_conf.c: Enable JSON + netdev for QEMU >= 0.13
---
src/qemu/qemu_conf.c | 17 ++++++++---------
1 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 9bb8e95..e2c67a3 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1225,9 +1225,6 @@ static unsigned long long qemudComputeCmdFlags(const char *help,
if (strstr(help, "-fsdev"))
flags |= QEMUD_CMD_FLAG_FSDEV;
- /* Keep disabled till we're actually ready to turn on netdev mode
- * The plan is todo it in 0.13.0 QEMU, but lets wait & see... */
-#if 0
if (strstr(help, "-netdev")) {
/* Disable -netdev on 0.12 since although it exists,
* the corresponding netdev_add/remove monitor commands
@@ -1235,7 +1232,7 @@ static unsigned long long qemudComputeCmdFlags(const char *help,
if (version >= 13000)
flags |= QEMUD_CMD_FLAG_NETDEV;
}
-#endif
+
if (strstr(help, "-sdl"))
flags |= QEMUD_CMD_FLAG_SDL;
if (strstr(help, "cores=") &&
@@ -1279,12 +1276,14 @@ static unsigned long long qemudComputeCmdFlags(const char *help,
if (version >= 10000)
flags |= QEMUD_CMD_FLAG_0_10;
- /* Keep disabled till we're actually ready to turn on JSON mode
- * The plan is todo it in 0.13.0 QEMU, but lets wait & see... */
-#if 0
- if (version >= 13000)
+ /* While JSON mode was available in 0.12.0, it was too
+ * incomplete to contemplate using. The 0.13.0 release
+ * is good enough to use, even though it lacks one or
+ * two features. The benefits of JSON mode now outweigh
+ * the downside.
+ */
+ if (version >= 13000)
flags |= QEMUD_CMD_FLAG_MONITOR_JSON;
-#endif
return flags;
}
--
1.7.2.3
3
2
Hello,
is there any possibility to use something like "self-ballooning" in KVM
guests? Is there any script/apps which can get actual memory usage from
guest and send balloon command to host?
Thank you,
Jaromir.
1
0
Hi all,
Looking at the ruby-libvirt repository, I can see a 0.2.0 version was
tagged in June of this year, however the latest version available on
rubygems.org is still 0.1.0 from 2008. Would it be possible for the
current maint (Chris?) to take ownership of the gem on rubygems, and
push the current version?
I can see that some distributions have packaged the new version
independently, but life would be made much easier for everyone else if
gems were published to rubygems as they're released.
Cheers,
Pete
2
2