Devel
Threads by month
- ----- 2026 -----
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- 14 participants
- 40168 discussions
25 Oct '10
Using automated replacement with sed and editing I have now replaced all
occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of
course. Some replacements were straight forward, others I needed to pay
attention. I hope I payed attention in all the right places... Please
have a look. This should have at least solved one more double-close
error.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
daemon/libvirtd.c | 46 ++++++---------
proxy/libvirt_proxy.c | 16 ++---
src/libvirt.c | 8 +-
src/lxc/lxc_container.c | 15 +++--
src/lxc/lxc_controller.c | 27 +++------
src/lxc/lxc_driver.c | 24 +++-----
src/node_device/node_device_linux_sysfs.c | 5 -
src/nwfilter/nwfilter_ebiptables_driver.c | 8 +-
src/openvz/openvz_conf.c | 35 ++++-------
src/openvz/openvz_driver.c | 3 -
src/phyp/phyp_driver.c | 13 ++--
src/qemu/qemu_conf.c | 30 ++++------
src/qemu/qemu_driver.c | 89 ++++++++++++------------------
src/qemu/qemu_monitor.c | 6 +-
src/remote/remote_driver.c | 18 ++----
src/secret/secret_driver.c | 12 +---
src/security/security_apparmor.c | 9 +--
src/security/security_selinux.c | 9 +--
src/security/virt-aa-helper.c | 9 +--
src/storage/storage_backend.c | 25 +++-----
src/storage/storage_backend_fs.c | 11 ++-
src/storage/storage_backend_iscsi.c | 5 -
src/storage/storage_backend_logical.c | 10 +--
src/storage/storage_backend_mpath.c | 5 -
src/storage/storage_backend_scsi.c | 8 +-
src/storage/storage_driver.c | 5 -
src/test/test_driver.c | 20 ++----
src/uml/uml_conf.c | 3 -
src/uml/uml_driver.c | 24 ++++----
src/util/bridge.c | 13 ++--
src/util/conf.c | 3 -
src/util/hooks.c | 21 +++----
src/util/interface.c | 12 ++--
src/util/logging.c | 6 +-
src/util/macvtap.c | 8 +-
src/util/pci.c | 6 --
src/util/storage_file.c | 5 +
src/util/util.c | 67 ++++++++++------------
src/util/uuid.c | 9 +--
src/util/virtaudit.c | 3 -
src/xen/proxy_internal.c | 8 +-
src/xen/xen_hypervisor.c | 12 ++--
src/xen/xen_inotify.c | 3 -
src/xen/xend_internal.c | 12 +---
tests/testutils.c | 21 ++++---
tools/console.c | 3 -
46 files changed, 327 insertions(+), 383 deletions(-)
Index: libvirt-acl/src/libvirt.c
===================================================================
--- libvirt-acl.orig/src/libvirt.c
+++ libvirt-acl/src/libvirt.c
@@ -10794,7 +10794,7 @@ virStreamRef(virStreamPtr stream)
* ... report an error ....
* done:
* virStreamFree(st);
- * close(fd);
+ * VIR_FORCE_CLOSE(fd);
*
* Returns the number of bytes written, which may be less
* than requested.
@@ -10884,7 +10884,7 @@ error:
* ... report an error ....
* done:
* virStreamFree(st);
- * close(fd);
+ * VIR_FORCE_CLOSE(fd);
*
*
* Returns the number of bytes read, which may be less
@@ -10964,7 +10964,7 @@ error:
* if (virStreamFinish(st) < 0)
* ...report an error...
* virStreamFree(st);
- * close(fd);
+ * VIR_FORCE_CLOSE(fd);
*
* Returns 0 if all the data was successfully sent. The caller
* should invoke virStreamFinish(st) to flush the stream upon
@@ -11061,7 +11061,7 @@ cleanup:
* if (virStreamFinish(st) < 0)
* ...report an error...
* virStreamFree(st);
- * close(fd);
+ * VIR_FORCE_CLOSE(fd);
*
* Returns 0 if all the data was successfully received. The caller
* should invoke virStreamFinish(st) to flush the stream upon
Index: libvirt-acl/src/lxc/lxc_container.c
===================================================================
--- libvirt-acl.orig/src/lxc/lxc_container.c
+++ libvirt-acl/src/lxc/lxc_container.c
@@ -52,6 +52,7 @@
#include "util.h"
#include "memory.h"
#include "veth.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -127,7 +128,7 @@ static int lxcContainerExecInit(virDomai
static int lxcContainerSetStdio(int control, int ttyfd)
{
int rc = -1;
- int open_max, i;
+ int open_max, i, tpmfd;
if (setsid() < 0) {
virReportSystemError(errno, "%s",
@@ -145,8 +146,10 @@ static int lxcContainerSetStdio(int cont
* close all FDs before executing the container */
open_max = sysconf (_SC_OPEN_MAX);
for (i = 0; i < open_max; i++)
- if (i != ttyfd && i != control)
- close(i);
+ if (i != ttyfd && i != control) {
+ tpmfd = i;
+ VIR_FORCE_CLOSE(tpmfd);
+ }
if (dup2(ttyfd, 0) < 0) {
virReportSystemError(errno, "%s",
@@ -222,7 +225,7 @@ static int lxcContainerWaitForContinue(i
_("Failed to read the container continue message"));
return -1;
}
- close(control);
+ VIR_FORCE_CLOSE(control);
DEBUG0("Received container continue message");
@@ -776,10 +779,10 @@ static int lxcContainerChild( void *data
VIR_FREE(ttyPath);
if (lxcContainerSetStdio(argv->monitor, ttyfd) < 0) {
- close(ttyfd);
+ VIR_FORCE_CLOSE(ttyfd);
return -1;
}
- close(ttyfd);
+ VIR_FORCE_CLOSE(ttyfd);
if (lxcContainerSetupMounts(vmDef, root) < 0)
return -1;
Index: libvirt-acl/src/lxc/lxc_controller.c
===================================================================
--- libvirt-acl.orig/src/lxc/lxc_controller.c
+++ libvirt-acl/src/lxc/lxc_controller.c
@@ -48,6 +48,7 @@
#include "veth.h"
#include "memory.h"
#include "util.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -233,8 +234,7 @@ static int lxcMonitorServer(const char *
return fd;
error:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -409,7 +409,7 @@ static int lxcControllerMain(int monitor
goto cleanup;
}
if (client != -1) { /* Already connected, so kick new one out */
- close(fd);
+ VIR_FORCE_CLOSE(fd);
continue;
}
client = fd;
@@ -426,8 +426,7 @@ static int lxcControllerMain(int monitor
_("epoll_ctl(client) failed"));
goto cleanup;
}
- close(client);
- client = -1;
+ VIR_FORCE_CLOSE(client);
} else {
if (epollEvent.events & EPOLLIN) {
curFdOff = epollEvent.data.fd == appPty ? 0 : 1;
@@ -485,9 +484,9 @@ static int lxcControllerMain(int monitor
rc = 0;
cleanup:
- close(appPty);
- close(contPty);
- close(epollFd);
+ VIR_FORCE_CLOSE(appPty);
+ VIR_FORCE_CLOSE(contPty);
+ VIR_FORCE_CLOSE(epollFd);
return rc;
}
@@ -660,8 +659,7 @@ lxcControllerRun(virDomainDefPtr def,
control[1],
containerPtyPath)) < 0)
goto cleanup;
- close(control[1]);
- control[1] = -1;
+ VIR_FORCE_CLOSE(control[1]);
if (lxcControllerMoveInterfaces(nveths, veths, container) < 0)
goto cleanup;
@@ -679,13 +677,10 @@ lxcControllerRun(virDomainDefPtr def,
cleanup:
VIR_FREE(devptmx);
VIR_FREE(devpts);
- if (control[0] != -1)
- close(control[0]);
- if (control[1] != -1)
- close(control[1]);
+ VIR_FORCE_CLOSE(control[0]);
+ VIR_FORCE_CLOSE(control[1]);
VIR_FREE(containerPtyPath);
- if (containerPty != -1)
- close(containerPty);
+ VIR_FORCE_CLOSE(containerPty);
if (container > 1) {
int status;
Index: libvirt-acl/src/lxc/lxc_driver.c
===================================================================
--- libvirt-acl.orig/src/lxc/lxc_driver.c
+++ libvirt-acl/src/lxc/lxc_driver.c
@@ -51,6 +51,7 @@
#include "uuid.h"
#include "stats_linux.h"
#include "hooks.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -974,7 +975,7 @@ static int lxcVmCleanup(lxc_driver_t *dr
}
virEventRemoveHandle(priv->monitorWatch);
- close(priv->monitor);
+ VIR_FORCE_CLOSE(priv->monitor);
virFileDeletePid(driver->stateDir, vm->def->name);
virDomainDeleteConfig(driver->stateDir, NULL, vm);
@@ -1156,8 +1157,7 @@ static int lxcMonitorClient(lxc_driver_t
error:
VIR_FREE(sockpath);
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -1544,14 +1544,10 @@ cleanup:
vethDelete(veths[i]);
VIR_FREE(veths[i]);
}
- if (rc != 0 && priv->monitor != -1) {
- close(priv->monitor);
- priv->monitor = -1;
- }
- if (parentTty != -1)
- close(parentTty);
- if (logfd != -1)
- close(logfd);
+ if (rc != 0)
+ VIR_FORCE_CLOSE(priv->monitor);
+ VIR_FORCE_CLOSE(parentTty);
+ VIR_FORCE_CLOSE(logfd);
VIR_FREE(logfile);
return rc;
}
@@ -2011,8 +2007,7 @@ lxcReconnectVM(void *payload, const char
/* Read pid from controller */
if ((virFileReadPid(lxc_driver->stateDir, vm->def->name, &vm->pid)) != 0) {
- close(priv->monitor);
- priv->monitor = -1;
+ VIR_FORCE_CLOSE(priv->monitor);
goto cleanup;
}
@@ -2042,8 +2037,7 @@ lxcReconnectVM(void *payload, const char
}
} else {
vm->def->id = -1;
- close(priv->monitor);
- priv->monitor = -1;
+ VIR_FORCE_CLOSE(priv->monitor);
}
cleanup:
Index: libvirt-acl/src/node_device/node_device_linux_sysfs.c
===================================================================
--- libvirt-acl.orig/src/node_device/node_device_linux_sysfs.c
+++ libvirt-acl/src/node_device/node_device_linux_sysfs.c
@@ -31,6 +31,7 @@
#include "virterror_internal.h"
#include "memory.h"
#include "logging.h"
+#include "files.h"
#include <dirent.h>
#define VIR_FROM_THIS VIR_FROM_NODEDEV
@@ -104,9 +105,7 @@ int read_wwn_linux(int host, const char
}
out:
- if (fd != -1) {
- close(fd);
- }
+ VIR_FORCE_CLOSE(fd);
return retval;
}
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -37,6 +37,7 @@
#include "nwfilter_conf.h"
#include "nwfilter_gentech_driver.h"
#include "nwfilter_ebiptables_driver.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_NWFILTER
@@ -2501,13 +2502,12 @@ ebiptablesWriteToTempFile(const char *st
}
VIR_FREE(header);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return filnam;
err_exit:
VIR_FREE(header);
- if (fd >= 0)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
unlink(filename);
return NULL;
}
@@ -3267,7 +3267,7 @@ iptablesCheckBridgeNFCallEnabled(bool is
lastReport = now;
}
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
}
}
}
Index: libvirt-acl/src/openvz/openvz_conf.c
===================================================================
--- libvirt-acl.orig/src/openvz/openvz_conf.c
+++ libvirt-acl/src/openvz/openvz_conf.c
@@ -50,6 +50,7 @@
#include "memory.h"
#include "util.h"
#include "nodeinfo.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_OPENVZ
@@ -109,7 +110,7 @@ openvzExtractVersionInfo(const char *cmd
cleanup2:
VIR_FREE(help);
- if (close(newstdout) < 0)
+ if (VIR_CLOSE(newstdout) < 0)
ret = -1;
rewait:
@@ -569,7 +570,7 @@ openvzWriteConfigParam(const char * conf
goto error;
temp_fd = open(temp_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (temp_fd == -1) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
goto error;
}
@@ -590,12 +591,10 @@ openvzWriteConfigParam(const char * conf
safewrite(temp_fd, "\"\n", 2) < 0)
goto error;
- if (close(fd) < 0)
+ if (VIR_CLOSE(fd) < 0)
goto error;
- fd = -1;
- if (close(temp_fd) < 0)
+ if (VIR_CLOSE(temp_fd) < 0)
goto error;
- temp_fd = -1;
if (rename(temp_file, conf_file) < 0)
goto error;
@@ -603,10 +602,8 @@ openvzWriteConfigParam(const char * conf
return 0;
error:
- if (fd != -1)
- close(fd);
- if (temp_fd != -1)
- close(temp_fd);
+ VIR_FORCE_CLOSE(fd);
+ VIR_FORCE_CLOSE(temp_fd);
if (temp_file)
unlink(temp_file);
VIR_FREE(temp_file);
@@ -662,7 +659,7 @@ openvzReadConfigParam(const char * conf_
}
}
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (ret == 0 && found)
ret = 1;
@@ -703,7 +700,7 @@ openvz_copyfile(char* from_path, char* t
return -1;
copy_fd = open(to_path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (copy_fd == -1) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -716,19 +713,16 @@ openvz_copyfile(char* from_path, char* t
goto error;
}
- if (close(fd) < 0)
+ if (VIR_CLOSE(fd) < 0)
goto error;
- fd = -1;
- if (close(copy_fd) < 0)
+ if (VIR_CLOSE(copy_fd) < 0)
goto error;
return 0;
error:
- if (fd != -1)
- close(fd);
- if (copy_fd != -1)
- close(copy_fd);
+ VIR_FORCE_CLOSE(fd);
+ VIR_FORCE_CLOSE(copy_fd);
return -1;
}
@@ -880,8 +874,7 @@ openvzGetVPSUUID(int vpsid, char *uuidst
}
retval = 0;
cleanup:
- if (fd >= 0)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
VIR_FREE(conf_file);
return retval;
Index: libvirt-acl/src/openvz/openvz_driver.c
===================================================================
--- libvirt-acl.orig/src/openvz/openvz_driver.c
+++ libvirt-acl/src/openvz/openvz_driver.c
@@ -57,6 +57,7 @@
#include "nodeinfo.h"
#include "memory.h"
#include "bridge.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_OPENVZ
@@ -1540,7 +1541,7 @@ Version: 2.2
}
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (ret < 0)
return -1;
Index: libvirt-acl/src/phyp/phyp_driver.c
===================================================================
--- libvirt-acl.orig/src/phyp/phyp_driver.c
+++ libvirt-acl/src/phyp/phyp_driver.c
@@ -58,6 +58,7 @@
#include "domain_conf.h"
#include "storage_conf.h"
#include "nodeinfo.h"
+#include "files.h"
#include "phyp_driver.h"
@@ -457,11 +458,11 @@ phypUUIDTable_WriteFile(virConnectPtr co
}
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return 0;
err:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -672,11 +673,11 @@ phypUUIDTable_ReadFile(virConnectPtr con
} else
virReportOOMError();
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return 0;
err:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -764,7 +765,7 @@ phypUUIDTable_Pull(virConnectPtr conn)
}
break;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
goto exit;
exit:
@@ -1001,7 +1002,7 @@ openSSHSession(virConnectPtr conn, virCo
if (connect(sock, cur->ai_addr, cur->ai_addrlen) == 0) {
goto connected;
}
- close(sock);
+ VIR_FORCE_CLOSE(sock);
}
cur = cur->ai_next;
}
Index: libvirt-acl/src/qemu/qemu_conf.c
===================================================================
--- libvirt-acl.orig/src/qemu/qemu_conf.c
+++ libvirt-acl/src/qemu/qemu_conf.c
@@ -55,6 +55,7 @@
#include "macvtap.h"
#include "cpu/cpu.h"
#include "domain_nwfilter.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -530,7 +531,7 @@ qemudProbeMachineTypes(const char *binar
cleanup2:
VIR_FREE(output);
cleanup:
- if (close(newstdout) < 0)
+ if (VIR_CLOSE(newstdout) < 0)
ret = -1;
rewait:
@@ -780,7 +781,7 @@ qemudProbeCPUModels(const char *qemu,
cleanup:
VIR_FREE(output);
- if (close(newstdout) < 0)
+ if (VIR_CLOSE(newstdout) < 0)
ret = -1;
rewait:
@@ -1421,7 +1422,7 @@ static void qemudParsePCIDeviceStrs(cons
cleanup:
VIR_FREE(pciassign);
- close(newstderr);
+ VIR_FORCE_CLOSE(newstderr);
rewait:
if (waitpid(child, &status, 0) != child) {
if (errno == EINTR)
@@ -1481,7 +1482,7 @@ int qemudExtractVersionInfo(const char *
cleanup2:
VIR_FREE(help);
- if (close(newstdout) < 0)
+ if (VIR_CLOSE(newstdout) < 0)
ret = -1;
rewait:
@@ -1596,8 +1597,7 @@ qemudPhysIfaceConnect(virConnectPtr conn
if ((net->filter) && (net->ifname)) {
err = virDomainConfNWFilterInstantiate(conn, net);
if (err) {
- close(rc);
- rc = -1;
+ VIR_FORCE_CLOSE(rc);
delMacvtap(net->ifname, net->mac, net->data.direct.linkdev,
&net->data.direct.virtPortProfile);
VIR_FREE(net->ifname);
@@ -1742,10 +1742,8 @@ qemudNetworkIfaceConnect(virConnectPtr c
if (tapfd >= 0) {
if ((net->filter) && (net->ifname)) {
err = virDomainConfNWFilterInstantiate(conn, net);
- if (err) {
- close(tapfd);
- tapfd = -1;
- }
+ if (err)
+ VIR_FORCE_CLOSE(tapfd);
}
}
@@ -4557,7 +4555,7 @@ int qemudBuildCommandLine(virConnectPtr
if (VIR_REALLOC_N(*vmfds, (*nvmfds)+1) < 0) {
virDomainConfNWFilterTeardown(net);
- close(tapfd);
+ VIR_FORCE_CLOSE(tapfd);
goto no_memory;
}
@@ -4576,7 +4574,7 @@ int qemudBuildCommandLine(virConnectPtr
if (VIR_REALLOC_N(*vmfds, (*nvmfds)+1) < 0) {
virDomainConfNWFilterTeardown(net);
- close(tapfd);
+ VIR_FORCE_CLOSE(tapfd);
goto no_memory;
}
@@ -4596,7 +4594,7 @@ int qemudBuildCommandLine(virConnectPtr
int vhostfd = qemudOpenVhostNet(net, qemuCmdFlags);
if (vhostfd >= 0) {
if (VIR_REALLOC_N(*vmfds, (*nvmfds)+1) < 0) {
- close(vhostfd);
+ VIR_FORCE_CLOSE(vhostfd);
goto no_memory;
}
@@ -5094,14 +5092,14 @@ int qemudBuildCommandLine(virConnectPtr
if (configfd >= 0) {
if (virAsprintf(&configfd_name, "%d", configfd) < 0) {
- close(configfd);
+ VIR_FORCE_CLOSE(configfd);
virReportOOMError();
goto no_memory;
}
if (VIR_REALLOC_N(*vmfds, (*nvmfds)+1) < 0) {
VIR_FREE(configfd_name);
- close(configfd);
+ VIR_FORCE_CLOSE(configfd);
goto no_memory;
}
@@ -5194,7 +5192,7 @@ int qemudBuildCommandLine(virConnectPtr
if (vmfds &&
*vmfds) {
for (i = 0; i < *nvmfds; i++)
- close((*vmfds)[i]);
+ VIR_FORCE_CLOSE((*vmfds)[i]);
VIR_FREE(*vmfds);
*nvmfds = 0;
}
Index: libvirt-acl/src/qemu/qemu_driver.c
===================================================================
--- libvirt-acl.orig/src/qemu/qemu_driver.c
+++ libvirt-acl/src/qemu/qemu_driver.c
@@ -81,6 +81,7 @@
#include "hooks.h"
#include "storage_file.h"
#include "virtaudit.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -761,7 +762,7 @@ qemudLogFD(struct qemud_driver *driver,
if (virSetCloseExec(fd) < 0) {
virReportSystemError(errno, "%s",
_("Unable to set VM logfile close-on-exec flag"));
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
return fd;
@@ -793,14 +794,14 @@ qemudLogReadFD(const char* logDir, const
if (virSetCloseExec(fd) < 0) {
virReportSystemError(errno, "%s",
_("Unable to set VM logfile close-on-exec flag"));
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
if (pos < 0 || lseek(fd, pos, SEEK_SET) < 0) {
- virReportSystemError(pos < 0 ? 0 : errno,
+ virReportSystemError(pos < 0 ? 0 : errno,
_("Unable to seek to %lld in %s"),
(long long) pos, logfile);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
}
return fd;
}
@@ -2392,7 +2393,7 @@ cleanup:
}
closelog:
- if (close(logfd) < 0) {
+ if (VIR_CLOSE(logfd) < 0) {
char ebuf[4096];
VIR_WARN("Unable to close logfile: %s",
virStrerror(errno, ebuf, sizeof ebuf));
@@ -2971,13 +2972,13 @@ static int qemudNextFreeVNCPort(struct q
return -1;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&reuse, sizeof(reuse)) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
break;
}
if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == 0) {
/* Not in use, lets grab it */
- close(fd);
+ VIR_FORCE_CLOSE(fd);
/* Add port to bitmap of reserved ports */
if (virBitmapSetBit(driver->reservedVNCPorts,
i - QEMU_VNC_PORT_MIN) < 0) {
@@ -2986,7 +2987,7 @@ static int qemudNextFreeVNCPort(struct q
}
return i;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (errno == EADDRINUSE) {
/* In use, try next */
@@ -3238,7 +3239,7 @@ qemuPrepareChardevDevice(virDomainDefPtr
return -1;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return 0;
}
@@ -3955,7 +3956,7 @@ static int qemudStartVMDaemon(virConnect
if (vmfds) {
for (i = 0 ; i < nvmfds ; i++) {
- close(vmfds[i]);
+ VIR_FORCE_CLOSE(vmfds[i]);
}
VIR_FREE(vmfds);
}
@@ -4008,8 +4009,7 @@ static int qemudStartVMDaemon(virConnect
if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)
goto cleanup;
- if (logfile != -1)
- close(logfile);
+ VIR_FORCE_CLOSE(logfile);
return 0;
@@ -4019,8 +4019,7 @@ cleanup:
* pretend we never started it */
qemudShutdownVMDaemon(driver, vm, 0);
- if (logfile != -1)
- close(logfile);
+ VIR_FORCE_CLOSE(logfile);
return -1;
}
@@ -4295,7 +4294,7 @@ static int kvmGetMaxVCPUs(void) {
if (r > 0)
maxvcpus = r;
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return maxvcpus;
}
@@ -5397,10 +5396,10 @@ static int qemudDomainSaveFlag(struct qe
goto endjob;
}
if (qemudDomainSaveFileOpHook(fd, &hdata) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
goto endjob;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno, _("unable to close %s"), path);
goto endjob;
}
@@ -5796,7 +5795,7 @@ static int qemudDomainCoreDump(virDomain
goto endjob;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno,
_("unable to save file %s"),
path);
@@ -6424,8 +6423,7 @@ static int qemudOpenAsUID(const char *pa
/* parent */
/* parent doesn't need the write side of the pipe */
- close(pipefd[1]);
- pipefd[1] = -1;
+ VIR_FORCE_CLOSE(pipefd[1]);
if (forkRet < 0) {
virReportSystemError(errno,
@@ -6437,10 +6435,8 @@ static int qemudOpenAsUID(const char *pa
fd = pipefd[0];
pipefd[0] = -1;
parent_cleanup:
- if (pipefd[0] != -1)
- close(pipefd[0]);
- if (pipefd[1] != -1)
- close(pipefd[1]);
+ VIR_FORCE_CLOSE(pipefd[0]);
+ VIR_FORCE_CLOSE(pipefd[1]);
if ((fd < 0) && (*child_pid > 0)) {
/* a child process was started and subsequently an error
occurred in the parent, so we need to wait for it to
@@ -6466,7 +6462,7 @@ parent_cleanup:
struct passwd pwd, *pwd_result;
/* child doesn't need the read side of the pipe */
- close(pipefd[0]);
+ VIR_FORCE_CLOSE(pipefd[0]);
if (forkRet < 0) {
exit_code = errno;
@@ -6531,10 +6527,8 @@ parent_cleanup:
child_cleanup:
VIR_FREE(buf);
- if (fd != -1)
- close(fd);
- if (pipefd[1] != -1)
- close(pipefd[1]);
+ VIR_FORCE_CLOSE(fd);
+ VIR_FORCE_CLOSE(pipefd[1]);
_exit(exit_code);
}
@@ -6542,8 +6536,10 @@ static int qemudDomainSaveImageClose(int
{
int ret = 0;
- if (fd != -1)
- close(fd);
+ if (VIR_CLOSE(fd) < 0) {
+ virReportSystemError(errno, "%s",
+ _("cannot close file"));
+ }
if (read_pid != -1) {
/* reap the process that read the file */
@@ -6699,8 +6695,7 @@ qemudDomainSaveImageStartVM(virConnectPt
/* empty */
}
}
- if (intermediatefd != -1)
- close(intermediatefd);
+ VIR_FORCE_CLOSE(intermediatefd);
wait_ret = qemudDomainSaveImageClose(fd, read_pid, &status);
fd = -1;
@@ -8065,9 +8060,7 @@ static int qemudDomainAttachNetDevice(vi
}
qemuDomainObjExitMonitorWithDriver(driver, vm);
- if (tapfd != -1)
- close(tapfd);
- tapfd = -1;
+ VIR_FORCE_CLOSE(tapfd);
if (!virDomainObjIsActive(vm)) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -8117,8 +8110,7 @@ cleanup:
VIR_FREE(nicstr);
VIR_FREE(netstr);
VIR_FREE(tapfd_name);
- if (tapfd != -1)
- close(tapfd);
+ VIR_FORCE_CLOSE(tapfd);
return ret;
@@ -8247,8 +8239,7 @@ static int qemudDomainAttachHostPciDevic
VIR_FREE(devstr);
VIR_FREE(configfd_name);
- if (configfd >= 0)
- close(configfd);
+ VIR_FORCE_CLOSE(configfd);
return 0;
@@ -8262,8 +8253,7 @@ error:
VIR_FREE(devstr);
VIR_FREE(configfd_name);
- if (configfd >= 0)
- close(configfd);
+ VIR_FORCE_CLOSE(configfd);
return -1;
}
@@ -10357,8 +10347,7 @@ static int qemuDomainGetBlockInfo(virDom
}
cleanup:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (vm)
virDomainObjUnlock(vm);
return ret;
@@ -10673,8 +10662,7 @@ cleanup:
static void qemuStreamMigFree(struct qemuStreamMigFile *qemust)
{
- if (qemust->fd != -1)
- close(qemust->fd);
+ VIR_FORCE_CLOSE(qemust->fd);
VIR_FREE(qemust);
}
@@ -11510,10 +11498,8 @@ finish:
qemuDomainObjExitRemoteWithDriver(driver, vm);
cleanup:
- if (client_sock != -1)
- close(client_sock);
- if (qemu_sock != -1)
- close(qemu_sock);
+ VIR_FORCE_CLOSE(client_sock);
+ VIR_FORCE_CLOSE(qemu_sock);
if (ddomain)
virUnrefDomain(ddomain);
@@ -12292,8 +12278,7 @@ cleanup:
VIR_FREE(snapFile);
VIR_FREE(snapDir);
VIR_FREE(newxml);
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
Index: libvirt-acl/src/qemu/qemu_monitor.c
===================================================================
--- libvirt-acl.orig/src/qemu/qemu_monitor.c
+++ libvirt-acl/src/qemu/qemu_monitor.c
@@ -36,6 +36,7 @@
#include "virterror_internal.h"
#include "memory.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -283,7 +284,7 @@ qemuMonitorOpenUnix(const char *monitor)
return monfd;
error:
- close(monfd);
+ VIR_FORCE_CLOSE(monfd);
return -1;
}
@@ -694,8 +695,7 @@ void qemuMonitorClose(qemuMonitorPtr mon
if (!mon->closed) {
if (mon->watch)
virEventRemoveHandle(mon->watch);
- if (mon->fd != -1)
- close(mon->fd);
+ VIR_FORCE_CLOSE(mon->fd);
/* NB: ordinarily one might immediately set mon->watch to -1
* and mon->fd to -1, but there may be a callback active
* that is still relying on these fields being valid. So
Index: libvirt-acl/src/remote/remote_driver.c
===================================================================
--- libvirt-acl.orig/src/remote/remote_driver.c
+++ libvirt-acl/src/remote/remote_driver.c
@@ -82,6 +82,7 @@
#include "util.h"
#include "event.h"
#include "ignore-value.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_REMOTE
@@ -711,7 +712,7 @@ doRemoteOpen (virConnectPtr conn,
if (errno == ECONNREFUSED &&
flags & VIR_DRV_OPEN_REMOTE_AUTOSTART &&
trials < 20) {
- close(priv->sock);
+ VIR_FORCE_CLOSE(priv->sock);
priv->sock = -1;
if (trials > 0 ||
remoteForkDaemon() == 0) {
@@ -955,8 +956,7 @@ doRemoteOpen (virConnectPtr conn,
failed:
/* Close the socket if we failed. */
- if (priv->errfd >= 0)
- close(priv->errfd);
+ VIR_FORCE_CLOSE(priv->errfd);
if (priv->sock >= 0) {
if (priv->uses_tls && priv->session) {
@@ -977,10 +977,8 @@ retry:
#endif
}
- if (wakeupFD[0] >= 0) {
- close(wakeupFD[0]);
- close(wakeupFD[1]);
- }
+ VIR_FORCE_CLOSE(wakeupFD[0]);
+ VIR_FORCE_CLOSE(wakeupFD[1]);
VIR_FREE(priv->hostname);
goto cleanup;
@@ -1456,10 +1454,8 @@ retry:
} while (reap != -1 && reap != priv->pid);
}
#endif
- if (priv->wakeupReadFD >= 0) {
- close(priv->wakeupReadFD);
- close(priv->wakeupSendFD);
- }
+ VIR_FORCE_CLOSE(priv->wakeupReadFD);
+ VIR_FORCE_CLOSE(priv->wakeupSendFD);
/* Free hostname copy */
Index: libvirt-acl/src/secret/secret_driver.c
===================================================================
--- libvirt-acl.orig/src/secret/secret_driver.c
+++ libvirt-acl/src/secret/secret_driver.c
@@ -41,6 +41,7 @@
#include "util.h"
#include "uuid.h"
#include "virterror_internal.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_SECRET
@@ -181,7 +182,7 @@ replaceFile(const char *filename, void *
tmp_path);
goto cleanup;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno, _("error closing '%s'"), tmp_path);
goto cleanup;
}
@@ -196,8 +197,7 @@ replaceFile(const char *filename, void *
ret = 0;
cleanup:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (tmp_path != NULL) {
unlink(tmp_path);
VIR_FREE(tmp_path);
@@ -394,8 +394,7 @@ secretLoadValue(virSecretDriverStatePtr
virReportSystemError(errno, _("cannot read '%s'"), filename);
goto cleanup;
}
- close(fd);
- fd = -1;
+ VIR_FORCE_CLOSE(fd);
if (!base64_decode_alloc(contents, st.st_size, &value, &value_size)) {
virSecretReportError(VIR_ERR_INTERNAL_ERROR,
@@ -422,8 +421,7 @@ cleanup:
memset(contents, 0, st.st_size);
VIR_FREE(contents);
}
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
VIR_FREE(filename);
return ret;
}
Index: libvirt-acl/src/security/security_apparmor.c
===================================================================
--- libvirt-acl.orig/src/security/security_apparmor.c
+++ libvirt-acl/src/security/security_apparmor.c
@@ -37,6 +37,7 @@
#include "uuid.h"
#include "pci.h"
#include "hostusb.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_APPARMOR_VOID_DOI "0"
@@ -215,7 +216,7 @@ load_profile(virSecurityDriverPtr drv,
virReportSystemError(errno, "%s", _("unable to write to pipe"));
goto clean;
}
- close(pipefd[1]);
+ VIR_FORCE_CLOSE(pipefd[1]);
rc = 0;
rewait:
@@ -233,10 +234,8 @@ load_profile(virSecurityDriverPtr drv,
clean:
VIR_FREE(xml);
- if (pipefd[0] > 0)
- close(pipefd[0]);
- if (pipefd[1] > 0)
- close(pipefd[1]);
+ VIR_FORCE_CLOSE(pipefd[0]);
+ VIR_FORCE_CLOSE(pipefd[1]);
return rc;
}
Index: libvirt-acl/src/security/security_selinux.c
===================================================================
--- libvirt-acl.orig/src/security/security_selinux.c
+++ libvirt-acl/src/security/security_selinux.c
@@ -30,6 +30,7 @@
#include "storage_file.h"
#include "uuid.h"
#include "virtaudit.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
@@ -122,10 +123,10 @@ SELinuxInitialize(void)
virReportSystemError(errno,
_("cannot read SELinux virtual domain context file %s"),
selinux_virtual_domain_context_path());
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
ptr = strchrnul(default_domain_context, '\n');
*ptr = '\0';
@@ -141,10 +142,10 @@ SELinuxInitialize(void)
virReportSystemError(errno,
_("cannot read SELinux virtual image context file %s"),
selinux_virtual_image_context_path());
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
ptr = strchrnul(default_image_context, '\n');
if (*ptr == '\n') {
Index: libvirt-acl/src/security/virt-aa-helper.c
===================================================================
--- libvirt-acl.orig/src/security/virt-aa-helper.c
+++ libvirt-acl/src/security/virt-aa-helper.c
@@ -37,6 +37,7 @@
#include "uuid.h"
#include "hostusb.h"
#include "pci.h"
+#include "files.h"
static char *progname;
@@ -278,12 +279,12 @@ update_include_file(const char *include_
}
if (safewrite(fd, pcontent, plen) < 0) { /* don't write the '\0' */
- close(fd);
+ VIR_FORCE_CLOSE(fd);
vah_error(NULL, 0, "failed to write to profile");
goto clean;
}
- if (close(fd) != 0) {
+ if (VIR_CLOSE(fd) != 0) {
vah_error(NULL, 0, "failed to close or write to profile");
goto clean;
}
@@ -385,12 +386,12 @@ create_profile(const char *profile, cons
}
if (safewrite(fd, pcontent, plen - 1) < 0) { /* don't write the '\0' */
- close(fd);
+ VIR_FORCE_CLOSE(fd);
vah_error(NULL, 0, "failed to write to profile");
goto clean_all;
}
- if (close(fd) != 0) {
+ if (VIR_CLOSE(fd) != 0) {
vah_error(NULL, 0, "failed to close or write to profile");
goto clean_all;
}
Index: libvirt-acl/src/storage/storage_backend.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_backend.c
+++ libvirt-acl/src/storage/storage_backend.c
@@ -51,6 +51,7 @@
#include "storage_file.h"
#include "storage_backend.h"
#include "logging.h"
+#include "files.h"
#if WITH_STORAGE_LVM
# include "storage_backend_logical.h"
@@ -181,7 +182,7 @@ virStorageBackendCopyToFD(virStorageVolD
} while ((amtleft -= 512) > 0);
}
- if (inputfd != -1 && close(inputfd) < 0) {
+ if (VIR_CLOSE(inputfd) < 0) {
ret = -errno;
virReportSystemError(errno,
_("cannot close file '%s'"),
@@ -193,8 +194,7 @@ virStorageBackendCopyToFD(virStorageVolD
*total -= remain;
cleanup:
- if (inputfd != -1)
- close(inputfd);
+ VIR_FORCE_CLOSE(inputfd);
VIR_FREE(buf);
@@ -251,7 +251,7 @@ virStorageBackendCreateBlockFrom(virConn
vol->target.path, vol->target.perms.mode);
goto cleanup;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno,
_("cannot close file '%s'"),
vol->target.path);
@@ -261,8 +261,7 @@ virStorageBackendCreateBlockFrom(virConn
ret = 0;
cleanup:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
@@ -608,7 +607,7 @@ static int virStorageBackendQEMUImgBacki
cleanup:
VIR_FREE(help);
- close(newstdout);
+ VIR_FORCE_CLOSE(newstdout);
rewait:
if (child) {
if (waitpid(child, &status, 0) != child) {
@@ -997,7 +996,7 @@ virStorageBackendVolOpenCheckMode(const
virReportSystemError(errno,
_("cannot stat file '%s'"),
path);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -1009,7 +1008,7 @@ virStorageBackendVolOpenCheckMode(const
mode = VIR_STORAGE_VOL_OPEN_BLOCK;
if (!(mode & flags)) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (mode & VIR_STORAGE_VOL_OPEN_ERROR) {
virStorageReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1045,7 +1044,7 @@ virStorageBackendUpdateVolTargetInfo(vir
allocation,
capacity);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
@@ -1461,10 +1460,8 @@ virStorageBackendRunProgRegex(virStorage
if (list)
fclose(list);
- else {
- if (fd >= 0)
- close(fd);
- }
+ else
+ VIR_FORCE_CLOSE(fd);
while ((err = waitpid(child, &exitstatus, 0) == -1) && errno == EINTR);
Index: libvirt-acl/src/storage/storage_backend_fs.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_backend_fs.c
+++ libvirt-acl/src/storage/storage_backend_fs.c
@@ -45,6 +45,7 @@
#include "util.h"
#include "memory.h"
#include "xml.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -72,25 +73,25 @@ virStorageBackendProbeTarget(virStorageV
if ((ret = virStorageBackendUpdateVolTargetInfoFD(target, fd,
allocation,
capacity)) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
memset(&meta, 0, sizeof(meta));
if ((target->format = virStorageFileProbeFormatFromFD(target->path, fd)) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
if (virStorageFileGetMetadataFromFD(target->path, fd,
target->format,
&meta) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (meta.backingStore) {
*backingStore = meta.backingStore;
@@ -98,7 +99,7 @@ virStorageBackendProbeTarget(virStorageV
if (meta.backingStoreFormat == VIR_STORAGE_FILE_AUTO) {
if ((*backingStoreFormat
= virStorageFileProbeFormat(*backingStore)) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
goto cleanup;
}
} else {
Index: libvirt-acl/src/storage/storage_backend_iscsi.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_backend_iscsi.c
+++ libvirt-acl/src/storage/storage_backend_iscsi.c
@@ -41,6 +41,7 @@
#include "util.h"
#include "memory.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -237,9 +238,7 @@ out:
if (fp != NULL) {
fclose(fp);
} else {
- if (fd != -1) {
- close(fd);
- }
+ VIR_FORCE_CLOSE(fd);
}
return ret;
Index: libvirt-acl/src/storage/storage_backend_logical.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_backend_logical.c
+++ libvirt-acl/src/storage/storage_backend_logical.c
@@ -37,6 +37,7 @@
#include "util.h"
#include "memory.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -408,10 +409,10 @@ virStorageBackendLogicalBuildPool(virCon
virReportSystemError(errno,
_("cannot clear device header of '%s'"),
pool->def->source.devices[i].path);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
goto cleanup;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno,
_("cannot close device '%s'"),
pool->def->source.devices[i].path);
@@ -622,7 +623,7 @@ virStorageBackendLogicalCreateVol(virCon
goto cleanup;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno,
_("cannot close file '%s'"),
vol->target.path);
@@ -641,8 +642,7 @@ virStorageBackendLogicalCreateVol(virCon
return 0;
cleanup:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
virStorageBackendLogicalDeleteVol(conn, pool, vol, 0);
return -1;
}
Index: libvirt-acl/src/storage/storage_backend_mpath.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_backend_mpath.c
+++ libvirt-acl/src/storage/storage_backend_mpath.c
@@ -35,6 +35,7 @@
#include "storage_backend.h"
#include "memory.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -61,9 +62,7 @@ virStorageBackendMpathUpdateVolTargetInf
ret = 0;
out:
- if (fd != -1) {
- close(fd);
- }
+ VIR_FORCE_CLOSE(fd);
return ret;
}
Index: libvirt-acl/src/storage/storage_backend_scsi.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_backend_scsi.c
+++ libvirt-acl/src/storage/storage_backend_scsi.c
@@ -32,6 +32,7 @@
#include "storage_backend_scsi.h"
#include "memory.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -154,8 +155,7 @@ virStorageBackendSCSIUpdateVolTargetInfo
ret = 0;
cleanup:
- if (fd >= 0)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
@@ -572,14 +572,14 @@ virStorageBackendSCSITriggerRescan(uint3
if (safewrite(fd,
LINUX_SYSFS_SCSI_HOST_SCAN_STRING,
sizeof(LINUX_SYSFS_SCSI_HOST_SCAN_STRING)) < 0) {
-
+ VIR_FORCE_CLOSE(fd);
virReportSystemError(errno,
_("Write to '%s' to trigger host scan failed"),
path);
retval = -1;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
free_path:
VIR_FREE(path);
out:
Index: libvirt-acl/src/storage/storage_driver.c
===================================================================
--- libvirt-acl.orig/src/storage/storage_driver.c
+++ libvirt-acl/src/storage/storage_driver.c
@@ -45,6 +45,7 @@
#include "memory.h"
#include "storage_backend.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -1664,9 +1665,7 @@ storageVolumeWipeInternal(virStorageVolD
out:
VIR_FREE(writebuf);
- if (fd != -1) {
- close(fd);
- }
+ VIR_FORCE_CLOSE(fd);
return ret;
}
Index: libvirt-acl/src/test/test_driver.c
===================================================================
--- libvirt-acl.orig/src/test/test_driver.c
+++ libvirt-acl/src/test/test_driver.c
@@ -50,6 +50,7 @@
#include "xml.h"
#include "threads.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_TEST
@@ -788,8 +789,7 @@ static int testOpenFromFile(virConnectPt
_("Invalid XML in file '%s'"), file);
goto error;
}
- close(fd);
- fd = -1;
+ VIR_FORCE_CLOSE(fd);
root = xmlDocGetRootElement(xml);
if ((root == NULL) || (!xmlStrEqual(root->name, BAD_CAST "node"))) {
@@ -1101,8 +1101,7 @@ static int testOpenFromFile(virConnectPt
VIR_FREE(networks);
VIR_FREE(ifaces);
VIR_FREE(pools);
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
virDomainObjListDeinit(&privconn->domains);
virNetworkObjListFree(&privconn->networks);
virInterfaceObjListFree(&privconn->ifaces);
@@ -1752,7 +1751,7 @@ static int testDomainSave(virDomainPtr d
goto cleanup;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno,
_("saving domain '%s' to '%s': write failed"),
domain->name, path);
@@ -1779,8 +1778,7 @@ cleanup:
* in either case we're already in a failure scenario
* and have reported a earlier error */
if (ret != 0) {
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
unlink(path);
}
if (privdom)
@@ -1870,8 +1868,7 @@ static int testDomainRestore(virConnectP
cleanup:
virDomainDefFree(def);
VIR_FREE(xml);
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (dom)
virDomainObjUnlock(dom);
if (event)
@@ -1911,7 +1908,7 @@ static int testDomainCoreDump(virDomainP
domain->name, to);
goto cleanup;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
virReportSystemError(errno,
_("domain '%s' coredump: write failed: %s"),
domain->name, to);
@@ -1932,8 +1929,7 @@ static int testDomainCoreDump(virDomainP
ret = 0;
cleanup:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (privdom)
virDomainObjUnlock(privdom);
if (event)
Index: libvirt-acl/src/uml/uml_conf.c
===================================================================
--- libvirt-acl.orig/src/uml/uml_conf.c
+++ libvirt-acl/src/uml/uml_conf.c
@@ -47,6 +47,7 @@
#include "bridge.h"
#include "logging.h"
#include "domain_nwfilter.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_UML
@@ -367,7 +368,7 @@ umlBuildCommandLineChr(virDomainChrDefPt
}
if (virAsprintf(&ret, "%s%d=null,fd:%d", dev, def->target.port, fd_out) < 0) {
virReportOOMError();
- close(fd_out);
+ VIR_FORCE_CLOSE(fd_out);
return NULL;
}
FD_SET(fd_out, keepfd);
Index: libvirt-acl/src/uml/uml_driver.c
===================================================================
--- libvirt-acl.orig/src/uml/uml_driver.c
+++ libvirt-acl/src/uml/uml_driver.c
@@ -59,6 +59,7 @@
#include "datatypes.h"
#include "logging.h"
#include "domain_nwfilter.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_UML
@@ -533,7 +534,7 @@ umlShutdown(void) {
umlDriverLock(uml_driver);
if (uml_driver->inotifyWatch != -1)
virEventRemoveHandle(uml_driver->inotifyWatch);
- close(uml_driver->inotifyFD);
+ VIR_FORCE_CLOSE(uml_driver->inotifyFD);
virCapabilitiesFree(uml_driver->caps);
/* shutdown active VMs
@@ -659,8 +660,7 @@ restat:
if (bind(priv->monitor, (struct sockaddr *)&addr, sizeof addr) < 0) {
virReportSystemError(errno,
"%s", _("cannot bind socket"));
- close(priv->monitor);
- priv->monitor = -1;
+ VIR_FORCE_CLOSE(priv->monitor);
return -1;
}
@@ -811,7 +811,7 @@ static int umlStartVMDaemon(virConnectPt
virDomainObjPtr vm) {
const char **argv = NULL, **tmp;
const char **progenv = NULL;
- int i, ret;
+ int i, ret, tmpfd;
pid_t pid;
char *logfile;
int logfd = -1;
@@ -870,13 +870,13 @@ static int umlStartVMDaemon(virConnectPt
if (umlSetCloseExec(logfd) < 0) {
virReportSystemError(errno,
"%s", _("Unable to set VM logfile close-on-exec flag"));
- close(logfd);
+ VIR_FORCE_CLOSE(logfd);
return -1;
}
if (umlBuildCommandLine(conn, driver, vm, &keepfd,
&argv, &progenv) < 0) {
- close(logfd);
+ VIR_FORCE_CLOSE(logfd);
virDomainConfVMNWFilterTeardown(vm);
umlCleanupTapDevices(conn, vm);
return -1;
@@ -912,15 +912,17 @@ static int umlStartVMDaemon(virConnectPt
-1, &logfd, &logfd,
VIR_EXEC_CLEAR_CAPS,
NULL, NULL, NULL);
- close(logfd);
+ VIR_FORCE_CLOSE(logfd);
/*
* At the moment, the only thing that populates keepfd is
* umlBuildCommandLineChr. We want to close every fd it opens.
*/
for (i = 0; i < FD_SETSIZE; i++)
- if (FD_ISSET(i, &keepfd))
- close(i);
+ if (FD_ISSET(i, &keepfd)) {
+ tmpfd = i;
+ VIR_FORCE_CLOSE(tmpfd);
+ }
for (i = 0 ; argv[i] ; i++)
VIR_FREE(argv[i]);
@@ -957,9 +959,7 @@ static void umlShutdownVMDaemon(virConne
virKillProcess(vm->pid, SIGTERM);
- if (priv->monitor != -1)
- close(priv->monitor);
- priv->monitor = -1;
+ VIR_FORCE_CLOSE(priv->monitor);
if ((ret = waitpid(vm->pid, NULL, 0)) != vm->pid) {
VIR_WARN("Got unexpected pid %d != %d",
Index: libvirt-acl/src/util/bridge.c
===================================================================
--- libvirt-acl.orig/src/util/bridge.c
+++ libvirt-acl/src/util/bridge.c
@@ -24,6 +24,7 @@
#if defined(WITH_BRIDGE)
# include "bridge.h"
+# include "files.h"
# include <stdlib.h>
# include <stdio.h>
@@ -81,12 +82,12 @@ brInit(brControl **ctlp)
if ((flags = fcntl(fd, F_GETFD)) < 0 ||
fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
int err = errno;
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return err;
}
if (VIR_ALLOC(*ctlp) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ENOMEM;
}
@@ -107,7 +108,7 @@ brShutdown(brControl *ctl)
if (!ctl)
return;
- close(ctl->fd);
+ VIR_FORCE_CLOSE(ctl->fd);
ctl->fd = 0;
VIR_FREE(ctl);
@@ -539,11 +540,11 @@ brAddTap(brControl *ctl,
if (tapfd)
*tapfd = fd;
else
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return 0;
error:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return errno;
}
@@ -574,7 +575,7 @@ int brDeleteTap(brControl *ctl,
}
error:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return errno;
}
Index: libvirt-acl/src/util/conf.c
===================================================================
--- libvirt-acl.orig/src/util/conf.c
+++ libvirt-acl/src/util/conf.c
@@ -24,6 +24,7 @@
#include "util.h"
#include "c-ctype.h"
#include "memory.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_CONF
@@ -954,7 +955,7 @@ virConfWriteFile(const char *filename, v
content = virBufferContentAndReset(&buf);
ret = safewrite(fd, content, use);
VIR_FREE(content);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (ret != (int)use) {
virConfError(NULL, VIR_ERR_WRITE_FAILED, _("failed to save content"));
return -1;
Index: libvirt-acl/src/util/interface.c
===================================================================
--- libvirt-acl.orig/src/util/interface.c
+++ libvirt-acl/src/util/interface.c
@@ -39,6 +39,7 @@
#include "util.h"
#include "interface.h"
#include "virterror_internal.h"
+#include "files.h"
#define ifaceError(code, ...) \
virReportErrorHelper(NULL, VIR_FROM_NET, code, __FILE__, \
@@ -82,7 +83,7 @@ ifaceGetFlags(const char *ifname, short
*flags = ifr.ifr_flags;
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return rc;
}
@@ -161,7 +162,7 @@ static int chgIfaceFlags(const char *ifn
}
err_exit:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return rc;
}
@@ -259,8 +260,7 @@ ifaceCheck(bool reportError, const char
}
err_exit:
- if (fd >= 0)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return rc;
}
@@ -326,7 +326,7 @@ ifaceGetIndex(bool reportError, const ch
}
err_exit:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return rc;
}
@@ -373,7 +373,7 @@ ifaceGetVlanID(const char *vlanifname, i
*vlanid = vlanargs.u.VID;
err_exit:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return rc;
}
Index: libvirt-acl/src/util/logging.c
===================================================================
--- libvirt-acl.orig/src/util/logging.c
+++ libvirt-acl/src/util/logging.c
@@ -40,6 +40,7 @@
#include "util.h"
#include "buf.h"
#include "threads.h"
+#include "files.h"
/*
* Macro used to format the message as a string in virLogMessage
@@ -603,8 +604,7 @@ static int virLogOutputToFd(const char *
static void virLogCloseFd(void *data) {
int fd = (long) data;
- if (fd >= 0)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
}
static int virLogAddOutputToStderr(int priority) {
@@ -622,7 +622,7 @@ static int virLogAddOutputToFile(int pri
return(-1);
if (virLogDefineOutput(virLogOutputToFd, virLogCloseFd, (void *)(long)fd,
priority, VIR_LOG_TO_FILE, file, 0) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return(-1);
}
return(0);
Index: libvirt-acl/src/util/macvtap.c
===================================================================
--- libvirt-acl.orig/src/util/macvtap.c
+++ libvirt-acl/src/util/macvtap.c
@@ -52,6 +52,7 @@
# include "conf/domain_conf.h"
# include "virterror_internal.h"
# include "uuid.h"
+# include "files.h"
# define VIR_FROM_THIS VIR_FROM_NET
@@ -94,7 +95,7 @@ static int nlOpen(void)
static void nlClose(int fd)
{
- close(fd);
+ VIR_FORCE_CLOSE(fd);
}
@@ -689,7 +690,7 @@ create_name:
if (rc >= 0) {
if (configMacvtapTap(rc, vnet_hdr) < 0) {
- close(rc);
+ VIR_FORCE_CLOSE(rc);
rc = -1;
goto disassociate_exit;
}
@@ -778,8 +779,7 @@ getLldpadPid(void) {
_("Error opening file %s"), LLDPAD_PID_FILE);
}
- if (fd >= 0)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return pid;
}
Index: libvirt-acl/src/util/pci.c
===================================================================
--- libvirt-acl.orig/src/util/pci.c
+++ libvirt-acl/src/util/pci.c
@@ -37,6 +37,7 @@
#include "memory.h"
#include "util.h"
#include "virterror_internal.h"
+#include "files.h"
/* avoid compilation breakage on some systems */
#ifndef MODPROBE
@@ -188,10 +189,7 @@ pciCloseConfig(pciDevice *dev)
if (!dev)
return;
- if (dev->fd >= 0) {
- close(dev->fd);
- dev->fd = -1;
- }
+ VIR_FORCE_CLOSE(dev->fd);
}
static int
Index: libvirt-acl/src/util/storage_file.c
===================================================================
--- libvirt-acl.orig/src/util/storage_file.c
+++ libvirt-acl/src/util/storage_file.c
@@ -36,6 +36,7 @@
#include "memory.h"
#include "virterror_internal.h"
#include "logging.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -688,7 +689,7 @@ virStorageFileProbeFormat(const char *pa
ret = virStorageFileProbeFormatFromFD(path, fd);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
@@ -782,7 +783,7 @@ virStorageFileGetMetadata(const char *pa
ret = virStorageFileGetMetadataFromFD(path, fd, format, meta);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
Index: libvirt-acl/src/util/util.c
===================================================================
--- libvirt-acl.orig/src/util/util.c
+++ libvirt-acl/src/util/util.c
@@ -71,6 +71,7 @@
#include "memory.h"
#include "threads.h"
#include "verify.h"
+#include "files.h"
#ifndef NSIG
# define NSIG 32
@@ -461,6 +462,7 @@ __virExec(const char *const*argv,
int pipeerr[2] = {-1,-1};
int childout = -1;
int childerr = -1;
+ int tmpfd;
if ((null = open("/dev/null", O_RDONLY)) < 0) {
virReportSystemError(errno,
@@ -534,13 +536,13 @@ __virExec(const char *const*argv,
}
if (pid) { /* parent */
- close(null);
+ VIR_FORCE_CLOSE(null);
if (outfd && *outfd == -1) {
- close(pipeout[1]);
+ VIR_FORCE_CLOSE(pipeout[1]);
*outfd = pipeout[0];
}
if (errfd && *errfd == -1) {
- close(pipeerr[1]);
+ VIR_FORCE_CLOSE(pipeerr[1]);
*errfd = pipeerr[0];
}
@@ -568,8 +570,10 @@ __virExec(const char *const*argv,
i != childout &&
i != childerr &&
(!keepfd ||
- !FD_ISSET(i, keepfd)))
- close(i);
+ !FD_ISSET(i, keepfd))) {
+ tmpfd = i;
+ VIR_FORCE_CLOSE(tmpfd);
+ }
if (dup2(infd >= 0 ? infd : null, STDIN_FILENO) < 0) {
virReportSystemError(errno,
@@ -589,14 +593,15 @@ __virExec(const char *const*argv,
goto fork_error;
}
- if (infd > 0)
- close(infd);
- close(null);
- if (childout > 0)
- close(childout);
+ VIR_FORCE_CLOSE(infd);
+ VIR_FORCE_CLOSE(null);
+ tmpfd = childout; /* preserve childout value */
+ VIR_FORCE_CLOSE(tmpfd);
if (childerr > 0 &&
- childerr != childout)
- close(childerr);
+ childerr != childout) {
+ VIR_FORCE_CLOSE(childerr);
+ childout = -1;
+ }
/* Daemonize as late as possible, so the parent process can detect
* the above errors with wait* */
@@ -666,16 +671,11 @@ __virExec(const char *const*argv,
/* NB we don't virUtilError() on any failures here
because the code which jumped hre already raised
an error condition which we must not overwrite */
- if (pipeerr[0] > 0)
- close(pipeerr[0]);
- if (pipeerr[1] > 0)
- close(pipeerr[1]);
- if (pipeout[0] > 0)
- close(pipeout[0]);
- if (pipeout[1] > 0)
- close(pipeout[1]);
- if (null > 0)
- close(null);
+ VIR_FORCE_CLOSE(pipeerr[0]);
+ VIR_FORCE_CLOSE(pipeerr[1]);
+ VIR_FORCE_CLOSE(pipeout[0]);
+ VIR_FORCE_CLOSE(pipeout[1]);
+ VIR_FORCE_CLOSE(null);
return -1;
}
@@ -865,10 +865,8 @@ virRunWithHook(const char *const*argv,
VIR_FREE(outbuf);
VIR_FREE(errbuf);
VIR_FREE(argv_str);
- if (outfd != -1)
- close(outfd);
- if (errfd != -1)
- close(errfd);
+ VIR_FORCE_CLOSE(outfd);
+ VIR_FORCE_CLOSE(errfd);
return ret;
}
@@ -1099,7 +1097,7 @@ int virFileReadAll(const char *path, int
}
int len = virFileReadLimFD(fd, maxlen, buf);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (len < 0) {
virReportSystemError(errno, _("Failed to read file '%s'"), path);
return -1;
@@ -1305,7 +1303,7 @@ static int virFileOperationNoFork(const
if ((hook) && ((ret = hook(fd, hookdata)) != 0)) {
goto error;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
ret = -errno;
virReportSystemError(errno, _("failed to close new file '%s'"),
path);
@@ -1314,8 +1312,7 @@ static int virFileOperationNoFork(const
}
fd = -1;
error:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
@@ -1466,7 +1463,7 @@ parenterror:
if ((hook) && ((ret = hook(fd, hookdata)) != 0)) {
goto childerror;
}
- if (close(fd) < 0) {
+ if (VIR_CLOSE(fd) < 0) {
ret = -errno;
virReportSystemError(errno, _("child failed to close new file '%s'"),
path);
@@ -1743,10 +1740,8 @@ int virFileOpenTtyAt(const char *ptmx,
rc = 0;
cleanup:
- if (rc != 0 &&
- *ttymaster != -1) {
- close(*ttymaster);
- }
+ if (rc != 0)
+ VIR_FORCE_CLOSE(*ttymaster);
return rc;
@@ -1812,7 +1807,7 @@ int virFileWritePidPath(const char *pidf
if (!(file = fdopen(fd, "w"))) {
rc = errno;
- close(fd);
+ VIR_FORCE_CLOSE(fd);
goto cleanup;
}
Index: libvirt-acl/src/util/uuid.c
===================================================================
--- libvirt-acl.orig/src/util/uuid.c
+++ libvirt-acl/src/util/uuid.c
@@ -39,6 +39,7 @@
#include "virterror_internal.h"
#include "logging.h"
#include "memory.h"
+#include "files.h"
#ifndef ENODATA
# define ENODATA EIO
@@ -61,7 +62,7 @@ virUUIDGenerateRandomBytes(unsigned char
if ((n = read(fd, buf, buflen)) <= 0) {
if (errno == EINTR)
continue;
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return n < 0 ? errno : ENODATA;
}
@@ -69,7 +70,7 @@ virUUIDGenerateRandomBytes(unsigned char
buflen -= n;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return 0;
}
@@ -240,10 +241,10 @@ getDMISystemUUID(char *uuid, int len)
int fd = open(paths[i], O_RDONLY);
if (fd > 0) {
if (saferead(fd, uuid, len) == len) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return 0;
}
- close(fd);
+ VIR_FORCE_CLOSE(fd);
}
i++;
}
Index: libvirt-acl/src/util/virtaudit.c
===================================================================
--- libvirt-acl.orig/src/util/virtaudit.c
+++ libvirt-acl/src/util/virtaudit.c
@@ -30,6 +30,7 @@
#include "virterror_internal.h"
#include "logging.h"
#include "virtaudit.h"
+#include "files.h"
/* Provide the macros in case the header file is old.
FIXME: should be removed. */
@@ -133,6 +134,6 @@ void virAuditSend(const char *file ATTRI
void virAuditClose(void)
{
#if HAVE_AUDIT
- close(auditfd);
+ VIR_CLOSE(auditfd);
#endif
}
Index: libvirt-acl/src/xen/proxy_internal.c
===================================================================
--- libvirt-acl.orig/src/xen/proxy_internal.c
+++ libvirt-acl/src/xen/proxy_internal.c
@@ -30,6 +30,7 @@
#include "util.h"
#include "xen_driver.h"
#include "memory.h"
+#include "files.h"
#define STANDALONE
@@ -196,7 +197,7 @@ retry:
addr.sun_family = AF_UNIX;
addr.sun_path[0] = '\0';
if (virStrcpy(&addr.sun_path[1], path, sizeof(addr.sun_path) - 1) == NULL) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -204,7 +205,7 @@ retry:
* now bind the socket to that address and listen on it
*/
if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
- close(fd);
+ VIR_FORCE_CLOSE(fd);
if (trials < 3) {
if (virProxyForkServer() < 0)
return(-1);
@@ -236,12 +237,11 @@ virProxyCloseSocket(xenUnifiedPrivatePtr
if (priv->proxy < 0)
return(-1);
- ret = close(priv->proxy);
+ ret = VIR_CLOSE(priv->proxy);
if (ret != 0)
VIR_WARN("Failed to close socket %d", priv->proxy);
else
VIR_DEBUG("Closed socket %d", priv->proxy);
- priv->proxy = -1;
return(ret);
}
Index: libvirt-acl/src/xen/xen_hypervisor.c
===================================================================
--- libvirt-acl.orig/src/xen/xen_hypervisor.c
+++ libvirt-acl/src/xen/xen_hypervisor.c
@@ -65,6 +65,7 @@
#include "buf.h"
#include "capabilities.h"
#include "memory.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_XEN
@@ -2036,7 +2037,7 @@ xenHypervisorInit(void)
hypervisor_version = -1;
virXenError(VIR_ERR_XEN_CALL, " ioctl %lu",
(unsigned long) IOCTL_PRIVCMD_HYPERCALL);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
in_init = 0;
return(-1);
@@ -2122,13 +2123,13 @@ xenHypervisorInit(void)
hypervisor_version = -1;
virXenError(VIR_ERR_XEN_CALL, " ioctl %lu",
(unsigned long)IOCTL_PRIVCMD_HYPERCALL);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
in_init = 0;
VIR_FREE(ipt);
return(-1);
done:
- close(fd);
+ VIR_FORCE_CLOSE(fd);
in_init = 0;
VIR_FREE(ipt);
return(0);
@@ -2191,7 +2192,7 @@ xenHypervisorClose(virConnectPtr conn)
if (priv->handle < 0)
return -1;
- ret = close(priv->handle);
+ ret = VIR_CLOSE(priv->handle);
if (ret < 0)
return (-1);
@@ -2396,8 +2397,7 @@ get_cpu_flags(virConnectPtr conn, const
ret = 1;
out:
- if (fd != -1)
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return ret;
}
Index: libvirt-acl/src/xen/xen_inotify.c
===================================================================
--- libvirt-acl.orig/src/xen/xen_inotify.c
+++ libvirt-acl/src/xen/xen_inotify.c
@@ -39,6 +39,7 @@
#include "xend_internal.h"
#include "logging.h"
#include "uuid.h"
+#include "files.h"
#include "xm_internal.h" /* for xenXMDomainConfigParse */
@@ -483,7 +484,7 @@ xenInotifyClose(virConnectPtr conn)
if (priv->inotifyWatch != -1)
virEventRemoveHandle(priv->inotifyWatch);
- close(priv->inotifyFD);
+ VIR_FORCE_CLOSE(priv->inotifyFD);
return 0;
}
Index: libvirt-acl/src/xen/xend_internal.c
===================================================================
--- libvirt-acl.orig/src/xen/xend_internal.c
+++ libvirt-acl/src/xen/xend_internal.c
@@ -45,6 +45,7 @@
#include "xs_internal.h" /* To extract VNC port & Serial console TTY */
#include "memory.h"
#include "count-one-bits.h"
+#include "files.h"
/* required for cpumap_t */
#include <xen/dom0_ops.h>
@@ -118,7 +119,6 @@ static int
do_connect(virConnectPtr xend)
{
int s;
- int serrno;
int no_slow_start = 1;
xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) xend->privateData;
@@ -137,9 +137,7 @@ do_connect(virConnectPtr xend)
if (connect(s, (struct sockaddr *)&priv->addr, priv->addrlen) == -1) {
- serrno = errno;
- close(s);
- errno = serrno;
+ VIR_FORCE_CLOSE(s);
s = -1;
/*
@@ -387,7 +385,7 @@ xend_get(virConnectPtr xend, const char
"Content-Type: application/x-www-form-urlencoded\r\n" "\r\n");
ret = xend_req(s, content);
- close(s);
+ VIR_FORCE_CLOSE(s);
if (((ret < 0) || (ret >= 300)) &&
((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) {
@@ -437,7 +435,7 @@ xend_post(virConnectPtr xend, const char
swrites(s, ops);
ret = xend_req(s, &err_buf);
- close(s);
+ VIR_FORCE_CLOSE(s);
if ((ret < 0) || (ret >= 300)) {
virXendError(VIR_ERR_POST_FAILED,
@@ -843,7 +841,7 @@ xenDaemonOpen_tcp(virConnectPtr conn, co
memcpy(&priv->addr,
r->ai_addr,
r->ai_addrlen);
- close(sock);
+ VIR_FORCE_CLOSE(sock);
break;
}
Index: libvirt-acl/daemon/libvirtd.c
===================================================================
--- libvirt-acl.orig/daemon/libvirtd.c
+++ libvirt-acl/daemon/libvirtd.c
@@ -50,6 +50,7 @@
#include "libvirt_internal.h"
#include "virterror_internal.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
@@ -425,7 +426,7 @@ static int daemonForkIntoBackground(void
int stdoutfd = -1;
int nextpid;
- close(statuspipe[0]);
+ VIR_FORCE_CLOSE(statuspipe[0]);
if ((stdinfd = open("/dev/null", O_RDONLY)) < 0)
goto cleanup;
@@ -437,12 +438,10 @@ static int daemonForkIntoBackground(void
goto cleanup;
if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
goto cleanup;
- if (close(stdinfd) < 0)
+ if (VIR_CLOSE(stdinfd) < 0)
goto cleanup;
- stdinfd = -1;
- if (close(stdoutfd) < 0)
+ if (VIR_CLOSE(stdoutfd) < 0)
goto cleanup;
- stdoutfd = -1;
if (setsid() < 0)
goto cleanup;
@@ -458,10 +457,8 @@ static int daemonForkIntoBackground(void
}
cleanup:
- if (stdoutfd != -1)
- close(stdoutfd);
- if (stdinfd != -1)
- close(stdinfd);
+ VIR_FORCE_CLOSE(stdoutfd);
+ VIR_FORCE_CLOSE(stdinfd);
return -1;
}
@@ -475,7 +472,7 @@ static int daemonForkIntoBackground(void
int ret;
char status;
- close(statuspipe[1]);
+ VIR_FORCE_CLOSE(statuspipe[1]);
/* We wait to make sure the first child forked successfully */
if ((got = waitpid(pid, &exitstatus, 0)) < 0 ||
@@ -518,7 +515,7 @@ static int qemudWritePidFile(const char
if (!(fh = fdopen(fd, "w"))) {
VIR_ERROR(_("Failed to fdopen pid file '%s' : %s"),
pidFile, virStrerror(errno, ebuf, sizeof ebuf));
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -607,8 +604,7 @@ static int qemudListenUnix(struct qemud_
return 0;
cleanup:
- if (sock->fd >= 0)
- close(sock->fd);
+ VIR_FORCE_CLOSE(sock->fd);
VIR_FREE(sock);
return -1;
}
@@ -745,7 +741,7 @@ remoteListenTCP (struct qemud_server *se
cleanup:
for (i = 0; i < nfds; ++i)
- close(fds[i]);
+ VIR_FORCE_CLOSE(fds[i]);
return -1;
}
@@ -1518,10 +1514,7 @@ void qemudDispatchClientFailure(struct q
gnutls_deinit (client->tlssession);
client->tlssession = NULL;
}
- if (client->fd != -1) {
- close(client->fd);
- client->fd = -1;
- }
+ VIR_FORCE_CLOSE(client->fd);
}
@@ -2421,17 +2414,15 @@ static int qemudStartEventLoop(struct qe
static void qemudCleanup(struct qemud_server *server) {
struct qemud_socket *sock;
- if (server->sigread != -1)
- close(server->sigread);
- if (server->sigwrite != -1)
- close(server->sigwrite);
+ VIR_FORCE_CLOSE(server->sigread);
+ VIR_FORCE_CLOSE(server->sigwrite);
sock = server->sockets;
while (sock) {
struct qemud_socket *next = sock->next;
if (sock->watch)
virEventRemoveHandleImpl(sock->watch);
- close(sock->fd);
+ VIR_FORCE_CLOSE(sock->fd);
/* Unlink unix domain sockets which are not in
* the abstract namespace */
@@ -2986,8 +2977,8 @@ daemonSetupSignals(struct qemud_server *
return 0;
error:
- close(sigpipe[0]);
- close(sigpipe[1]);
+ VIR_FORCE_CLOSE(sigpipe[0]);
+ VIR_FORCE_CLOSE(sigpipe[1]);
return -1;
}
@@ -3244,8 +3235,7 @@ int main(int argc, char **argv) {
while (write(statuswrite, &status, 1) == -1 &&
errno == EINTR)
;
- close(statuswrite);
- statuswrite = -1;
+ VIR_FORCE_CLOSE(statuswrite);
}
/* Start the event loop in a background thread, since
@@ -3302,7 +3292,7 @@ error:
errno == EINTR)
;
}
- close(statuswrite);
+ VIR_FORCE_CLOSE(statuswrite);
}
if (server)
qemudCleanup(server);
Index: libvirt-acl/src/util/hooks.c
===================================================================
--- libvirt-acl.orig/src/util/hooks.c
+++ libvirt-acl/src/util/hooks.c
@@ -36,6 +36,7 @@
#include "conf/domain_conf.h"
#include "logging.h"
#include "memory.h"
+#include "files.h"
#define VIR_FROM_THIS VIR_FROM_HOOK
@@ -368,7 +369,7 @@ virHookCall(int driver, const char *id,
}
ret = virExec(argv, env, NULL, &pid, pipefd[0], &outfd, &errfd,
VIR_EXEC_NONE | VIR_EXEC_NONBLOCK);
- if (close(pipefd[1]) < 0) {
+ if (VIR_CLOSE(pipefd[1]) < 0) {
virReportSystemError(errno, "%s",
_("unable to close pipe for hook input"));
}
@@ -418,17 +419,13 @@ virHookCall(int driver, const char *id,
}
cleanup:
- if (pipefd[0] >= 0) {
- if (close(pipefd[0]) < 0) {
- virReportSystemError(errno, "%s",
- _("unable to close pipe for hook input"));
- }
- }
- if (pipefd[1] >= 0) {
- if (close(pipefd[1]) < 0) {
- virReportSystemError(errno, "%s",
- _("unable to close pipe for hook input"));
- }
+ if (VIR_CLOSE(pipefd[0]) < 0) {
+ virReportSystemError(errno, "%s",
+ _("unable to close pipe for hook input"));
+ }
+ if (VIR_CLOSE(pipefd[1]) < 0) {
+ virReportSystemError(errno, "%s",
+ _("unable to close pipe for hook input"));
}
if (argv) {
for (i = 0 ; i < argc ; i++)
Index: libvirt-acl/tests/testutils.c
===================================================================
--- libvirt-acl.orig/tests/testutils.c
+++ libvirt-acl/tests/testutils.c
@@ -47,6 +47,8 @@
((((int) ((T)->tv_sec - (U)->tv_sec)) * 1000000.0 + \
((int) ((T)->tv_usec - (U)->tv_usec))) / 1000.0)
+#include "files.h"
+
static unsigned int testDebug = -1;
static unsigned int testVerbose = -1;
@@ -205,7 +207,7 @@ int virtTestLoadFile(const char *file,
static
void virtTestCaptureProgramExecChild(const char *const argv[],
int pipefd) {
- int i;
+ int i, tmpfd;
int open_max;
int stdinfd = -1;
const char *const env[] = {
@@ -222,8 +224,10 @@ void virtTestCaptureProgramExecChild(con
open_max = sysconf (_SC_OPEN_MAX);
for (i = 0; i < open_max; i++) {
if (i != stdinfd &&
- i != pipefd)
- close(i);
+ i != pipefd) {
+ tmpfd = i;
+ VIR_FORCE_CLOSE(tmpfd);
+ }
}
if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
@@ -237,8 +241,7 @@ void virtTestCaptureProgramExecChild(con
execve(argv[0], (char *const*)argv, (char *const*)env);
cleanup:
- if (stdinfd != -1)
- close(stdinfd);
+ VIR_FORCE_CLOSE(stdinfd);
}
int virtTestCaptureProgramOutput(const char *const argv[],
@@ -252,10 +255,10 @@ int virtTestCaptureProgramOutput(const c
int pid = fork();
switch (pid) {
case 0:
- close(pipefd[0]);
+ VIR_FORCE_CLOSE(pipefd[0]);
virtTestCaptureProgramExecChild(argv, pipefd[1]);
- close(pipefd[1]);
+ VIR_FORCE_CLOSE(pipefd[1]);
_exit(1);
case -1:
@@ -267,7 +270,7 @@ int virtTestCaptureProgramOutput(const c
int ret = -1;
int want = buflen-1;
- close(pipefd[1]);
+ VIR_FORCE_CLOSE(pipefd[1]);
while (want) {
if ((ret = read(pipefd[0], (*buf)+got, want)) <= 0)
@@ -275,7 +278,7 @@ int virtTestCaptureProgramOutput(const c
got += ret;
want -= ret;
}
- close(pipefd[0]);
+ VIR_FORCE_CLOSE(pipefd[0]);
if (!ret)
(*buf)[got] = '\0';
Index: libvirt-acl/proxy/libvirt_proxy.c
===================================================================
--- libvirt-acl.orig/proxy/libvirt_proxy.c
+++ libvirt-acl/proxy/libvirt_proxy.c
@@ -31,6 +31,7 @@
# include "xend_internal.h"
# include "xs_internal.h"
# include "xen_driver.h"
+# include "files.h"
static int fdServer = -1;
static int debug = 0;
@@ -133,10 +134,9 @@ proxyCloseUnixSocket(void) {
if (fdServer < 0)
return(0);
- ret = close(fdServer);
if (debug > 0)
fprintf(stderr, "closing unix socket %d: %d\n", fdServer, ret);
- fdServer = -1;
+ ret = VIR_CLOSE(fdServer);
pollInfos[0].fd = -1;
return(ret);
}
@@ -172,7 +172,7 @@ proxyListenUnixSocket(const char *path)
addr.sun_path[0] = '\0';
if (virStrcpy(&addr.sun_path[1], path, sizeof(addr.sun_path) - 1) == NULL) {
fprintf(stderr, "Path %s too long to fit into destination\n", path);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return -1;
}
@@ -181,12 +181,12 @@ proxyListenUnixSocket(const char *path)
*/
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
fprintf(stderr, "Failed to bind to socket %s\n", path);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return (-1);
}
if (listen(fd, 30 /* backlog */ ) < 0) {
fprintf(stderr, "Failed to listen to socket %s\n", path);
- close(fd);
+ VIR_FORCE_CLOSE(fd);
return (-1);
}
@@ -230,7 +230,7 @@ retry:
if (nbClients >= MAX_CLIENT) {
fprintf(stderr, "Too many client registered\n");
- close(client);
+ VIR_FORCE_CLOSE(client);
return(-1);
}
nbClients++;
@@ -260,7 +260,7 @@ static int
proxyCloseClientSocket(int nr) {
int ret;
- ret = close(pollInfos[nr].fd);
+ ret = VIR_CLOSE(pollInfos[nr].fd);
if (ret != 0)
fprintf(stderr, "Failed to close socket %d from client %d\n",
pollInfos[nr].fd, nr);
@@ -285,7 +285,7 @@ proxyCloseClientSockets(void) {
int i, ret;
for (i = 1;i <= nbClients;i++) {
- ret = close(pollInfos[i].fd);
+ ret = VIR_CLOSE(pollInfos[i].fd);
if (ret != 0)
fprintf(stderr, "Failed to close socket %d from client %d\n",
pollInfos[i].fd, i);
Index: libvirt-acl/tools/console.c
===================================================================
--- libvirt-acl.orig/tools/console.c
+++ libvirt-acl/tools/console.c
@@ -39,6 +39,7 @@
# include "internal.h"
# include "logging.h"
# include "util.h"
+# include "files.h"
/* ie Ctrl-] as per telnet */
# define CTRL_CLOSE_BRACKET '\35'
@@ -192,7 +193,7 @@ int vshRunConsole(const char *tty) {
tcsetattr(STDIN_FILENO, TCSAFLUSH, &ttyattr);
closetty:
- close(ttyfd);
+ VIR_FORCE_CLOSE(ttyfd);
return ret;
}
4
8
[libvirt] [PATCH 00/11] Misc fixes and changes related to virSocket APIs
by Daniel P. Berrange 23 Oct '10
by Daniel P. Berrange 23 Oct '10
23 Oct '10
In working on the DTrace patches I needed to be able to format
a struct sockaddr into a string easily. The virSocketFormatAddr
API was close to what I needed, but couldn't handle including
the port number, nor UNIX domain sockets.
This patch series addresses that limitation. Along the way it
fixes miscellaneous bugs with the virSocket APis, adds a test
suite, removes & bans all use of inet_* functions and replaces
the addrToString methods used in SASL code and simplifies
some nwfilter code using virSocket.
4
26
Hi us,
It turns out that QEMU is available on OSX, and kept up to date. The
new QEMU release (0.13.0) is already on there.
When trying out compilation of libvirt for QEMU on OSX (--with-qemu),
configure gives this error:
configure: error: You must install kernel-headers in order to compile
libvirt with QEMU or LXC support
Looking in configure.ac, shows this:
dnl
dnl check for kernel headers required by src/bridge.c
dnl
if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then
AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h
linux/if_tun.h],,
AC_MSG_ERROR([You must install kernel-headers in
order to compile libvirt with QEMU or LXC support]))
fi
(as a side note, there's no "src/bridge.c" only a "src/util/bridge.c"
so we should probably update that comment)
So it looks like we have a hard dependency at the moment, to use Linux
bridging if QEMU is enabled.
Does anyone know how practical it would be, to change that to allow
for QEMU to be used on OSX without needing the Linux bridge bits?
I'm kind of thinking that on OSX, QEMU is probably doing it's
connection to host networking in some other way instead. (haven't
checked)
Regards and best wishes,
Justin Clift
2
1
[libvirt] [PATCH] C# Bindings - rename classes from virConnect to Connect, virDomain to Domain, etc...
by arnaud.championï¼ devatom.fr 23 Oct '10
by arnaud.championï¼ devatom.fr 23 Oct '10
23 Oct '10
?This patch rename file / classes from virConnect to Connect, virDomain to Domain, etc...
Arnaud
2
12
[libvirt] [PATCH] daemon: exclude requirement for probes.h on systems without systemtap
by Justin Clift 23 Oct '10
by Justin Clift 23 Oct '10
23 Oct '10
This 1-liner was actually written by Eric Blake, over IRC. It
addresses a compilation failure in make dist and make rpm for
systems without the dtrace/systemtap development libraries
installed.
---
daemon/Makefile.am | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 0e254d4..d1ffd97 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -168,7 +168,7 @@ EXTRA_DIST += probes.d libvirtd.stp
if WITH_DTRACE
libvirtd_LDADD += probes.o
-libvirtd_SOURCES += probes.h
+libvirtd_nodist_SOURCES = probes.h
BUILT_SOURCES += probes.h
--
1.7.2.3
2
4
[libvirt] [PATCH] esx: Add documentation about certificates and connection problems
by Matthias Bolte 22 Oct '10
by Matthias Bolte 22 Oct '10
22 Oct '10
---
docs/drvesx.html.in | 103 +++++++++++++++++++++++++++++++++++++++++++++++++-
docs/remote.html.in | 8 +++-
2 files changed, 107 insertions(+), 4 deletions(-)
diff --git a/docs/drvesx.html.in b/docs/drvesx.html.in
index dfc91bb..a0f87c1 100644
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -74,7 +74,7 @@ vpx://example-vcenter.com/dc1/cluster1/example-esx.com
</pre>
- <h4>Extra parameters</h4>
+ <h4><a name="extraparams">Extra parameters</h4>
<p>
Extra parameters can be added to a URI as part of the query string
(the part following <code>?</code>). A single parameter is formed by a
@@ -117,7 +117,7 @@ vpx://example-vcenter.com/dc1/cluster1/example-esx.com
In order to perform a migration the driver needs to know the
VMware vCenter for the ESX server. If set to <code>*</code>,
the driver connects to the vCenter known to the ESX server.
- This paramater in useful when connecting to an ESX server only.
+ This parameter in useful when connecting to an ESX server only.
</td>
</tr>
<tr>
@@ -129,7 +129,9 @@ vpx://example-vcenter.com/dc1/cluster1/example-esx.com
</td>
<td>
If set to 1, this disables libcurl client checks of the server's
- SSL certificate. The default value it 0.
+ SSL certificate. The default value it 0. See the
+ <a href="#certificates">Certificates for HTTPS</a> section for
+ details.
</td>
</tr>
<tr>
@@ -187,6 +189,101 @@ vpx://example-vcenter.com/dc1/cluster1/example-esx.com
</p>
+ <h3><a name="certificates">Certificates for HTTPS</a></h3>
+ <p>
+ By default the ESX driver uses HTTPS to communicate with an ESX server.
+ Proper HTTPS communication requires correctly configured SSL
+ certificates. This certificates are different from the ones libvirt
+ uses for <a href="remote.html">secure communication over TLS</a> to a
+ libvirtd one a remote server.
+ </p>
+ <p>
+ By default the driver tries to verify the server's SSL certificate
+ using the CA certificate pool installed on your client computer. With
+ an out-of-the-box installed ESX server this won't work, because a newly
+ installed ESX server uses auto-generated self-signed certificates.
+ Those are singed by a CA certificate that is typically not known to your
+ client computer and libvirt will report an error like this one:
+ </p>
+<pre>
+error: internal error curl_easy_perform() returned an error: Peer certificate cannot be authenticated with known CA certificates (60)
+</pre>
+ <p>
+ Where are two ways to solve this problem:
+ </p>
+ <ul>
+ <li>
+ Use the <code>no_verify=1</code> <a href="#extraparams">extra parameter</a>
+ to disable server certificate verification.
+ </li>
+ <li>
+ Generate new SSL certificates signed by a CA known to your client
+ computer and replace the original ones on your ESX server. See the
+ section <i>Replace a Default Certificate with a CA-Signed Certificate</i>
+ in the <a href="http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf">ESX Configuration Guide</a>
+ </li>
+ </ul>
+
+
+ <h3><a name="connproblems">Connection problems</a></h3>
+ <p>
+ There are also other causes for connection problems than the
+ <a href="#certificates">HTTPS certificate</a> related ones.
+ </p>
+ <ul>
+ <li>
+ As stated before the ESX driver doesn't need the
+ <a href="remote.html">remote transport mechanism</a>
+ provided by the remote driver and libvirtd, nor does the ESX driver
+ support it. Therefore, using an URI including a transport in the
+ scheme won't work. Only <a href="#uriformat">URIs as described</a>
+ are supported by the ESX driver. Here's a collection of possible
+ error messages:
+<pre>
+$ virsh -c esx+tcp://example.com/
+error: unable to connect to libvirtd at 'example.com': Connection refused
+</pre>
+<pre>
+$ virsh -c esx+tls://example.com/
+error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
+</pre>
+<pre>
+$ virsh -c esx+ssh://example.com/
+error: cannot recv data: ssh: connect to host example.com port 22: Connection refused
+</pre>
+<pre>
+$ virsh -c esx+ssh://example.com/
+error: cannot recv data: Resource temporarily unavailable
+</pre>
+ </li>
+ <li>
+ <span class="since">Since 0.7.0</span> libvirt contains the ESX
+ driver. Earlier versions of libvirt will report a misleading error
+ about missing certificates when you try to connect to an ESX server.
+<pre>
+$ virsh -c esx://example.com/
+error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
+</pre>
+ <p>
+ Don't let this error message confuse you. Setting up certificates
+ as described on the <a href="remote.html#Remote_certificates">remote transport mechanism</a> page
+ does not help, as this is not a certificate related problem.
+ </p>
+ <p>
+ To fix this problem you need to update your libvirt to 0.7.0 or newer.
+ You may also see this error when you use a libvirt version that
+ contains the ESX driver but you or your distro disabled the ESX
+ driver during compilation. <span class="since">Since 0.8.3</span>
+ the error message has been improved in this case:
+ </p>
+<pre>
+$ virsh -c esx://example.com/
+error: invalid argument in libvirt was built without the 'esx' driver
+</pre>
+ </li>
+ </ul>
+
+
<h2><a name="questions">Questions blocking tasks</a></h2>
<p>
Some methods of the VI API start tasks, for example
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 37b019b..b0fdb7c 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -61,11 +61,17 @@ machines through authenticated and encrypted connections.
<a name="Remote_basic_usage">Basic usage</a>
</h3>
<p>
-On the remote machine, <code>libvirtd</code> should be running.
+On the remote machine, <code>libvirtd</code> should be running in general.
See <a href="#Remote_libvirtd_configuration">the section
on configuring libvirtd</a> for more information.
</p>
<p>
+ Not all hypervisors supported by libvirt require a running
+ <code>libvirtd</code>. If you want to connect to a VMware ESX/ESXi or
+ GSX server then <code>libvirtd</code> is not necessary. See the
+ <a href="drvesx.html">VMware ESX page</a> for details.
+ </p>
+ <p>
To tell libvirt that you want to access a remote resource,
you should supply a hostname in the normal <a href="uri.html">URI</a> that is passed
to <code>virConnectOpen</code> (or <code>virsh -c ...</code>).
--
1.7.0.4
2
2
Move to the format Eric suggested and copy the missing .fwall.dat file.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
diff --git a/Build.PL b/Build.PL
index 2a4de43..97b4140 100644
--- a/Build.PL
+++ b/Build.PL
@@ -29,7 +29,7 @@ sub process_pkgdata_files {
my $name = $File::Find::name;
if (-d) {
$tck_dirs{$name} = [];
- } elsif (-f && (/\.t$/ || /\.sh$/ || /\.fwall$/ || /\.xml$/)) {
+ } elsif (-f && /\.(t|sh|fwall|xml|fwall\.dat)$/) {
push @{$tck_dirs{$dir}}, $name;
}
};
3
2
---
tests/qemuxml2argvtest.c | 240 +++++++++++++++++++++++++---------------------
1 files changed, 132 insertions(+), 108 deletions(-)
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 551d6c4..4eb3cc6 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -4,6 +4,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
+#include <stdbool.h>
#include <sys/types.h>
#include <fcntl.h>
@@ -26,7 +27,8 @@ static struct qemud_driver driver;
static int testCompareXMLToArgvFiles(const char *xml,
const char *cmd,
unsigned long long extraFlags,
- const char *migrateFrom) {
+ const char *migrateFrom,
+ bool expectError) {
char argvData[MAX_FILE];
char *expectargv = &(argvData[0]);
char *actualargv = NULL;
@@ -38,6 +40,7 @@ static int testCompareXMLToArgvFiles(const char *xml,
virDomainDefPtr vmdef = NULL;
virDomainChrDef monitor_chr;
virConnectPtr conn;
+ char *log = NULL;
if (!(conn = virGetConnect()))
goto fail;
@@ -80,12 +83,28 @@ static int testCompareXMLToArgvFiles(const char *xml,
}
+ free(virtTestLogContentAndReset());
+
if (qemudBuildCommandLine(conn, &driver,
vmdef, &monitor_chr, 0, flags,
&argv, &qenv,
NULL, NULL, migrateFrom, NULL) < 0)
goto fail;
+ if ((log = virtTestLogContentAndReset()) == NULL)
+ goto fail;
+
+ if (!!strstr(log, ": error :") != expectError) {
+ if (virTestGetDebug())
+ fprintf(stderr, "\n%s", log);
+ goto fail;
+ }
+
+ if (expectError) {
+ /* need to suppress the errors */
+ virResetLastError();
+ }
+
len = 1; /* for trailing newline */
tmp = qenv;
while (*tmp) {
@@ -125,6 +144,7 @@ static int testCompareXMLToArgvFiles(const char *xml,
ret = 0;
fail:
+ free(log);
free(actualargv);
if (argv) {
tmp = argv;
@@ -152,6 +172,7 @@ struct testInfo {
const char *name;
unsigned long long extraFlags;
const char *migrateFrom;
+ bool expectError;
};
static int testCompareXMLToArgvHelper(const void *data) {
@@ -162,7 +183,8 @@ static int testCompareXMLToArgvHelper(const void *data) {
abs_srcdir, info->name);
snprintf(args, PATH_MAX, "%s/qemuxml2argvdata/qemuxml2argv-%s.args",
abs_srcdir, info->name);
- return testCompareXMLToArgvFiles(xml, args, info->extraFlags, info->migrateFrom);
+ return testCompareXMLToArgvFiles(xml, args, info->extraFlags,
+ info->migrateFrom, info->expectError);
}
@@ -193,16 +215,18 @@ mymain(int argc, char **argv)
if ((driver.hugepage_path = strdup("/dev/hugepages/libvirt/qemu")) == NULL)
return EXIT_FAILURE;
-# define DO_TEST_FULL(name, extraFlags, migrateFrom) \
+# define DO_TEST_FULL(name, extraFlags, migrateFrom, expectError) \
do { \
- const struct testInfo info = { name, extraFlags, migrateFrom }; \
+ const struct testInfo info = { \
+ name, extraFlags, migrateFrom, expectError \
+ }; \
if (virtTestRun("QEMU XML-2-ARGV " name, \
1, testCompareXMLToArgvHelper, &info) < 0) \
ret = -1; \
} while (0)
-# define DO_TEST(name, extraFlags) \
- DO_TEST_FULL(name, extraFlags, NULL)
+# define DO_TEST(name, extraFlags, expectError) \
+ DO_TEST_FULL(name, extraFlags, NULL, expectError)
/* Unset or set all envvars here that are copied in qemudBuildCommandLine
* using ADD_ENV_COPY, otherwise these tests may fail due to unexpected
@@ -217,175 +241,175 @@ mymain(int argc, char **argv)
unsetenv("QEMU_AUDIO_DRV");
unsetenv("SDL_AUDIODRIVER");
- DO_TEST("minimal", QEMUD_CMD_FLAG_NAME);
- DO_TEST("machine-aliases1", 0);
- DO_TEST("machine-aliases2", 0);
- DO_TEST("boot-cdrom", 0);
- DO_TEST("boot-network", 0);
- DO_TEST("boot-floppy", 0);
- DO_TEST("boot-multi", QEMUD_CMD_FLAG_BOOT_MENU);
- DO_TEST("boot-menu-disable", QEMUD_CMD_FLAG_BOOT_MENU);
- DO_TEST("bootloader", QEMUD_CMD_FLAG_DOMID);
- DO_TEST("clock-utc", 0);
- DO_TEST("clock-localtime", 0);
+ DO_TEST("minimal", QEMUD_CMD_FLAG_NAME, false);
+ DO_TEST("machine-aliases1", 0, false);
+ DO_TEST("machine-aliases2", 0, true);
+ DO_TEST("boot-cdrom", 0, false);
+ DO_TEST("boot-network", 0, false);
+ DO_TEST("boot-floppy", 0, false);
+ DO_TEST("boot-multi", QEMUD_CMD_FLAG_BOOT_MENU, false);
+ DO_TEST("boot-menu-disable", QEMUD_CMD_FLAG_BOOT_MENU, false);
+ DO_TEST("bootloader", QEMUD_CMD_FLAG_DOMID, true);
+ DO_TEST("clock-utc", 0, false);
+ DO_TEST("clock-localtime", 0, false);
/*
* Can't be enabled since the absolute timestamp changes every time
- DO_TEST("clock-variable", QEMUD_CMD_FLAG_RTC);
+ DO_TEST("clock-variable", QEMUD_CMD_FLAG_RTC, false);
*/
- DO_TEST("clock-france", QEMUD_CMD_FLAG_RTC);
+ DO_TEST("clock-france", QEMUD_CMD_FLAG_RTC, false);
- DO_TEST("hugepages", QEMUD_CMD_FLAG_MEM_PATH);
- DO_TEST("disk-cdrom", 0);
- DO_TEST("disk-cdrom-empty", QEMUD_CMD_FLAG_DRIVE);
- DO_TEST("disk-floppy", 0);
- DO_TEST("disk-many", 0);
+ DO_TEST("hugepages", QEMUD_CMD_FLAG_MEM_PATH, false);
+ DO_TEST("disk-cdrom", 0, false);
+ DO_TEST("disk-cdrom-empty", QEMUD_CMD_FLAG_DRIVE, false);
+ DO_TEST("disk-floppy", 0, false);
+ DO_TEST("disk-many", 0, false);
DO_TEST("disk-virtio", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT, false);
DO_TEST("disk-xenvbd", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT, false);
DO_TEST("disk-drive-boot-disk", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT, false);
DO_TEST("disk-drive-boot-cdrom", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT, false);
DO_TEST("floppy-drive-fat", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-fat", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-readonly-disk", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("disk-drive-fmt-qcow", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_BOOT | QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-shared", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_FORMAT | QEMUD_CMD_FLAG_DRIVE_SERIAL);
+ QEMUD_CMD_FLAG_DRIVE_FORMAT | QEMUD_CMD_FLAG_DRIVE_SERIAL, false);
DO_TEST("disk-drive-cache-v1-wt", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-cache-v1-wb", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-cache-v1-none", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-error-policy-stop", QEMUD_CMD_FLAG_DRIVE |
QEMUD_CMD_FLAG_MONITOR_JSON |
- QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-cache-v2-wt", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_CACHE_V2 | QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_CACHE_V2 | QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-cache-v2-wb", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_CACHE_V2 | QEMUD_CMD_FLAG_DRIVE_FORMAT);
+ QEMUD_CMD_FLAG_DRIVE_CACHE_V2 | QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
DO_TEST("disk-drive-cache-v2-none", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DRIVE_CACHE_V2 | QEMUD_CMD_FLAG_DRIVE_FORMAT);
- DO_TEST("disk-usb", 0);
+ QEMUD_CMD_FLAG_DRIVE_CACHE_V2 | QEMUD_CMD_FLAG_DRIVE_FORMAT, false);
+ DO_TEST("disk-usb", 0, false);
DO_TEST("disk-usb-device", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("disk-scsi-device", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("disk-scsi-device-auto", QEMUD_CMD_FLAG_DRIVE |
- QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG);
- DO_TEST("graphics-vnc", 0);
+ QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false);
+ DO_TEST("graphics-vnc", 0, false);
driver.vncSASL = 1;
driver.vncSASLdir = strdup("/root/.sasl2");
- DO_TEST("graphics-vnc-sasl", QEMUD_CMD_FLAG_VGA);
+ DO_TEST("graphics-vnc-sasl", QEMUD_CMD_FLAG_VGA, false);
driver.vncTLS = 1;
driver.vncTLSx509verify = 1;
driver.vncTLSx509certdir = strdup("/etc/pki/tls/qemu");
- DO_TEST("graphics-vnc-tls", 0);
+ DO_TEST("graphics-vnc-tls", 0, false);
driver.vncSASL = driver.vncTLSx509verify = driver.vncTLS = 0;
free(driver.vncSASLdir);
free(driver.vncTLSx509certdir);
driver.vncSASLdir = driver.vncTLSx509certdir = NULL;
- DO_TEST("graphics-sdl", 0);
- DO_TEST("graphics-sdl-fullscreen", 0);
- DO_TEST("nographics-vga", QEMUD_CMD_FLAG_VGA);
- DO_TEST("input-usbmouse", 0);
- DO_TEST("input-usbtablet", 0);
- DO_TEST("input-xen", QEMUD_CMD_FLAG_DOMID);
- DO_TEST("misc-acpi", 0);
- DO_TEST("misc-no-reboot", 0);
+ DO_TEST("graphics-sdl", 0, false);
+ DO_TEST("graphics-sdl-fullscreen", 0, false);
+ DO_TEST("nographics-vga", QEMUD_CMD_FLAG_VGA, false);
+ DO_TEST("input-usbmouse", 0, false);
+ DO_TEST("input-usbtablet", 0, false);
+ DO_TEST("input-xen", QEMUD_CMD_FLAG_DOMID, true);
+ DO_TEST("misc-acpi", 0, false);
+ DO_TEST("misc-no-reboot", 0, false);
DO_TEST("misc-uuid", QEMUD_CMD_FLAG_NAME |
- QEMUD_CMD_FLAG_UUID);
- DO_TEST("net-user", 0);
- DO_TEST("net-virtio", 0);
+ QEMUD_CMD_FLAG_UUID, false);
+ DO_TEST("net-user", 0, false);
+ DO_TEST("net-virtio", 0, false);
DO_TEST("net-virtio-device", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("net-virtio-netdev", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NETDEV | QEMUD_CMD_FLAG_NODEFCONFIG);
- DO_TEST("net-eth", 0);
- DO_TEST("net-eth-ifname", 0);
- DO_TEST("net-eth-names", QEMUD_CMD_FLAG_NET_NAME);
-
- DO_TEST("serial-vc", 0);
- DO_TEST("serial-pty", 0);
- DO_TEST("serial-dev", 0);
- DO_TEST("serial-file", 0);
- DO_TEST("serial-unix", 0);
- DO_TEST("serial-tcp", 0);
- DO_TEST("serial-udp", 0);
- DO_TEST("serial-tcp-telnet", 0);
- DO_TEST("serial-many", 0);
- DO_TEST("parallel-tcp", 0);
- DO_TEST("console-compat", 0);
- DO_TEST("console-compat-auto", 0);
+ QEMUD_CMD_FLAG_NETDEV | QEMUD_CMD_FLAG_NODEFCONFIG, false);
+ DO_TEST("net-eth", 0, false);
+ DO_TEST("net-eth-ifname", 0, false);
+ DO_TEST("net-eth-names", QEMUD_CMD_FLAG_NET_NAME, false);
+
+ DO_TEST("serial-vc", 0, false);
+ DO_TEST("serial-pty", 0, false);
+ DO_TEST("serial-dev", 0, false);
+ DO_TEST("serial-file", 0, false);
+ DO_TEST("serial-unix", 0, false);
+ DO_TEST("serial-tcp", 0, false);
+ DO_TEST("serial-udp", 0, false);
+ DO_TEST("serial-tcp-telnet", 0, false);
+ DO_TEST("serial-many", 0, false);
+ DO_TEST("parallel-tcp", 0, false);
+ DO_TEST("console-compat", 0, false);
+ DO_TEST("console-compat-auto", 0, false);
DO_TEST("serial-vc-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-pty-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-dev-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-file-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-unix-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-tcp-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-udp-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-tcp-telnet-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("serial-many-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("parallel-tcp-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("console-compat-chardev", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("channel-guestfwd", QEMUD_CMD_FLAG_CHARDEV|QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("channel-virtio", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("channel-virtio-auto", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("console-virtio", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
- DO_TEST("watchdog", 0);
+ DO_TEST("watchdog", 0, false);
DO_TEST("watchdog-device", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("balloon-device", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("balloon-device-auto", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
- DO_TEST("sound", 0);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
+ DO_TEST("sound", 0, false);
DO_TEST("sound-device", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
DO_TEST("fs9p", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG | QEMUD_CMD_FLAG_FSDEV);
+ QEMUD_CMD_FLAG_NODEFCONFIG | QEMUD_CMD_FLAG_FSDEV, false);
- DO_TEST("hostdev-usb-address", 0);
+ DO_TEST("hostdev-usb-address", 0, false);
DO_TEST("hostdev-usb-address-device", QEMUD_CMD_FLAG_DEVICE |
- QEMUD_CMD_FLAG_NODEFCONFIG);
- DO_TEST("hostdev-pci-address", QEMUD_CMD_FLAG_PCIDEVICE);
+ QEMUD_CMD_FLAG_NODEFCONFIG, false);
+ DO_TEST("hostdev-pci-address", QEMUD_CMD_FLAG_PCIDEVICE, false);
DO_TEST("hostdev-pci-address-device", QEMUD_CMD_FLAG_PCIDEVICE |
- QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG);
+ QEMUD_CMD_FLAG_DEVICE | QEMUD_CMD_FLAG_NODEFCONFIG, false);
- DO_TEST_FULL("restore-v1", QEMUD_CMD_FLAG_MIGRATE_KVM_STDIO, "stdio");
- DO_TEST_FULL("restore-v2", QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC, "stdio");
- DO_TEST_FULL("restore-v2", QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC, "exec:cat");
- DO_TEST_FULL("migrate", QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP, "tcp:10.0.0.1:5000");
+ DO_TEST_FULL("restore-v1", QEMUD_CMD_FLAG_MIGRATE_KVM_STDIO, "stdio", false);
+ DO_TEST_FULL("restore-v2", QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC, "stdio", false);
+ DO_TEST_FULL("restore-v2", QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC, "exec:cat", false);
+ DO_TEST_FULL("migrate", QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP, "tcp:10.0.0.1:5000", false);
- DO_TEST("qemu-ns", 0);
+ DO_TEST("qemu-ns", 0, false);
- DO_TEST("smp", QEMUD_CMD_FLAG_SMP_TOPOLOGY);
+ DO_TEST("smp", QEMUD_CMD_FLAG_SMP_TOPOLOGY, false);
free(driver.stateDir);
virCapabilitiesFree(driver.caps);
--
1.7.3.1
3
3
* tests/.gitignore: Sort, and add sockettest.
---
Pushing under the trivial rule, so that I don't accidentally add
a binary when I do 'git add .'.
tests/.gitignore | 47 +++++++++++++++++++++++------------------------
1 files changed, 23 insertions(+), 24 deletions(-)
diff --git a/tests/.gitignore b/tests/.gitignore
index e7c74c5..8ad3e98 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -1,35 +1,34 @@
-Makefile
-Makefile.in
+*.exe
.deps
.libs
-sexpr2xmltest
-xml2sexprtest
-virshtest
conftest
-reconnect
-xmconfigtest
-xencapstest
-qemuxml2xmltest
-qemuxml2argvtest
-qemuargv2xmltest
-qemuhelptest
+esxutilstest
+eventtest
+interfacexml2xmltest
networkxml2xmltest
nodedevxml2xmltest
-interfacexml2xmltest
-storagevolxml2xmltest
-storagepoolxml2xmltest
nodeinfotest
-statstest
-qparamtest
-virbuftest
-seclabeltest
-eventtest
-*.exe
object-locking
+object-locking-files.txt
object-locking.cmi
object-locking.cmx
-object-locking-files.txt
-esxutilstest
+qemuargv2xmltest
+qemuhelptest
+qemuxml2argvtest
+qemuxml2xmltest
+qparamtest
+reconnect
+secaatest
+seclabeltest
+sexpr2xmltest
+sockettest
+statstest
+storagepoolxml2xmltest
+storagevolxml2xmltest
+virbuftest
+virshtest
vmx2xmltest
+xencapstest
+xmconfigtest
+xml2sexprtest
xml2vmxtest
-secaatest
--
1.7.2.3
1
0
22 Oct '10
This is an experimental (read: completely untested) patch that
converts the network driver to use virSocketAddr everywhere.
The primary motivation for this is that it'll make it easier to
add IPv6 support, and lets us talk to OS level services easier
because they typically take a sockaddr struct.
2
4
[libvirt] [PATCH] docs: added a table of contents to the new c sharp bindings page
by Justin Clift 22 Oct '10
by Justin Clift 22 Oct '10
22 Oct '10
---
docs/csharp.html.in | 20 +++++++++++---------
1 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/docs/csharp.html.in b/docs/csharp.html.in
index 3e15176..a32fbd2 100644
--- a/docs/csharp.html.in
+++ b/docs/csharp.html.in
@@ -3,7 +3,9 @@
<body>
<h1>C# API bindings</h1>
- <h2>Description</h2>
+ <ul id="toc"></ul>
+
+ <h2><a name="description">Description</a></h2>
<p>
The C# libvirt bindings are a class library. They use a Microsoft
@@ -18,7 +20,7 @@
<p> </p>
- <h2>Requirements</h2>
+ <h2><a name="requirements">Requirements</a></h2>
<p>
These bindings depend upon the libvirt libraries being installed.
@@ -29,7 +31,7 @@
<p> </p>
<!-- 2010-10-19 JC: Commented out until we have C# tarballs to download
- <h2>Getting them</h2>
+ <h2><a name="getting">Getting them</a></h2>
<p>
The latest versions of the libvirt C# bindings can be downloaded from:
@@ -41,7 +43,7 @@
</ul>
-->
- <h2>GIT source repository</h2>
+ <h2><a name="git">GIT source repository</a></h2>
<p>
The C# bindings source code is maintained in a <a
href="http://git-scm.com/">git</a> repository available on
@@ -62,7 +64,7 @@ git clone git://libvirt.org/libvirt-csharp.git
<p> </p>
- <h2>Usage</h2>
+ <h2><a name="usage">Usage</a></h2>
<p>
The class library exposes the <b>LibvirtBindings</b> namespace.
@@ -80,7 +82,7 @@ git clone git://libvirt.org/libvirt-csharp.git
<p> </p>
- <h2>Authors</h2>
+ <h2><a name="authors">Authors</a></h2>
<p>
The C# bindings are the work of Arnaud Champion
@@ -90,7 +92,7 @@ git clone git://libvirt.org/libvirt-csharp.git
<p> </p>
- <h2>Notes on testing</h2>
+ <h2><a name="notes">Notes on testing</a></h2>
<p>
Windows testing is performed on Windows 7, with .NET 4, Visual Studio 2010, and MonoDevelop 2.4.
@@ -101,7 +103,7 @@ git clone git://libvirt.org/libvirt-csharp.git
<p> </p>
- <h2>Type Coverage</h2>
+ <h2><a name="type">Type Coverage</a></h2>
<p>
Coverage of the libvirt types is:
@@ -178,7 +180,7 @@ git clone git://libvirt.org/libvirt-csharp.git
<p> </p>
- <h2>Function Coverage</h2>
+ <h2><a name="funccover">Function Coverage</a></h2>
<p>
Coverage of the libvirt functions is:
--
1.7.2.3
2
2
My XSL skills are less than stellar, so I'm throwing this out to the
list in case someone else can pick it up and come up with a decent patch
in less time.
Right now, http://libvirt.org/ChangeLog.html is worthless; it is linked
from a couple of other pages, such as http://libvirt.org/news.html. A
better place to link would be a live git page:
http://libvirt.org/git/?p=libvirt.git;a=log
I don't know whether it is easier to update news.html.in and
sitemap.html.in to point directly to the new link, or if we should keep
ChangeLog.xsl but have it revamped to point to the new link.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
3
4
[libvirt] [PATCH] vbox: Fix compile errors due to the virSocketAddr series
by Matthias Bolte 22 Oct '10
by Matthias Bolte 22 Oct '10
22 Oct '10
---
src/vbox/vbox_tmpl.c | 116 +++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 100 insertions(+), 16 deletions(-)
diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
index 5a859a4..ddbca97 100644
--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
@@ -626,6 +626,45 @@ static PRUnichar *PRUnicharFromInt(int n) {
#endif /* !(VBOX_API_VERSION == 2002) */
+static PRUnichar *
+vboxSocketFormatAddrUtf16(vboxGlobalData *data, virSocketAddrPtr addr)
+{
+ char *utf8 = NULL;
+ PRUnichar *utf16 = NULL;
+
+ utf8 = virSocketFormatAddr(addr);
+
+ if (utf8 == NULL) {
+ return NULL;
+ }
+
+ VBOX_UTF8_TO_UTF16(utf8, &utf16);
+ VIR_FREE(utf8);
+
+ return utf16;
+}
+
+static int
+vboxSocketParseAddrUtf16(vboxGlobalData *data, const PRUnichar *utf16,
+ virSocketAddrPtr addr)
+{
+ int result = -1;
+ char *utf8 = NULL;
+
+ VBOX_UTF16_TO_UTF8(utf16, &utf8);
+
+ if (virSocketParseAddr(utf8, addr, AF_UNSPEC) < 0) {
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ VBOX_UTF8_FREE(utf8);
+
+ return result;
+}
+
static virCapsPtr vboxCapsInit(void) {
struct utsname utsname;
virCapsPtr caps;
@@ -7073,8 +7112,8 @@ static virNetworkPtr vboxNetworkDefineCreateXML(virConnectPtr conn, const char *
* with contigious address space from start to end
*/
if ((def->nranges >= 1) &&
- (def->ranges[0].start) &&
- (def->ranges[0].end)) {
+ VIR_SOCKET_HAS_ADDR(&def->ranges[0].start) &&
+ VIR_SOCKET_HAS_ADDR(&def->ranges[0].end)) {
IDHCPServer *dhcpServer = NULL;
data->vboxObj->vtbl->FindDHCPServerByNetworkName(data->vboxObj,
@@ -7094,11 +7133,21 @@ static virNetworkPtr vboxNetworkDefineCreateXML(virConnectPtr conn, const char *
PRUnichar *toIPAddressUtf16 = NULL;
PRUnichar *trunkTypeUtf16 = NULL;
+ ipAddressUtf16 = vboxSocketFormatAddrUtf16(data, &def->ipAddress);
+ networkMaskUtf16 = vboxSocketFormatAddrUtf16(data, &def->netmask);
+ fromIPAddressUtf16 = vboxSocketFormatAddrUtf16(data, &def->ranges[0].start);
+ toIPAddressUtf16 = vboxSocketFormatAddrUtf16(data, &def->ranges[0].end);
+
+ if (ipAddressUtf16 == NULL || networkMaskUtf16 == NULL ||
+ fromIPAddressUtf16 == NULL || toIPAddressUtf16 == NULL) {
+ VBOX_UTF16_FREE(ipAddressUtf16);
+ VBOX_UTF16_FREE(networkMaskUtf16);
+ VBOX_UTF16_FREE(fromIPAddressUtf16);
+ VBOX_UTF16_FREE(toIPAddressUtf16);
+ VBOX_RELEASE(dhcpServer);
+ goto cleanup;
+ }
- VBOX_UTF8_TO_UTF16(def->ipAddress, &ipAddressUtf16);
- VBOX_UTF8_TO_UTF16(def->netmask, &networkMaskUtf16);
- VBOX_UTF8_TO_UTF16(def->ranges[0].start, &fromIPAddressUtf16);
- VBOX_UTF8_TO_UTF16(def->ranges[0].end, &toIPAddressUtf16);
VBOX_UTF8_TO_UTF16("netflt", &trunkTypeUtf16);
dhcpServer->vtbl->SetEnabled(dhcpServer, PR_TRUE);
@@ -7125,12 +7174,18 @@ static virNetworkPtr vboxNetworkDefineCreateXML(virConnectPtr conn, const char *
}
if ((def->nhosts >= 1) &&
- (def->hosts[0].ip)) {
+ VIR_SOCKET_HAS_ADDR(&def->hosts[0].ip)) {
PRUnichar *ipAddressUtf16 = NULL;
PRUnichar *networkMaskUtf16 = NULL;
- VBOX_UTF8_TO_UTF16(def->netmask, &networkMaskUtf16);
- VBOX_UTF8_TO_UTF16(def->hosts[0].ip, &ipAddressUtf16);
+ ipAddressUtf16 = vboxSocketFormatAddrUtf16(data, &def->hosts[0].ip);
+ networkMaskUtf16 = vboxSocketFormatAddrUtf16(data, &def->netmask);
+
+ if (ipAddressUtf16 == NULL || networkMaskUtf16 == NULL) {
+ VBOX_UTF16_FREE(ipAddressUtf16);
+ VBOX_UTF16_FREE(networkMaskUtf16);
+ goto cleanup;
+ }
/* Current drawback is that since EnableStaticIpConfig() sets
* IP and enables the interface so even if the dhcpserver is not
@@ -7393,6 +7448,7 @@ static char *vboxNetworkDumpXML(virNetworkPtr network, int flags ATTRIBUTE_UNUSE
PRUnichar *networkMaskUtf16 = NULL;
PRUnichar *fromIPAddressUtf16 = NULL;
PRUnichar *toIPAddressUtf16 = NULL;
+ bool errorOccurred = false;
dhcpServer->vtbl->GetIPAddress(dhcpServer, &ipAddressUtf16);
dhcpServer->vtbl->GetNetworkMask(dhcpServer, &networkMaskUtf16);
@@ -7401,15 +7457,25 @@ static char *vboxNetworkDumpXML(virNetworkPtr network, int flags ATTRIBUTE_UNUSE
/* Currently virtualbox supports only one dhcp server per network
* with contigious address space from start to end
*/
- VBOX_UTF16_TO_UTF8(ipAddressUtf16, &def->ipAddress);
- VBOX_UTF16_TO_UTF8(networkMaskUtf16, &def->netmask);
- VBOX_UTF16_TO_UTF8(fromIPAddressUtf16, &def->ranges[0].start);
- VBOX_UTF16_TO_UTF8(toIPAddressUtf16, &def->ranges[0].end);
+ if (vboxSocketParseAddrUtf16(data, ipAddressUtf16,
+ &def->ipAddress) < 0 ||
+ vboxSocketParseAddrUtf16(data, networkMaskUtf16,
+ &def->netmask) < 0 ||
+ vboxSocketParseAddrUtf16(data, fromIPAddressUtf16,
+ &def->ranges[0].start) < 0 ||
+ vboxSocketParseAddrUtf16(data, toIPAddressUtf16,
+ &def->ranges[0].end) < 0) {
+ errorOccurred = true;
+ }
VBOX_UTF16_FREE(ipAddressUtf16);
VBOX_UTF16_FREE(networkMaskUtf16);
VBOX_UTF16_FREE(fromIPAddressUtf16);
VBOX_UTF16_FREE(toIPAddressUtf16);
+
+ if (errorOccurred) {
+ goto cleanup;
+ }
} else {
def->nranges = 0;
virReportOOMError();
@@ -7425,15 +7491,24 @@ static char *vboxNetworkDumpXML(virNetworkPtr network, int flags ATTRIBUTE_UNUSE
} else {
PRUnichar *macAddressUtf16 = NULL;
PRUnichar *ipAddressUtf16 = NULL;
+ bool errorOccurred = false;
networkInterface->vtbl->GetHardwareAddress(networkInterface, &macAddressUtf16);
networkInterface->vtbl->GetIPAddress(networkInterface, &ipAddressUtf16);
VBOX_UTF16_TO_UTF8(macAddressUtf16, &def->hosts[0].mac);
- VBOX_UTF16_TO_UTF8(ipAddressUtf16, &def->hosts[0].ip);
+
+ if (vboxSocketParseAddrUtf16(data, ipAddressUtf16,
+ &def->hosts[0].ip) < 0) {
+ errorOccurred = true;
+ }
VBOX_UTF16_FREE(macAddressUtf16);
VBOX_UTF16_FREE(ipAddressUtf16);
+
+ if (errorOccurred) {
+ goto cleanup;
+ }
}
} else {
def->nhosts = 0;
@@ -7443,15 +7518,24 @@ static char *vboxNetworkDumpXML(virNetworkPtr network, int flags ATTRIBUTE_UNUSE
} else {
PRUnichar *networkMaskUtf16 = NULL;
PRUnichar *ipAddressUtf16 = NULL;
+ bool errorOccurred = false;
networkInterface->vtbl->GetNetworkMask(networkInterface, &networkMaskUtf16);
networkInterface->vtbl->GetIPAddress(networkInterface, &ipAddressUtf16);
- VBOX_UTF16_TO_UTF8(networkMaskUtf16, &def->netmask);
- VBOX_UTF16_TO_UTF8(ipAddressUtf16, &def->ipAddress);
+ if (vboxSocketParseAddrUtf16(data, networkMaskUtf16,
+ &def->netmask) < 0 ||
+ vboxSocketParseAddrUtf16(data, ipAddressUtf16,
+ &def->ipAddress) < 0) {
+ errorOccurred = true;
+ }
VBOX_UTF16_FREE(networkMaskUtf16);
VBOX_UTF16_FREE(ipAddressUtf16);
+
+ if (errorOccurred) {
+ goto cleanup;
+ }
}
DEBUGIID("Network UUID", vboxnet0IID);
--
1.7.0.4
2
2
22 Oct '10
Currently libvirt doesn't confirm whether the guest has responded to the
disk removal request. In some cases this can leave the guest with
continued access to the device while the mgmt layer believes that it has
been removed. With a recent qemu monitor command[1] we can
deterministically revoke a guests access to the disk (on the QEMU side)
to ensure no futher access is permitted.
This patch adds support for the drive_unplug() command and introduces it
in the disk removal paths. There is some discussion to be had about how
to handle the case where the guest is running in a QEMU without this
command (and the fact that we currently don't have a way of detecting
what monitor commands are available).
Changes since v1:
- return > 0 when command isn't present, < 0 on command failure
- detect when drive_unplug command isn't present and log error
instead of failing entire command
Signed-off-by: Ryan Harper <ryanh(a)us.ibm.com>
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index abd8e9d..615427a 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8646,6 +8646,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
virDomainDiskDefPtr detach = NULL;
qemuDomainObjPrivatePtr priv = vm->privateData;
virCgroupPtr cgroup = NULL;
+ char drivestr[PATH_MAX];
i = qemudFindDisk(vm->def, dev->data.disk->dst);
@@ -8673,13 +8674,36 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
goto cleanup;
}
+ /* build the actual drive id string as the disk->info.alias doesn't
+ * contain the QEMU_DRIVE_HOST_PREFIX that is passed to qemu */
+ if ((ret = snprintf(drivestr, sizeof(drivestr), "%s%s",
+ QEMU_DRIVE_HOST_PREFIX,
+ detach->info.alias))
+ < 0 || ret >= sizeof(drivestr)) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
qemuDomainObjEnterMonitorWithDriver(driver, vm);
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
+ ret = qemuMonitorDriveUnplug(priv->mon, drivestr);
+ DEBUG("DriveUnplug ret=%d", ret);
+ /* ret > 0 indicates unplug isn't supported, issue will be logged */
+ if (ret < 0) {
+ qemuDomainObjExitMonitor(vm);
+ goto cleanup;
+ }
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
goto cleanup;
}
} else {
+ ret = qemuMonitorDriveUnplug(priv->mon, drivestr);
+ /* ret > 0 indicates unplug isn't supported, issue will be logged */
+ if (ret < 0) {
+ qemuDomainObjExitMonitor(vm);
+ goto cleanup;
+ }
if (qemuMonitorRemovePCIDevice(priv->mon,
&detach->info.addr.pci) < 0) {
qemuDomainObjExitMonitor(vm);
@@ -8723,6 +8747,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
virDomainDiskDefPtr detach = NULL;
qemuDomainObjPrivatePtr priv = vm->privateData;
virCgroupPtr cgroup = NULL;
+ char drivestr[PATH_MAX];
i = qemudFindDisk(vm->def, dev->data.disk->dst);
@@ -8749,7 +8774,22 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
}
}
+ /* build the actual drive id string as the disk->info.alias doesn't
+ * contain the QEMU_DRIVE_HOST_PREFIX that is passed to qemu */
+ if ((ret = snprintf(drivestr, sizeof(drivestr), "%s%s",
+ QEMU_DRIVE_HOST_PREFIX,
+ detach->info.alias))
+ < 0 || ret >= sizeof(drivestr)) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
qemuDomainObjEnterMonitorWithDriver(driver, vm);
+ /* ret > 0 indicates unplug isn't supported, issue will be logged */
+ if (qemuMonitorDriveUnplug(priv->mon, drivestr) < 0) {
+ qemuDomainObjExitMonitor(vm);
+ goto cleanup;
+ }
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
goto cleanup;
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 2366fdb..285381d 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1781,6 +1781,25 @@ int qemuMonitorGetAllPCIAddresses(qemuMonitorPtr mon,
return ret;
}
+int qemuMonitorDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr)
+{
+ DEBUG("mon=%p drivestr=%s", mon, drivestr);
+ int ret;
+
+ if (!mon) {
+ qemuReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("monitor must not be NULL"));
+ return -1;
+ }
+
+ if (mon->json)
+ ret = qemuMonitorJSONDriveUnplug(mon, drivestr);
+ else
+ ret = qemuMonitorTextDriveUnplug(mon, drivestr);
+ return ret;
+}
+
int qemuMonitorDelDevice(qemuMonitorPtr mon,
const char *devalias)
{
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 48f4c20..bfe3641 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -381,6 +381,9 @@ int qemuMonitorDelDevice(qemuMonitorPtr mon,
int qemuMonitorAddDrive(qemuMonitorPtr mon,
const char *drivestr);
+int qemuMonitorDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr);
+
int qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index d3ab25f..8e474be 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2243,6 +2243,40 @@ int qemuMonitorJSONAddDrive(qemuMonitorPtr mon,
}
+int qemuMonitorJSONDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr)
+{
+ int ret;
+ virJSONValuePtr cmd;
+ virJSONValuePtr reply = NULL;
+
+ DEBUG("JSONDriveUnplug drivestr=%s", drivestr);
+ cmd = qemuMonitorJSONMakeCommand("drive_unplug",
+ "s:id", drivestr,
+ NULL);
+ if (!cmd)
+ return -1;
+
+ ret = qemuMonitorJSONCommand(mon, cmd, &reply);
+
+ if (ret == 0) {
+ /* See if drive_unplug isn't supported */
+ if (qemuMonitorJSONHasError(reply, "CommandNotFound")) {
+ qemuReportError(VIR_ERR_OPERATION_FAILED, "%s",
+ _("unplugging disk is not supported. "
+ "This may leak data if disk is reassigned"));
+ ret = 1;
+ goto cleanup;
+ }
+ ret = qemuMonitorJSONCheckError(cmd, reply);
+ }
+
+cleanup:
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+ return ret;
+}
+
int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase)
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 94806c1..6a8692e 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -188,6 +188,9 @@ int qemuMonitorJSONDelDevice(qemuMonitorPtr mon,
int qemuMonitorJSONAddDrive(qemuMonitorPtr mon,
const char *drivestr);
+int qemuMonitorJSONDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr);
+
int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase);
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index 69971a6..5f7869d 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -2380,6 +2380,53 @@ cleanup:
return ret;
}
+/* Attempts to unplug a drive. Returns 1 if unsupported, 0 if ok, and -1 on
+ * other failure */
+int qemuMonitorTextDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr)
+{
+ char *cmd = NULL;
+ char *reply = NULL;
+ char *safedev;
+ int ret = -1;
+ DEBUG("TextDriveUnplug drivestr=%s", drivestr);
+
+ if (!(safedev = qemuMonitorEscapeArg(drivestr))) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (virAsprintf(&cmd, "drive_unplug %s", safedev) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (qemuMonitorCommand(mon, cmd, &reply) < 0) {
+ qemuReportError(VIR_ERR_OPERATION_FAILED,
+ _("cannot unplug %s drive"), drivestr);
+ goto cleanup;
+ }
+
+ if (strstr(reply, "unknown command:")) {
+ qemuReportError(VIR_ERR_OPERATION_FAILED, "%s",
+ _("unplugging disk is not supported. "
+ "This may leak data if disk is reassigned"));
+ ret = 1;
+ goto cleanup;
+ } else if (STRNEQ(reply, "")) {
+ qemuReportError(VIR_ERR_OPERATION_FAILED,
+ _("unplugging %s drive failed: %s"), drivestr, reply);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(cmd);
+ VIR_FREE(reply);
+ VIR_FREE(safedev);
+ return ret;
+}
int qemuMonitorTextSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
diff --git a/src/qemu/qemu_monitor_text.h b/src/qemu/qemu_monitor_text.h
index c017509..8355ce8 100644
--- a/src/qemu/qemu_monitor_text.h
+++ b/src/qemu/qemu_monitor_text.h
@@ -186,6 +186,9 @@ int qemuMonitorTextDelDevice(qemuMonitorPtr mon,
int qemuMonitorTextAddDrive(qemuMonitorPtr mon,
const char *drivestr);
+int qemuMonitorTextDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr);
+
int qemuMonitorTextSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase);
--
Ryan Harper
Software Engineer; Linux Technology Center
IBM Corp., Austin, Tx
ryanh(a)us.ibm.com
2
1
22 Oct '10
This is an update of the earlier DTrace patch. Primarily it is
just a rebase, but the second patch adds support for including
the socket address in the CLIENT_CONNECT probe event. This is
dependant on the big virSocket API series.
Support for probing public API functions in libvirt.so is still
under investigation.
2
6
Now, virsh dump doesn't support compresses dump.
This patch adds GZIP and LZOP option to virsh dump and support
it at qemu coredump. (AFAIK, LZOP is available on RHEL6.)
When I did 4G guest dump,
(Raw) 3844669750
(Gzip) 1029846577
(LZOP) 1416263880 (faster than gzip in general)
This will be a help for a host where crash-dump is used
and several guests works on it.
help message is modified as this.
NAME
dump - dump the core of a domain to a file for analysis
SYNOPSIS
dump [--live] [--crash] [--gzip] [--lzop] <domain> <file>
DESCRIPTION
Core dump a domain.
OPTIONS
--live perform a live core dump if supported
--crash crash the domain after core dump
--gzip gzip dump(only one compression allowed
--lzop lzop dump(only one compression allowed
[--domain] <string> domain name, id or uuid
[--file] <string> where to dump the core
Tested on Fedora-13+x86-64.
Note: for better compression, we may have to skip pages filled by
zero or freed pages. But it seems it's qemu's works.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu(a)jp.fujitsu.com>
---
include/libvirt/libvirt.h.in | 2 ++
src/qemu/qemu_driver.c | 23 +++++++++++++++++++----
tools/virsh.c | 10 +++++++++-
3 files changed, 30 insertions(+), 5 deletions(-)
Index: libvirt-0.8.4/src/qemu/qemu_driver.c
===================================================================
--- libvirt-0.8.4.orig/src/qemu/qemu_driver.c
+++ libvirt-0.8.4/src/qemu/qemu_driver.c
@@ -5710,7 +5710,7 @@ cleanup:
static int qemudDomainCoreDump(virDomainPtr dom,
const char *path,
- int flags ATTRIBUTE_UNUSED) {
+ int flags) {
struct qemud_driver *driver = dom->conn->privateData;
virDomainObjPtr vm;
int resume = 0, paused = 0;
@@ -5720,6 +5720,14 @@ static int qemudDomainCoreDump(virDomain
"cat",
NULL,
};
+ const char *zargs[] = {
+ "gzip",
+ NULL,
+ };
+ const char *lzargs[] = {
+ "lzop",
+ NULL,
+ };
qemuDomainObjPrivatePtr priv;
qemuDriverLock(driver);
@@ -5787,9 +5795,16 @@ static int qemudDomainCoreDump(virDomain
}
qemuDomainObjEnterMonitorWithDriver(driver, vm);
- ret = qemuMonitorMigrateToFile(priv->mon,
- QEMU_MONITOR_MIGRATE_BACKGROUND,
- args, path, 0);
+ if (flags & VIR_DUMP_GZIP)
+ ret = qemuMonitorMigrateToFile(priv->mon,
+ QEMU_MONITOR_MIGRATE_BACKGROUND, zargs, path, 0);
+ else if (flags & VIR_DUMP_LZOP)
+ ret = qemuMonitorMigrateToFile(priv->mon,
+ QEMU_MONITOR_MIGRATE_BACKGROUND, lzargs, path, 0);
+ else
+ ret = qemuMonitorMigrateToFile(priv->mon,
+ QEMU_MONITOR_MIGRATE_BACKGROUND, args, path, 0);
+
qemuDomainObjExitMonitorWithDriver(driver, vm);
if (ret < 0)
goto endjob;
Index: libvirt-0.8.4/tools/virsh.c
===================================================================
--- libvirt-0.8.4.orig/tools/virsh.c
+++ libvirt-0.8.4/tools/virsh.c
@@ -1751,6 +1751,8 @@ static const vshCmdInfo info_dump[] = {
static const vshCmdOptDef opts_dump[] = {
{"live", VSH_OT_BOOL, 0, N_("perform a live core dump if supported")},
{"crash", VSH_OT_BOOL, 0, N_("crash the domain after core dump")},
+ {"gzip", VSH_OT_BOOL, 0, N_("gzip dump(only one compression allowed")},
+ {"lzop", VSH_OT_BOOL, 0, N_("lzop dump(only one compression allowed")},
{"domain", VSH_OT_DATA, VSH_OFLAG_REQ, N_("domain name, id or uuid")},
{"file", VSH_OT_DATA, VSH_OFLAG_REQ, N_("where to dump the core")},
{NULL, 0, 0, NULL}
@@ -1778,7 +1780,13 @@ cmdDump(vshControl *ctl, const vshCmd *c
flags |= VIR_DUMP_LIVE;
if (vshCommandOptBool (cmd, "crash"))
flags |= VIR_DUMP_CRASH;
-
+ if (vshCommandOptBool (cmd, "gzip"))
+ flags |= VIR_DUMP_GZIP;
+ if (vshCommandOptBool (cmd, "lzop"))
+ flags |= VIR_DUMP_LZOP;
+ if ((flags & (VIR_DUMP_GZIP | VIR_DUMP_LZOP))
+ == (VIR_DUMP_GZIP | VIR_DUMP_LZOP))
+ return FALSE;
if (virDomainCoreDump(dom, to, flags) == 0) {
vshPrint(ctl, _("Domain %s dumped to %s\n"), name, to);
} else {
Index: libvirt-0.8.4/include/libvirt/libvirt.h.in
===================================================================
--- libvirt-0.8.4.orig/include/libvirt/libvirt.h.in
+++ libvirt-0.8.4/include/libvirt/libvirt.h.in
@@ -402,6 +402,8 @@ typedef virDomainMemoryStatStruct *virDo
typedef enum {
VIR_DUMP_CRASH = (1 << 0), /* crash after dump */
VIR_DUMP_LIVE = (1 << 1), /* live dump */
+ VIR_DUMP_GZIP = (1 << 2), /* gzip dump file */
+ VIR_DUMP_LZOP = (1 << 3), /* lzop dump file */
} virDomainCoreDumpFlags;
/* Domain migration flags. */
3
7
22 Oct '10
updated, and patch attached.
- Osier
----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
> On Tue, Oct 19, 2010 at 03:41:55AM -0400, Osier wrote:
> > attach updated patch for daemon hook testing..
> >
> > replaced "cat" with "slurp", corrected typos.
>
> > From 963158c860d5415117e70b67458745c2b4cf9c13 Mon Sep 17 00:00:00
> 2001
> > From: Osier Yang <jyang(a)redhat.com>
> > Date: Tue, 19 Oct 2010 15:32:17 +0800
> > Subject: [libvirt-tck 4/4] Add test case for daemon hook testing
> >
> > Validate daemon hook is invoked correctly while start, stop,
> > restart, reload libvirtd
> > ---
> > scripts/hooks/051-daemon-hook.t | 153
> +++++++++++++++++++++++++++++++++++++++
> > 1 files changed, 153 insertions(+), 0 deletions(-)
> > create mode 100644 scripts/hooks/051-daemon-hook.t
>
> This still needs to skip execution if the Sys::Virt::TCK
> connection object is not lxc:/// or qemu:///system
>
> Regards,
> Daniel
> --
> |: Red Hat, Engineering, London -o-
> http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o-
> http://deltacloud.org :|
> |: http://autobuild.org -o-
> http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B
> 9505 :|
2
1
21 Oct '10
Currently libvirt doesn't confirm whether the guest has responded to the
disk removal request. In some cases this can leave the guest with
continued access to the device while the mgmt layer believes that it has
been removed. With a recent qemu monitor command[1] we can
deterministically revoke a guests access to the disk (on the QEMU side)
to ensure no futher access is permitted.
This patch adds support for the drive_unplug() command and introduces it
in the disk removal paths. There is some discussion to be had about how
to handle the case where the guest is running in a QEMU without this
command (and the fact that we currently don't have a way of detecting
what monitor commands are available).
My current implementation assumes that if you don't have a QEMU with
this capability that we should fail the device removal. This is a
strong statement around hotplug that isn't consistent with previous
releases so I'm open to other approachs, but given the potential data
leakage problem hot-remove can lead to without drive_unplug, I think
it's the right thing to do.
Signed-off-by: Ryan Harper <ryanh(a)us.ibm.com>
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index abd8e9d..c7f4746 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8646,6 +8646,7 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
virDomainDiskDefPtr detach = NULL;
qemuDomainObjPrivatePtr priv = vm->privateData;
virCgroupPtr cgroup = NULL;
+ char drivestr[PATH_MAX];
i = qemudFindDisk(vm->def, dev->data.disk->dst);
@@ -8673,13 +8674,34 @@ static int qemudDomainDetachPciDiskDevice(struct qemud_driver *driver,
goto cleanup;
}
+ /* build the actual drive id string as the disk->info.alias doesn't
+ * contain the QEMU_DRIVE_HOST_PREFIX that is passed to qemu */
+ if ((ret = snprintf(drivestr, sizeof(drivestr), "%s%s",
+ QEMU_DRIVE_HOST_PREFIX,
+ detach->info.alias))
+ < 0 || ret >= sizeof(drivestr)) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
qemuDomainObjEnterMonitorWithDriver(driver, vm);
if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
+ ret = qemuMonitorDriveUnplug(priv->mon, drivestr);
+ DEBUG("DriveUnplug ret=%d", ret);
+ if (ret != 0) {
+ qemuDomainObjExitMonitor(vm);
+ goto cleanup;
+ }
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
goto cleanup;
}
} else {
+ ret = qemuMonitorDriveUnplug(priv->mon, drivestr);
+ if (ret != 0) {
+ qemuDomainObjExitMonitor(vm);
+ goto cleanup;
+ }
if (qemuMonitorRemovePCIDevice(priv->mon,
&detach->info.addr.pci) < 0) {
qemuDomainObjExitMonitor(vm);
@@ -8723,6 +8745,7 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
virDomainDiskDefPtr detach = NULL;
qemuDomainObjPrivatePtr priv = vm->privateData;
virCgroupPtr cgroup = NULL;
+ char drivestr[PATH_MAX];
i = qemudFindDisk(vm->def, dev->data.disk->dst);
@@ -8749,7 +8772,21 @@ static int qemudDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
}
}
+ /* build the actual drive id string as the disk->info.alias doesn't
+ * contain the QEMU_DRIVE_HOST_PREFIX that is passed to qemu */
+ if ((ret = snprintf(drivestr, sizeof(drivestr), "%s%s",
+ QEMU_DRIVE_HOST_PREFIX,
+ detach->info.alias))
+ < 0 || ret >= sizeof(drivestr)) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
qemuDomainObjEnterMonitorWithDriver(driver, vm);
+ if (qemuMonitorDriveUnplug(priv->mon, drivestr) < 0) {
+ qemuDomainObjExitMonitor(vm);
+ goto cleanup;
+ }
if (qemuMonitorDelDevice(priv->mon, detach->info.alias) < 0) {
qemuDomainObjExitMonitor(vm);
goto cleanup;
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 2366fdb..285381d 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -1781,6 +1781,25 @@ int qemuMonitorGetAllPCIAddresses(qemuMonitorPtr mon,
return ret;
}
+int qemuMonitorDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr)
+{
+ DEBUG("mon=%p drivestr=%s", mon, drivestr);
+ int ret;
+
+ if (!mon) {
+ qemuReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("monitor must not be NULL"));
+ return -1;
+ }
+
+ if (mon->json)
+ ret = qemuMonitorJSONDriveUnplug(mon, drivestr);
+ else
+ ret = qemuMonitorTextDriveUnplug(mon, drivestr);
+ return ret;
+}
+
int qemuMonitorDelDevice(qemuMonitorPtr mon,
const char *devalias)
{
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 48f4c20..bfe3641 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -381,6 +381,9 @@ int qemuMonitorDelDevice(qemuMonitorPtr mon,
int qemuMonitorAddDrive(qemuMonitorPtr mon,
const char *drivestr);
+int qemuMonitorDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr);
+
int qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index d3ab25f..e99adac 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2243,6 +2243,30 @@ int qemuMonitorJSONAddDrive(qemuMonitorPtr mon,
}
+int qemuMonitorJSONDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr)
+{
+ int ret;
+ virJSONValuePtr cmd;
+ virJSONValuePtr reply = NULL;
+
+ DEBUG("JSONDriveUnplug drivestr=%s", drivestr);
+ cmd = qemuMonitorJSONMakeCommand("drive_unplug",
+ "s:id", drivestr,
+ NULL);
+ if (!cmd)
+ return -1;
+
+ ret = qemuMonitorJSONCommand(mon, cmd, &reply);
+
+ if (ret == 0)
+ ret = qemuMonitorJSONCheckError(cmd, reply);
+
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+ return ret;
+}
+
int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase)
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 94806c1..6a8692e 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -188,6 +188,9 @@ int qemuMonitorJSONDelDevice(qemuMonitorPtr mon,
int qemuMonitorJSONAddDrive(qemuMonitorPtr mon,
const char *drivestr);
+int qemuMonitorJSONDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr);
+
int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase);
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index 69971a6..ded3078 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -2380,6 +2380,45 @@ cleanup:
return ret;
}
+int qemuMonitorTextDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr)
+{
+ char *cmd = NULL;
+ char *reply = NULL;
+ char *safedev;
+ int ret = -1;
+ DEBUG("TextDriveUnplug drivestr=%s", drivestr);
+
+ if (!(safedev = qemuMonitorEscapeArg(drivestr))) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (virAsprintf(&cmd, "drive_unplug %s", safedev) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (qemuMonitorCommand(mon, cmd, &reply) < 0) {
+ qemuReportError(VIR_ERR_OPERATION_FAILED,
+ _("cannot unplug %s drive"), drivestr);
+ goto cleanup;
+ }
+
+ if (STRNEQ(reply, "")) {
+ qemuReportError(VIR_ERR_OPERATION_FAILED,
+ _("unplugging %s drive failed: %s"), drivestr, reply);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(cmd);
+ VIR_FREE(reply);
+ VIR_FREE(safedev);
+ return ret;
+}
int qemuMonitorTextSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
diff --git a/src/qemu/qemu_monitor_text.h b/src/qemu/qemu_monitor_text.h
index c017509..8355ce8 100644
--- a/src/qemu/qemu_monitor_text.h
+++ b/src/qemu/qemu_monitor_text.h
@@ -186,6 +186,9 @@ int qemuMonitorTextDelDevice(qemuMonitorPtr mon,
int qemuMonitorTextAddDrive(qemuMonitorPtr mon,
const char *drivestr);
+int qemuMonitorTextDriveUnplug(qemuMonitorPtr mon,
+ const char *drivestr);
+
int qemuMonitorTextSetDrivePassphrase(qemuMonitorPtr mon,
const char *alias,
const char *passphrase);
--
Ryan Harper
Software Engineer; Linux Technology Center
IBM Corp., Austin, Tx
ryanh(a)us.ibm.com
3
13
[libvirt] [PATCH] [RESEND] [TCK] nwfilter: Adapt to changes how filters are instantiated
by Stefan Berger 21 Oct '10
by Stefan Berger 21 Oct '10
21 Oct '10
I am resending the patch with 'evolution' and hope no patch-mangling
occurs. At least it looks ok before sending (also sending patch as an
attachment)
Recent changes to how filters are being instantiated require follow-up
changes to the test suite. The following changes are related to
- usage of 'ctdir'
- changes to the host's incoming filter chain
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 10 +++++-----
scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall | 4 ++--
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall | 4 ++--
scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall | 4 ++--
scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall | 6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall | 6 +++---
24 files changed, 63 insertions(+), 63 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN ah ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED
-RETURN ah ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED
-ACCEPT ah a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT ah ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT ah a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT ah ::/0 a:b:c::/128 DSCP match 0x21
-ACCEPT ah ::/0 ::10.1.2.3/128 DSCP match 0x21
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
-RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
+RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT ah -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
-ACCEPT ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
+RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN all ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED
-RETURN all ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED
-ACCEPT all a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT all ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT all a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT all ::/0 a:b:c::/128 DSCP match 0x21
-ACCEPT all ::/0 ::10.1.2.3/128 DSCP match 0x21
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
-RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
+RETURN all -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT all -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
-ACCEPT all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
+RETURN all -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,24 +31,24 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED
-RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED
-RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED
-RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED
+RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
-ACCEPT udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
-ACCEPT sctp ::/0 ::/0 /* comment with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
-ACCEPT ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp ::/0 ::/0 /* comment with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33
-ACCEPT udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
-ACCEPT sctp ::/0 ::/0 /* comment with lone ', `, ", `, \\, $x, and two spaces */
-ACCEPT ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
+RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
@@ -1,22 +1,22 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
-RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED ctdir ORIGINAL
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED ctdir ORIGINAL
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
@@ -11,7 +11,7 @@ DROP icmp -- 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW,ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
@@ -11,7 +11,7 @@ DROP icmp -- 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 state NEW,ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
@@ -1,17 +1,17 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
@@ -2,17 +2,17 @@
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED
-RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21icmp type 255 code 255 state NEW,ESTABLISHED
-ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11
-ACCEPT icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
+RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
@@ -2,17 +2,17 @@
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED
-RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED
+RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT icmpv6 a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
-ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11
-ACCEPT icmpv6 ::/0 ::10.1.2.3/128 DSCP match 0x21
+RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED
+RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
-RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
+RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT 2 -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT 2 -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT 2 -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
-ACCEPT 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
+RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN sctp ::/0 a:b:c::/128 DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN sctp ::/0 ::10.1.2.3/128 DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN sctp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c::/128 DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3/128 DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED
-ACCEPT sctp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED
-ACCEPT sctp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED
+ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT sctp ::/0 a:b:c::/128 DSCP match 0x21sctp spts:100:1111 dpts:20:21
-ACCEPT sctp ::/0 ::10.1.2.3/128 DSCP match 0x3fsctp spt:65535 dpts:255:256
+RETURN sctp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c::/128 DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3/128 DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21sctp spts:100:1111 dpts:20:21
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fsctp spt:65535 dpts:255:256
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21tcp spts:100:1111 dpts:20:21
RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3ftcp spt:65535 dpts:255:256
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
+ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111
ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21tcp spts:100:1111 dpts:20:21
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3ftcp spt:65535 dpts:255:256
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21tcp spts:100:1111 dpts:20:21
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3ftcp spt:65535 dpts:255:256
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN tcp ::/0 a:b:c::/128 DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN tcp ::/0 ::10.1.2.3/128 DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN tcp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c::/128 DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3/128 DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED
-ACCEPT tcp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT tcp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT tcp ::/0 a:b:c::/128 DSCP match 0x21tcp spts:100:1111 dpts:20:21
-ACCEPT tcp ::/0 ::10.1.2.3/128 DSCP match 0x3ftcp spt:65535 dpts:255:256
+RETURN tcp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c::/128 DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3/128 DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udp ::/0 ::/0 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::/0 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED
-ACCEPT udp ::/0 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED
-ACCEPT udp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED
+ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp ::/0 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udp ::/0 ::/0 DSCP match 0x21udp spts:100:1111 dpts:20:21
-ACCEPT udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535 dpts:255:256
+RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::/0 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21udp spts:100:1111 dpts:20:21
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fudp spt:65535 dpts:255:256
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
@@ -3,17 +3,17 @@ Chain FI-vnet0 (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 2
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 2
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN esp ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED
-RETURN esp ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED
-ACCEPT esp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT esp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT esp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT esp ::/0 a:b:c::/128 DSCP match 0x21
-ACCEPT esp ::/0 ::10.1.2.3/128 DSCP match 0x21
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 |tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
-RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
+RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
-ACCEPT esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
+RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udplite ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED
-RETURN udplite ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED
-ACCEPT udplite a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT udplite ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udplite ::/0 a:b:c::/128 DSCP match 0x21
-ACCEPT udplite ::/0 ::10.1.2.3/128 DSCP match 0x21
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c::/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
-RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED
+RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite-- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED
-ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT udplite-- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite-- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
-ACCEPT udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21
+RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,15 +31,15 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED
+RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33
+RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
2
2
21 Oct '10
The install of the TCK test suite did not install the test script and
data. This patch fixes this.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
diff --git a/Build.PL b/Build.PL
index fc44af2..2a4de43 100644
--- a/Build.PL
+++ b/Build.PL
@@ -29,7 +29,7 @@ sub process_pkgdata_files {
my $name = $File::Find::name;
if (-d) {
$tck_dirs{$name} = [];
- } elsif (-f && /\.t$/) {
+ } elsif (-f && (/\.t$/ || /\.sh$/ || /\.fwall$/ || /\.xml$/)) {
push @{$tck_dirs{$dir}}, $name;
}
};
3
2
I am wondering if someone could interpret the valgind output for
memory leak check that I see when I look for memory leaks...
When a thread for creating a VM was spawned I see this output for example:
==15488== LEAK SUMMARY:
==15488== definitely lost: 9,133 bytes in 12 blocks
==15488== indirectly lost: 10,248 bytes in 5 blocks
==15488== possibly lost: 319,199 bytes in 2,887 blocks
==15488== still reachable: 4,635,633 bytes in 30,308 blocks
==15488== suppressed: 0 bytes in 0 blocks
==15488== Reachable blocks (those to which a pointer was found) are not
shown.
==15488== To see them, rerun with: --leak-check=full --show-reachable=yes
The traces above it show some 'wild' paths into libraries. We may either
not be using the libraries correctly or they have leaks themselves ...
When terminating the valgrind process by sending a -SIGTERM to it I then
get this:
==15488== LEAK SUMMARY:
==15488== definitely lost: 0 bytes in 0 blocks
==15488== indirectly lost: 0 bytes in 0 blocks
==15488== possibly lost: 2,701 bytes in 25 blocks
==15488== still reachable: 543,655 bytes in 7,928 blocks
==15488== suppressed: 0 bytes in 0 blocks
==15488== Reachable blocks (those to which a pointer was found) are not
shown.
==15488== To see them, rerun with: --leak-check=full --show-reachable=yes
So in the end is there no leak with 'defintely and indirectly' lost
being '0'?
Actually other tests are not as favorable in the end:
==17333== LEAK SUMMARY:
==17333== definitely lost: 32 bytes in 1 blocks
==17333== indirectly lost: 1,449,440 bytes in 2,020 blocks
==17333== possibly lost: 1,007,275 bytes in 9,780 blocks
==17333== still reachable: 543,827 bytes in 7,933 blocks
==17333== suppressed: 0 bytes in 0 blocks
==17333== Reachable blocks (those to which a pointer was found) are not
shown.
==17333== To see them, rerun with: --leak-check=full --show-reachable=yes
Stefan
3
2
[libvirt] [PATCH] [TCK] nwfilter: Adapt to changes how filters are instantiated
by Stefan Berger 21 Oct '10
by Stefan Berger 21 Oct '10
21 Oct '10
Recent changes to how filters are being instantiated require follow-up
changes to the test suite. The following changes are related to
- usage of 'ctdir'
- changes to the host's incoming filter chain
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall |
10 +++++-----
scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall |
4 ++--
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall |
4 ++--
scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall |
4 ++--
scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall |
6 +++---
scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall |
6 +++---
24 files changed, 63 insertions(+), 63 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN ah ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED
-RETURN ah ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED
-ACCEPT ah a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT ah ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT ah a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT ah a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT ah ::/0 a:b:c::/128 DSCP match
0x21
-ACCEPT ah ::/0 ::10.1.2.3/128 DSCP match
0x21
+RETURN ah f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT ah -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT ah -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN ah -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN ah -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN all ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED
-RETURN all ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED
-ACCEPT all a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT all ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT all a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT all a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT all ::/0 a:b:c::/128 DSCP match
0x21
-ACCEPT all ::/0 ::10.1.2.3/128 DSCP match
0x21
+RETURN all f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT all -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT all -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN all -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,24 +31,24 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED
-RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED
-RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED
-RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir
ORIGINAL
+RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir
ORIGINAL
+RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED ctdir
ORIGINAL
+RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED
-ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
-ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
-ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
ctdir REPLY
+ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
ctdir REPLY
+ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33
-ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
-ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */
-ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir
ORIGINAL
+RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir
ORIGINAL
+RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED ctdir
ORIGINAL
+RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
@@ -1,22 +1,22 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED
-RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED ctdir ORIGINAL
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW,ESTABLISHED
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW,ESTABLISHED ctdir REPLY
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED ctdir ORIGINAL
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
@@ -11,7 +11,7 @@ DROP icmp -- 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 state NEW,ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
@@ -11,7 +11,7 @@ DROP icmp -- 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
0 state NEW,ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
@@ -1,17 +1,17 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
DROP all -- 0.0.0.0/0 0.0.0.0/0
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
@@ -2,17 +2,17 @@
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED
-RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21icmp type 255 code 255 state
NEW,ESTABLISHED
-ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11
-ACCEPT icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
@@ -2,17 +2,17 @@
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state
NEW,ESTABLISHED
-RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED
+RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT icmpv6 a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state
NEW,ESTABLISHED
-ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11
-ACCEPT icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21
+RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state
NEW,ESTABLISHED
+RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT 2 -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT 2 -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT 2 -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN 2 -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN 2 -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED
-ACCEPT sctp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT sctp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT sctp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21
-ACCEPT sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256
+RETURN sctp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp ::/0 a:b:c::/128 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp ::/0 ::10.1.2.3/128 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT sctp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21
-ACCEPT sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN sctp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP
match 0x21tcp spts:100:1111 dpts:20:21
RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP
match 0x3ftcp spt:65535 dpts:255:256
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
+ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111
ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21tcp spts:100:1111 dpts:20:21
-ACCEPT tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3ftcp spt:65535 dpts:255:256
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21tcp spts:100:1111 dpts:20:21
+RETURN tcp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3ftcp spt:65535 dpts:255:256
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT tcp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT tcp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT tcp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21
-ACCEPT tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256
+RETURN tcp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp ::/0 a:b:c::/128 DSCP match
0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 ::10.1.2.3/128 DSCP match
0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED
-ACCEPT udp ::/0 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT udp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp ::/0 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21
-ACCEPT udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256
+RETURN udp ::/0 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp ::/0 ::/0 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp ::/0 ::10.1.2.3/128 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED
-RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state
NEW,ESTABLISHED ctdir REPLY
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN udp -- 0.0.0.0/0 10.1.2.3 DSCP match
0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
@@ -3,17 +3,17 @@ Chain FI-vnet0 (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 2
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 #conn/32 > 2
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN esp ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED
-RETURN esp ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED
-ACCEPT esp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT esp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT esp a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT esp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT esp ::/0 a:b:c::/128 DSCP match
0x21
-ACCEPT esp ::/0 ::10.1.2.3/128 DSCP match
0x21
+RETURN esp f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp ::/0 a:b:c::/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp ::/0 ::10.1.2.3/128 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 |tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
-RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED
+RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED
-ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
-ACCEPT esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21
+RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
+RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match
0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index:
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
+++
libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
@@ -1,21 +1,21 @@
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udplite ::/0 a:b:c::/128 DSCP
match 0x21state ESTABLISHED
-RETURN udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c::/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP
match 0x02state ESTABLISHED
-ACCEPT udplite a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT udplite ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT udplite a:b:c::d:e:f/128 f:e:d::c:b:a/127 DSCP
match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite ::10.1.2.3/128 ::/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udplite ::/0 a:b:c::/128 DSCP
match 0x21
-ACCEPT udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21
+RETURN udplite f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite ::/0 a:b:c::/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite ::/0 ::10.1.2.3/128 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
@@ -1,21 +1,21 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED
-RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED
-RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED
+RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite-- 10.1.2.3 0.0.0.0/0 DSCP
match 0x02state ESTABLISHED
-ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
-ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED
+ACCEPT udplite-- 10.1.2.3 0.0.0.0/0 DSCP
match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT udplite-- 10.1.0.0/22 0.0.0.0/0 MAC
01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02
-ACCEPT udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21
-ACCEPT udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21
+RETURN udplite-- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN udplite-- 0.0.0.0/0 10.1.0.0/22 DSCP
match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED ctdir REPLY
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,15 +31,15 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED
+RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
ctdir REPLY
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33
+RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
2
3
----- "Daniel P. Berrange" <berrange(a)redhat.com> wrote:
> On Tue, Oct 19, 2010 at 03:40:15AM -0400, Osier wrote:
> > From ebab27920ed2bc1984a8b93c354c31947b58f942 Mon Sep 17 00:00:00
> 2001
> > From: Osier Yang <jyang(a)redhat.com>
> > Date: Tue, 19 Oct 2010 15:31:12 +0800
> > Subject: [libvirt-tck 3/4] Add module for hooks testing
> >
> > To validate daemon, qemu, and lxc hook is invoked correctly
> > ---
> > lib/Sys/Virt/TCK/Hooks.pm | 257
> +++++++++++++++++++++++++++++++++++++++++++++
> > 1 files changed, 257 insertions(+), 0 deletions(-)
> > create mode 100644 lib/Sys/Virt/TCK/Hooks.pm
>
> ACK, looks good now.
Thanks, for Slurp requirement, do we need to update the yum repo?
http://people.redhat.com/berrange/yum-libvirt-tck-rhel6/x86_64/
guess only you can do it.. :-)
- Osier
>
>
> Daniel
> --
> |: Red Hat, Engineering, London -o-
> http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o-
> http://deltacloud.org :|
> |: http://autobuild.org -o-
> http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B
> 9505 :|
1
0
* src/libvirt_private.syms: Sort by header name, then within
header, and drop duplicate virNetworkDefParseNode,
virFileLinkPointsTo and virXPathBoolean.
---
Fixes the duplication first noted here, and hopefully makes the
file easier to maintain.
https://www.redhat.com/archives/libvir-list/2010-October/msg00283.html
src/libvirt_private.syms | 746 +++++++++++++++++++++++-----------------------
1 files changed, 376 insertions(+), 370 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 0b1c482..1fdd44c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -4,91 +4,91 @@
#
# authhelper.h
-virRequestUsername;
virRequestPassword;
+virRequestUsername;
# bitmap.h
virBitmapAlloc;
-virBitmapFree;
-virBitmapSetBit;
virBitmapClearBit;
+virBitmapFree;
virBitmapGetBit;
+virBitmapSetBit;
# buf.h
-virBufferVSprintf;
-virBufferEscapeString;
virBufferAdd;
virBufferAddChar;
virBufferContentAndReset;
virBufferError;
-virBufferURIEncodeString;
+virBufferEscapeString;
virBufferFreeAndReset;
-virBufferUse;
virBufferStrcat;
+virBufferURIEncodeString;
+virBufferUse;
+virBufferVSprintf;
# caps.h
virCapabilitiesAddGuest;
virCapabilitiesAddGuestDomain;
virCapabilitiesAddGuestFeature;
+virCapabilitiesAddHostFeature;
virCapabilitiesAddHostMigrateTransport;
virCapabilitiesAddHostNUMACell;
-virCapabilitiesAddHostFeature;
+virCapabilitiesAllocMachines;
virCapabilitiesDefaultGuestArch;
virCapabilitiesDefaultGuestEmulator;
virCapabilitiesDefaultGuestMachine;
virCapabilitiesFormatXML;
virCapabilitiesFree;
+virCapabilitiesFreeMachines;
virCapabilitiesFreeNUMAInfo;
-virCapabilitiesNew;
-virCapabilitiesSetMacPrefix;
virCapabilitiesGenerateMac;
-virCapabilitiesSetEmulatorRequired;
virCapabilitiesIsEmulatorRequired;
-virCapabilitiesAllocMachines;
-virCapabilitiesFreeMachines;
+virCapabilitiesNew;
+virCapabilitiesSetEmulatorRequired;
virCapabilitiesSetHostCPU;
-
-
-# conf.h
-virConfNew;
-virConfReadFile;
-virConfReadMem;
-virConfFree;
-virConfFreeValue;
-virConfGetValue;
-virConfSetValue;
-virConfWriteFile;
-virConfWriteMem;
+virCapabilitiesSetMacPrefix;
# cgroup.h
+virCgroupAddTask;
+virCgroupAllowDeviceMajor;
+virCgroupAllowDevicePath;
+virCgroupControllerTypeFromString;
+virCgroupControllerTypeToString;
+virCgroupDenyAllDevices;
+virCgroupDenyDevicePath;
virCgroupForDomain;
virCgroupForDriver;
-virCgroupRemove;
virCgroupFree;
-virCgroupAddTask;
-virCgroupSetMemory;
-virCgroupGetMemoryUsage;
-virCgroupSetCpuShares;
virCgroupGetCpuShares;
-virCgroupDenyDevicePath;
-virCgroupAllowDevicePath;
-virCgroupDenyAllDevices;
-virCgroupAllowDeviceMajor;
-virCgroupControllerTypeToString;
-virCgroupControllerTypeFromString;
virCgroupGetCpuacctUsage;
virCgroupGetFreezerState;
+virCgroupGetMemoryHardLimit;
+virCgroupGetMemorySoftLimit;
+virCgroupGetMemoryUsage;
+virCgroupGetSwapHardLimit;
+virCgroupRemove;
+virCgroupSetCpuShares;
virCgroupSetFreezerState;
+virCgroupSetMemory;
virCgroupSetMemoryHardLimit;
-virCgroupGetMemoryHardLimit;
virCgroupSetMemorySoftLimit;
-virCgroupGetMemorySoftLimit;
virCgroupSetSwapHardLimit;
-virCgroupGetSwapHardLimit;
+
+
+# conf.h
+virConfFree;
+virConfFreeValue;
+virConfGetValue;
+virConfNew;
+virConfReadFile;
+virConfReadMem;
+virConfSetValue;
+virConfWriteFile;
+virConfWriteMem;
# cpu.h
@@ -100,204 +100,214 @@ cpuDataFree;
cpuDecode;
cpuEncode;
cpuGuestData;
+cpuHasFeature;
cpuNodeData;
cpuUpdate;
-cpuHasFeature;
# cpu_conf.h
-virCPUDefFree;
-virCPUDefParseXML;
-virCPUDefFormat;
-virCPUDefFormatBuf;
virCPUDefAddFeature;
virCPUDefCopy;
+virCPUDefFormat;
+virCPUDefFormatBuf;
+virCPUDefFree;
+virCPUDefParseXML;
# datatypes.h
virGetDomain;
+virGetDomainSnapshot;
virGetInterface;
+virGetNWFilter;
virGetNetwork;
+virGetNodeDevice;
+virGetSecret;
virGetStoragePool;
virGetStorageVol;
-virGetSecret;
-virUnrefStorageVol;
-virGetNodeDevice;
-virUnrefDomain;
+virGetStream;
virUnrefConnect;
+virUnrefDomain;
+virUnrefNWFilter;
virUnrefSecret;
-virGetStream;
+virUnrefStorageVol;
virUnrefStream;
-virGetNWFilter;
-virUnrefNWFilter;
-virGetDomainSnapshot;
+
+
+# dnsmasq.h
+dnsmasqAddDhcpHost;
+dnsmasqContextFree;
+dnsmasqContextNew;
+dnsmasqDelete;
+dnsmasqReload;
+dnsmasqSave;
# domain_conf.h
virDiskNameToBusDeviceIndex;
virDiskNameToIndex;
virDomainAssignDef;
-virDomainConfigFile;
-virDomainCpuSetFormat;
-virDomainCpuSetParse;
+virDomainChrConsoleTargetTypeFromString;
+virDomainChrConsoleTargetTypeToString;
+virDomainChrDefForeach;
virDomainChrDefFree;
+virDomainChrTcpProtocolTypeFromString;
+virDomainChrTcpProtocolTypeToString;
virDomainChrTypeFromString;
virDomainChrTypeToString;
+virDomainClockOffsetTypeFromString;
+virDomainClockOffsetTypeToString;
+virDomainConfigFile;
+virDomainControllerDefFree;
+virDomainControllerInsert;
+virDomainControllerInsertPreAlloced;
+virDomainControllerModelTypeFromString;
+virDomainControllerModelTypeToString;
+virDomainControllerTypeToString;
+virDomainCpuSetFormat;
+virDomainCpuSetParse;
+virDomainDefAddImplicitControllers;
+virDomainDefClearDeviceAliases;
+virDomainDefClearPCIAddresses;
virDomainDefFormat;
virDomainDefFree;
virDomainDefParseFile;
virDomainDefParseNode;
virDomainDefParseString;
virDomainDeleteConfig;
+virDomainDeviceAddressIsValid;
+virDomainDeviceAddressTypeToString;
virDomainDeviceDefFree;
virDomainDeviceDefParse;
+virDomainDeviceInfoIsSet;
+virDomainDeviceInfoIterate;
+virDomainDevicePCIAddressIsValid;
virDomainDeviceTypeToString;
virDomainDiskBusTypeToString;
+virDomainDiskCacheTypeFromString;
+virDomainDiskCacheTypeToString;
+virDomainDiskDefAssignAddress;
+virDomainDiskDefForeachPath;
virDomainDiskDefFree;
virDomainDiskDeviceTypeToString;
+virDomainDiskErrorPolicyTypeToString;
virDomainDiskInsert;
virDomainDiskInsertPreAlloced;
virDomainDiskRemove;
-virDomainDiskDefAssignAddress;
-virDomainDiskTypeToString;
virDomainDiskTypeFromString;
-virDomainControllerInsert;
-virDomainControllerInsertPreAlloced;
-virDomainControllerModelTypeFromString;
-virDomainControllerModelTypeToString;
+virDomainDiskTypeToString;
+virDomainFSDefFree;
virDomainFindByID;
virDomainFindByName;
virDomainFindByUUID;
virDomainGetRootFilesystem;
+virDomainGraphicsDefFree;
virDomainGraphicsTypeFromString;
virDomainGraphicsTypeToString;
-virDomainGraphicsDefFree;
virDomainHostdevDefFree;
virDomainHostdevModeTypeToString;
virDomainHostdevSubsysTypeToString;
virDomainInputDefFree;
-virDomainLifecycleTypeFromString;
-virDomainLifecycleTypeToString;
virDomainLifecycleCrashTypeFromString;
virDomainLifecycleCrashTypeToString;
+virDomainLifecycleTypeFromString;
+virDomainLifecycleTypeToString;
virDomainLoadAllConfigs;
+virDomainMemballoonModelTypeFromString;
+virDomainMemballoonModelTypeToString;
virDomainNetDefFree;
virDomainNetTypeToString;
+virDomainObjAssignDef;
+virDomainObjIsDuplicate;
+virDomainObjListDeinit;
+virDomainObjListGetActiveIDs;
+virDomainObjListGetInactiveNames;
+virDomainObjListInit;
+virDomainObjListNumOfDomains;
+virDomainObjLock;
+virDomainObjRef;
+virDomainObjUnlock;
+virDomainObjUnref;
virDomainRemoveInactive;
-virDomainSaveXML;
virDomainSaveConfig;
virDomainSaveStatus;
+virDomainSaveXML;
+virDomainSnapshotAssignDef;
+virDomainSnapshotDefFormat;
+virDomainSnapshotDefFree;
+virDomainSnapshotDefParseString;
+virDomainSnapshotFindByName;
+virDomainSnapshotHasChildren;
+virDomainSnapshotObjListGetNames;
+virDomainSnapshotObjListNum;
+virDomainSnapshotObjListRemove;
+virDomainSnapshotObjUnref;
virDomainSoundDefFree;
virDomainSoundModelTypeFromString;
virDomainSoundModelTypeToString;
-virDomainMemballoonModelTypeFromString;
-virDomainMemballoonModelTypeToString;
-virDomainWatchdogModelTypeFromString;
-virDomainWatchdogModelTypeToString;
-virDomainWatchdogActionTypeFromString;
-virDomainWatchdogActionTypeToString;
+virDomainStateTypeFromString;
+virDomainStateTypeToString;
+virDomainTimerModeTypeFromString;
+virDomainTimerModeTypeToString;
+virDomainTimerNameTypeFromString;
+virDomainTimerNameTypeToString;
+virDomainTimerTickpolicyTypeFromString;
+virDomainTimerTickpolicyTypeToString;
+virDomainTimerTrackTypeFromString;
+virDomainTimerTrackTypeToString;
virDomainVideoDefFree;
-virDomainVideoTypeToString;
-virDomainVideoTypeFromString;
virDomainVideoDefaultRAM;
virDomainVideoDefaultType;
+virDomainVideoTypeFromString;
+virDomainVideoTypeToString;
virDomainVirtTypeToString;
-virDomainFSDefFree;
-virDomainObjLock;
-virDomainObjUnlock;
-virDomainStateTypeToString;
-virDomainStateTypeFromString;
-virDomainObjIsDuplicate;
-virDomainObjListGetInactiveNames;
-virDomainObjListGetActiveIDs;
-virDomainObjListNumOfDomains;
-virDomainObjListInit;
-virDomainObjListDeinit;
-virDomainObjRef;
-virDomainObjUnref;
-virDomainDeviceAddressIsValid;
-virDomainDevicePCIAddressIsValid;
-virDomainDeviceInfoIsSet;
-virDomainControllerTypeToString;
-virDomainControllerDefFree;
-virDomainDeviceAddressTypeToString;
-virDomainDefAddImplicitControllers;
-virDomainDefClearPCIAddresses;
-virDomainDefClearDeviceAliases;
-virDomainDeviceInfoIterate;
-virDomainClockOffsetTypeToString;
-virDomainClockOffsetTypeFromString;
-virDomainDiskErrorPolicyTypeToString;
-virDomainTimerNameTypeToString;
-virDomainTimerNameTypeFromString;
-virDomainTimerTrackTypeToString;
-virDomainTimerTrackTypeFromString;
-virDomainTimerTickpolicyTypeToString;
-virDomainTimerTickpolicyTypeFromString;
-virDomainTimerModeTypeToString;
-virDomainTimerModeTypeFromString;
-virDomainSnapshotObjListGetNames;
-virDomainSnapshotObjListNum;
-virDomainSnapshotFindByName;
-virDomainSnapshotObjListRemove;
-virDomainSnapshotHasChildren;
-virDomainSnapshotObjUnref;
-virDomainSnapshotDefParseString;
-virDomainSnapshotDefFormat;
-virDomainSnapshotDefFree;
-virDomainSnapshotAssignDef;
-virDomainObjAssignDef;
-virDomainChrDefForeach;
-virDomainDiskDefForeachPath;
-virDomainChrConsoleTargetTypeToString;
-virDomainChrConsoleTargetTypeFromString;
-virDomainChrTcpProtocolTypeToString;
-virDomainChrTcpProtocolTypeFromString;
-virDomainDiskCacheTypeToString;
-virDomainDiskCacheTypeFromString;
+virDomainWatchdogActionTypeFromString;
+virDomainWatchdogActionTypeToString;
+virDomainWatchdogModelTypeFromString;
+virDomainWatchdogModelTypeToString;
# domain_event.h
virDomainEventCallbackListAdd;
virDomainEventCallbackListAddID;
+virDomainEventCallbackListCount;
+virDomainEventCallbackListCountID;
+virDomainEventCallbackListEventID;
virDomainEventCallbackListFree;
-virDomainEventCallbackListRemove;
-virDomainEventCallbackListRemoveID;
-virDomainEventCallbackListRemoveConn;
virDomainEventCallbackListMarkDelete;
virDomainEventCallbackListMarkDeleteID;
virDomainEventCallbackListPurgeMarked;
-virDomainEventCallbackListCount;
-virDomainEventCallbackListCountID;
-virDomainEventCallbackListEventID;
-virDomainEventQueueNew;
-virDomainEventQueueFree;
-virDomainEventQueuePop;
-virDomainEventQueuePush;
+virDomainEventCallbackListRemove;
+virDomainEventCallbackListRemoveConn;
+virDomainEventCallbackListRemoveID;
+virDomainEventDispatch;
+virDomainEventDispatchDefaultFunc;
+virDomainEventFree;
+virDomainEventGraphicsNewFromDom;
+virDomainEventGraphicsNewFromObj;
+virDomainEventIOErrorNewFromDom;
+virDomainEventIOErrorNewFromObj;
+virDomainEventIOErrorReasonNewFromDom;
+virDomainEventIOErrorReasonNewFromObj;
virDomainEventNew;
+virDomainEventNewFromDef;
virDomainEventNewFromDom;
virDomainEventNewFromObj;
-virDomainEventNewFromDef;
-virDomainEventRebootNewFromDom;
-virDomainEventRebootNewFromObj;
+virDomainEventQueueDispatch;
+virDomainEventQueueFree;
+virDomainEventQueueNew;
+virDomainEventQueuePop;
+virDomainEventQueuePush;
virDomainEventRTCChangeNewFromDom;
virDomainEventRTCChangeNewFromObj;
+virDomainEventRebootNewFromDom;
+virDomainEventRebootNewFromObj;
virDomainEventWatchdogNewFromDom;
virDomainEventWatchdogNewFromObj;
-virDomainEventIOErrorNewFromDom;
-virDomainEventIOErrorNewFromObj;
-virDomainEventIOErrorReasonNewFromDom;
-virDomainEventIOErrorReasonNewFromObj;
-virDomainEventGraphicsNewFromDom;
-virDomainEventGraphicsNewFromObj;
-virDomainEventFree;
-virDomainEventDispatchDefaultFunc;
-virDomainEventDispatch;
-virDomainEventQueueDispatch;
+
# domain_nwfilter.h
-virDomainConfNWFilterRegister;
virDomainConfNWFilterInstantiate;
+virDomainConfNWFilterRegister;
virDomainConfNWFilterTeardown;
virDomainConfVMNWFilterTeardown;
@@ -322,6 +332,10 @@ virEventUpdateHandle;
virEventUpdateTimeout;
+# files.h
+virClose;
+
+
# hash.h
virHashAddEntry;
virHashCreate;
@@ -340,19 +354,28 @@ virHookInitialize;
virHookPresent;
+# interface.h
+ifaceCheck;
+ifaceCtrl;
+ifaceGetFlags;
+ifaceGetIndex;
+ifaceGetVlanID;
+ifaceIsUp;
+
+
# interface_conf.h
+virInterfaceAssignDef;
virInterfaceDefFormat;
+virInterfaceDefFree;
virInterfaceDefParseFile;
-virInterfaceDefParseString;
virInterfaceDefParseNode;
-virInterfaceDefFree;
-virInterfaceFindByName;
+virInterfaceDefParseString;
virInterfaceFindByMACString;
-virInterfaceAssignDef;
-virInterfaceRemove;
+virInterfaceFindByName;
+virInterfaceObjListFree;
virInterfaceObjLock;
virInterfaceObjUnlock;
-virInterfaceObjListFree;
+virInterfaceRemove;
# iptables.h
@@ -380,105 +403,96 @@ iptablesRemoveTcpInput;
iptablesRemoveUdpInput;
-# dnsmasq.h
-dnsmasqContextNew;
-dnsmasqContextFree;
-dnsmasqAddDhcpHost;
-dnsmasqSave;
-dnsmasqDelete;
-dnsmasqReload;
-
-
-# libvirt_internal.h
-virDrvSupportsFeature;
-virDomainMigratePrepare;
-virDomainMigratePerform;
-virDomainMigrateFinish;
-virDomainMigratePrepare2;
-virDomainMigrateFinish2;
-virDomainMigratePrepareTunnel;
-virRegisterDriver;
-virRegisterInterfaceDriver;
-virRegisterNetworkDriver;
-virRegisterStorageDriver;
-virRegisterDeviceMonitor;
-virRegisterSecretDriver;
-virRegisterNWFilterDriver;
-
-
# json.h
+virJSONValueArrayAppend;
+virJSONValueArrayGet;
+virJSONValueArraySize;
virJSONValueFree;
-virJSONValueNewString;
-virJSONValueNewStringLen;
+virJSONValueFromString;
+virJSONValueGetBoolean;
+virJSONValueGetNumberDouble;
+virJSONValueGetNumberInt;
+virJSONValueGetNumberLong;
+virJSONValueGetNumberUint;
+virJSONValueGetNumberUlong;
+virJSONValueGetString;
+virJSONValueIsNull;
+virJSONValueNewArray;
+virJSONValueNewBoolean;
+virJSONValueNewNull;
+virJSONValueNewNumberDouble;
virJSONValueNewNumberInt;
-virJSONValueNewNumberUint;
virJSONValueNewNumberLong;
+virJSONValueNewNumberUint;
virJSONValueNewNumberUlong;
-virJSONValueNewNumberDouble;
-virJSONValueNewBoolean;
-virJSONValueNewNull;
-virJSONValueNewArray;
virJSONValueNewObject;
+virJSONValueNewString;
+virJSONValueNewStringLen;
virJSONValueObjectAppend;
-virJSONValueObjectAppendString;
+virJSONValueObjectAppendBoolean;
+virJSONValueObjectAppendNull;
+virJSONValueObjectAppendNumberDouble;
virJSONValueObjectAppendNumberInt;
-virJSONValueObjectAppendNumberUint;
virJSONValueObjectAppendNumberLong;
+virJSONValueObjectAppendNumberUint;
virJSONValueObjectAppendNumberUlong;
-virJSONValueObjectAppendNumberDouble;
-virJSONValueObjectAppendBoolean;
-virJSONValueObjectAppendNull;
-virJSONValueArrayAppend;
-virJSONValueObjectHasKey;
+virJSONValueObjectAppendString;
virJSONValueObjectGet;
-virJSONValueArraySize;
-virJSONValueArrayGet;
-virJSONValueGetString;
-virJSONValueGetNumberInt;
-virJSONValueGetNumberUint;
-virJSONValueGetNumberLong;
-virJSONValueGetNumberUlong;
-virJSONValueGetNumberDouble;
-virJSONValueGetBoolean;
-virJSONValueIsNull;
-virJSONValueObjectGetString;
+virJSONValueObjectGetBoolean;
+virJSONValueObjectGetNumberDouble;
virJSONValueObjectGetNumberInt;
-virJSONValueObjectGetNumberUint;
virJSONValueObjectGetNumberLong;
+virJSONValueObjectGetNumberUint;
virJSONValueObjectGetNumberUlong;
-virJSONValueObjectGetNumberDouble;
-virJSONValueObjectGetBoolean;
+virJSONValueObjectGetString;
+virJSONValueObjectHasKey;
virJSONValueObjectIsNull;
-virJSONValueFromString;
virJSONValueToString;
+# libvirt_internal.h
+virDomainMigrateFinish2;
+virDomainMigrateFinish;
+virDomainMigratePerform;
+virDomainMigratePrepare2;
+virDomainMigratePrepare;
+virDomainMigratePrepareTunnel;
+virDrvSupportsFeature;
+virRegisterDeviceMonitor;
+virRegisterDriver;
+virRegisterInterfaceDriver;
+virRegisterNWFilterDriver;
+virRegisterNetworkDriver;
+virRegisterSecretDriver;
+virRegisterStorageDriver;
+
+
# logging.h
-virLogMessage;
+virLogDefineFilter;
+virLogDefineOutput;
+virLogGetDefaultPriority;
+virLogGetFilters;
virLogGetNbFilters;
virLogGetNbOutputs;
-virLogGetFilters;
virLogGetOutputs;
-virLogGetDefaultPriority;
-virLogSetDefaultPriority;
-virLogSetFromEnv;
-virLogDefineFilter;
-virLogDefineOutput;
+virLogLock;
+virLogMessage;
virLogParseDefaultPriority;
virLogParseFilters;
virLogParseOutputs;
-virLogStartup;
-virLogShutdown;
virLogReset;
-virLogLock;
+virLogSetDefaultPriority;
+virLogSetFromEnv;
+virLogShutdown;
+virLogStartup;
virLogUnlock;
# memory.h
virAlloc;
virAllocN;
-virReallocN;
virFree;
+virReallocN;
# network.h
@@ -505,70 +519,69 @@ virNetworkDeleteConfig;
virNetworkFindByName;
virNetworkFindByUUID;
virNetworkLoadAllConfigs;
+virNetworkObjIsDuplicate;
virNetworkObjListFree;
-virNetworkDefParseNode;
+virNetworkObjLock;
+virNetworkObjUnlock;
virNetworkRemoveInactive;
virNetworkSaveConfig;
virNetworkSetBridgeName;
-virNetworkObjLock;
-virNetworkObjUnlock;
-virNetworkObjIsDuplicate;
-
-
-# nodeinfo.h
-nodeGetInfo;
-nodeCapsInitNUMA;
-nodeGetCellsFreeMemory;
-nodeGetFreeMemory;
# node_device_conf.h
-virNodeDeviceHasCap;
-virNodeDeviceObjRemove;
virNodeDevCapTypeToString;
-virNodeDeviceFindByName;
-virNodeDeviceFindBySysfsPath;
-virNodeDeviceObjListFree;
-virNodeDeviceDefFree;
virNodeDevCapsDefFree;
+virNodeDeviceAssignDef;
virNodeDeviceDefFormat;
-virNodeDeviceDefParseString;
-virNodeDeviceDefParseNode;
+virNodeDeviceDefFree;
virNodeDeviceDefParseFile;
+virNodeDeviceDefParseNode;
+virNodeDeviceDefParseString;
+virNodeDeviceFindByName;
+virNodeDeviceFindBySysfsPath;
+virNodeDeviceGetParentHost;
+virNodeDeviceGetWWNs;
+virNodeDeviceHasCap;
+virNodeDeviceObjListFree;
virNodeDeviceObjLock;
+virNodeDeviceObjRemove;
virNodeDeviceObjUnlock;
-virNodeDeviceAssignDef;
-virNodeDeviceGetWWNs;
-virNodeDeviceGetParentHost;
+
+
+# nodeinfo.h
+nodeCapsInitNUMA;
+nodeGetCellsFreeMemory;
+nodeGetFreeMemory;
+nodeGetInfo;
# nwfilter_conf.h
+virNWFilterCallbackDriversLock;
+virNWFilterCallbackDriversUnlock;
+virNWFilterChainSuffixTypeToString;
+virNWFilterConfLayerInit;
+virNWFilterConfLayerShutdown;
+virNWFilterDefFormat;
+virNWFilterDefFree;
+virNWFilterDefParseString;
+virNWFilterJumpTargetTypeToString;
+virNWFilterLockFilterUpdates;
virNWFilterPoolLoadAllConfigs;
virNWFilterPoolObjAssignDef;
-virNWFilterPoolObjSaveDef;
+virNWFilterPoolObjDeleteDef;
virNWFilterPoolObjFindByName;
virNWFilterPoolObjFindByUUID;
+virNWFilterPoolObjListFree;
virNWFilterPoolObjLock;
-virNWFilterPoolObjUnlock;
virNWFilterPoolObjRemove;
-virNWFilterDefFree;
-virNWFilterDefParseString;
-virNWFilterPoolObjDeleteDef;
-virNWFilterPoolObjListFree;
-virNWFilterDefFormat;
-virNWFilterChainSuffixTypeToString;
+virNWFilterPoolObjSaveDef;
+virNWFilterPoolObjUnlock;
+virNWFilterPrintStateMatchFlags;
+virNWFilterRegisterCallbackDriver;
virNWFilterRuleActionTypeToString;
virNWFilterRuleProtocolTypeToString;
-virNWFilterJumpTargetTypeToString;
-virNWFilterRegisterCallbackDriver;
virNWFilterTestUnassignDef;
-virNWFilterConfLayerInit;
-virNWFilterConfLayerShutdown;
-virNWFilterLockFilterUpdates;
virNWFilterUnlockFilterUpdates;
-virNWFilterPrintStateMatchFlags;
-virNWFilterCallbackDriversLock;
-virNWFilterCallbackDriversUnlock;
# nwfilter_params.h
@@ -580,205 +593,201 @@ virNWFilterHashTableRemoveEntry;
# pci.h
-pciGetDevice;
-pciFreeDevice;
pciDettachDevice;
-pciReAttachDevice;
-pciWaitForDeviceCleanup;
-pciResetDevice;
-pciDeviceSetManaged;
+pciDeviceFileIterate;
pciDeviceGetManaged;
-pciDeviceListNew;
-pciDeviceListFree;
+pciDeviceIsAssignable;
pciDeviceListAdd;
-pciDeviceListDel;
-pciDeviceFileIterate;
pciDeviceListCount;
+pciDeviceListDel;
+pciDeviceListFree;
pciDeviceListGet;
+pciDeviceListNew;
pciDeviceListSteal;
-pciDeviceIsAssignable;
+pciDeviceSetManaged;
+pciFreeDevice;
+pciGetDevice;
+pciReAttachDevice;
+pciResetDevice;
+pciWaitForDeviceCleanup;
# processinfo.h
-virProcessInfoSetAffinity;
virProcessInfoGetAffinity;
+virProcessInfoSetAffinity;
# qparams.h
+free_qparam_set;
qparam_get_query;
qparam_query_parse;
-free_qparam_set;
+
# secret_conf.h
+virSecretDefFormat;
virSecretDefFree;
-virSecretDefParseString;
virSecretDefParseFile;
-virSecretDefFormat;
+virSecretDefParseString;
# security.h
-virSecurityDriverVerify;
-virSecurityDriverStartup;
-virSecurityDriverInit;
-virSecurityDriverSetDOI;
virSecurityDriverGetDOI;
virSecurityDriverGetModel;
+virSecurityDriverInit;
+virSecurityDriverSetDOI;
+virSecurityDriverStartup;
+virSecurityDriverVerify;
# storage_conf.h
+virStoragePartedFsTypeTypeToString;
virStoragePoolDefFormat;
virStoragePoolDefFree;
-virStoragePoolDefParseString;
virStoragePoolDefParseFile;
virStoragePoolDefParseNode;
+virStoragePoolDefParseSourceString;
+virStoragePoolDefParseString;
+virStoragePoolFormatDiskTypeToString;
+virStoragePoolFormatFileSystemNetTypeToString;
+virStoragePoolFormatFileSystemTypeToString;
virStoragePoolLoadAllConfigs;
virStoragePoolObjAssignDef;
virStoragePoolObjClearVols;
virStoragePoolObjDeleteDef;
virStoragePoolObjFindByName;
virStoragePoolObjFindByUUID;
+virStoragePoolObjIsDuplicate;
virStoragePoolObjListFree;
+virStoragePoolObjLock;
virStoragePoolObjRemove;
virStoragePoolObjSaveDef;
+virStoragePoolObjUnlock;
virStoragePoolSourceFree;
-virStoragePoolDefParseSourceString;
-virStoragePoolSourceListNewSource;
virStoragePoolSourceListFormat;
+virStoragePoolSourceListNewSource;
+virStoragePoolTypeFromString;
virStorageVolDefFindByKey;
virStorageVolDefFindByName;
virStorageVolDefFindByPath;
virStorageVolDefFormat;
virStorageVolDefFree;
virStorageVolDefParseFile;
-virStorageVolDefParseString;
virStorageVolDefParseNode;
-virStoragePoolFormatDiskTypeToString;
-virStoragePoolFormatFileSystemTypeToString;
-virStoragePoolFormatFileSystemNetTypeToString;
-virStoragePoolTypeFromString;
-virStoragePartedFsTypeTypeToString;
-virStoragePoolObjLock;
-virStoragePoolObjUnlock;
-virStoragePoolObjIsDuplicate;
+virStorageVolDefParseString;
+
# storage_encryption_conf.h
+virStorageEncryptionFormat;
virStorageEncryptionFree;
virStorageEncryptionParseNode;
-virStorageEncryptionFormat;
virStorageGenerateQcowPassphrase;
+
# storage_file.h
-virStorageFileFormatTypeToString;
virStorageFileFormatTypeFromString;
-virStorageFileProbeFormat;
-virStorageFileProbeFormatFromFD;
+virStorageFileFormatTypeToString;
virStorageFileGetMetadata;
virStorageFileGetMetadataFromFD;
virStorageFileIsSharedFS;
+virStorageFileProbeFormat;
+virStorageFileProbeFormatFromFD;
+
# threads.h
+virCondBroadcast;
+virCondDestroy;
+virCondInit;
+virCondSignal;
+virCondWait;
+virCondWaitUntil;
+virMutexDestroy;
virMutexInit;
virMutexInitRecursive;
-virMutexDestroy;
virMutexLock;
virMutexUnlock;
-virCondInit;
-virCondDestroy;
-virCondWait;
-virCondWaitUntil;
-virCondSignal;
-virCondBroadcast;
+
+# usb.h
+usbDeviceFileIterate;
+usbDeviceGetBus;
+usbDeviceGetDevno;
+usbFindDevice;
+usbFreeDevice;
+usbGetDevice;
+
# util.h
-virFileReadAll;
-virFileWriteStr;
-virStrToLong_i;
-virStrToLong_ll;
-virStrToLong_ull;
-virStrToLong_ui;
-virStrToDouble;
-virFileLinkPointsTo;
-virFileResolveLink;
saferead;
safewrite;
safezero;
-virHexToBin;
-virMacAddrCompare;
+virArgvToString;
+virAsprintf;
+virBuildPathInternal;
+virDirCreate;
virEnumFromString;
virEnumToString;
virEventAddHandle;
virEventRemoveHandle;
virExec;
virExecDaemonize;
-virSetCloseExec;
-virSetNonBlock;
-virFormatMacAddr;
-virGetHostname;
-virParseMacAddr;
+virFileAbsPath;
virFileDeletePid;
-virFindFileInPath;
virFileExists;
+virFileFindMountPoint;
virFileHasSuffix;
virFileLinkPointsTo;
virFileMakePath;
-virFileAbsPath;
+virFileMatchesNameSuffix;
virFileOpenTty;
-virFileReadLimFD;
+virFileOperation;
virFilePid;
+virFileReadAll;
+virFileReadLimFD;
virFileReadPid;
-virFileLinkPointsTo;
+virFileResolveLink;
virFileSanitizePath;
+virFileStripSuffix;
+virFileWaitForDevices;
+virFileWriteStr;
+virFindFileInPath;
+virFork;
+virFormatMacAddr;
+virGetGroupID;
+virGetHostname;
+virGetUserDirectory;
+virGetUserID;
+virGetUserName;
+virHexToBin;
+virIndexToDiskName;
+virKillProcess;
+virMacAddrCompare;
+virParseMacAddr;
virParseNumber;
virParseVersionString;
virPipeReadUntilEOF;
-virAsprintf;
+virRandom;
+virRandomInitialize;
virRun;
virRunWithHook;
+virSetCloseExec;
+virSetNonBlock;
virSkipSpaces;
-virKillProcess;
-virGetUserDirectory;
-virGetUserName;
-virGetUserID;
-virGetGroupID;
-virFileFindMountPoint;
-virFileWaitForDevices;
-virFileMatchesNameSuffix;
-virArgvToString;
+virStrToDouble;
+virStrToLong_i;
+virStrToLong_ll;
+virStrToLong_ui;
+virStrToLong_ull;
virStrcpy;
virStrncpy;
-virBuildPathInternal;
-virFileStripSuffix;
-virFileOperation;
-virFork;
-virRandom;
-virRandomInitialize;
-virDirCreate;
-virIndexToDiskName;
-
-
-# interface.h
-ifaceCtrl;
-ifaceCheck;
-ifaceGetIndex;
-ifaceGetFlags;
-ifaceIsUp;
-ifaceGetVlanID;
-# usb.h
-usbGetDevice;
-usbFindDevice;
-usbFreeDevice;
-usbDeviceGetBus;
-usbDeviceGetDevno;
-usbDeviceFileIterate;
# uuid.h
+virGetHostUUID;
+virSetHostUUIDStr;
virUUIDFormat;
virUUIDGenerate;
virUUIDParse;
-virSetHostUUIDStr;
-virGetHostUUID;
+
# virtaudit.h
virAuditClose;
@@ -788,31 +797,28 @@ virAuditSend;
# virterror_internal.h
-virReportErrorHelper;
+virDispatchError;
virErrorMsg;
virRaiseErrorFull;
-virReportSystemErrorFull;
+virReportErrorHelper;
virReportOOMErrorFull;
-virStrerror;
+virReportSystemErrorFull;
virSetError;
-virDispatchError;
+virStrerror;
# xml.h
+virXMLPropString;
virXPathBoolean;
virXPathLong;
+virXPathLongHex;
+virXPathLongLong;
virXPathNode;
virXPathNodeSet;
+virXPathNumber;
virXPathString;
-virXMLPropString;
virXPathStringLimit;
-virXPathBoolean;
-virXPathNumber;
virXPathULong;
-virXPathLongLong;
-virXPathULongLong;
-virXPathLongHex;
virXPathULongHex;
+virXPathULongLong;
-# files.h
-virClose;
--
1.7.2.3
2
3
[libvirt] [PATCH] [TCK] nwfilter: add test data for recently added extensions
by Stefan Berger 21 Oct '10
by Stefan Berger 21 Oct '10
21 Oct '10
This patch adds more test data for the recently added comment and
state attribute.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 77
+++++++++++++++
scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall | 22 ++++
scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall | 20 +++
scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml | 71
+++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/example-1.xml | 24 ++++
scripts/nwfilter/nwfilterxml2xmlin/example-2.xml | 37 +++++++
6 files changed, 251 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml
@@ -0,0 +1,71 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <rule action='accept' direction='in'>
+ <mac protocolid='0x1234' comment='mac rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ protocol='udp'
+ srcportstart='0x123' srcportend='0x234'
+ dstportstart='0x3456' dstportend='0x4567'
+ dscp='0x32' comment='ip rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
+ srcipaddr='::10.1.2.3' srcipmask='22'
+ dstipaddr='::10.1.2.3'
+ dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
+ protocol='tcp'
+ srcportstart='0x111' srcportend='400'
+ dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ hwtype='0x12'
+ protocoltype='0x56'
+ opcode='Request'
+ arpsrcmacaddr='1:2:3:4:5:6'
+ arpdstmacaddr='a:b:c:d:e:f'
+ comment='arp rule'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <udp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='0x22'
+ srcportstart='0x123' srcportend='400'
+ dstportstart='0x234' dstportend='0x444'
+ comment='udp rule'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='0x40'
+ srcportstart='0x20' srcportend='0x21'
+ dstportstart='0x100' dstportend='0x1111'
+ comment='tcp/ipv6 rule'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <udp-ipv6 comment='`ls`;${COLUMNS};$(ls);"test";&'3
spaces''/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <sctp-ipv6 comment='comment with lone ', `, ", `, \, $x, and two
spaces'/>
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat <
${tmp}; rm -f ${tmp}'/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -0,0 +1,77 @@
+#ebtables -t nat -L PREROUTING | grep vnet0 | grep -v "^Bridge" | grep
-v "^$"
+-i vnet0 -j libvirt-I-vnet0
+#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep
-v "^$"
+-o vnet0 -j libvirt-O-vnet0
+#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst
10.1.2.3 --ip-tos 0x32 --ip-proto udp --ip-sport 291:564 --ip-dport
13398:17767 -j ACCEPT
+-p IPv6 -s 1:2:3:4:5:6/ff:ff:ff:ff:ff:fe -d
aa:bb:cc:dd:ee:80/ff:ff:ff:ff:ff:80 --ip6-src ::/ffff:fc00:: --ip6-dst
::10.1.0.0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000 --ip6-proto tcp
--ip6-sport 273:400 --ip6-dport 13107:65535 -j ACCEPT
+-p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype
18 --arp-ptype 0x56 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f
-j ACCEPT
+#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p 0x1234 -j ACCEPT
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092
+#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out
vnet0
+#ip6tables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED
+RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED
+RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state ESTABLISHED
+RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED
+#ip6tables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED
+ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
+ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */ state NEW,ESTABLISHED
+ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED
+#ip6tables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33
+ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
+ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \\, $x, and two spaces */
+ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
+#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in-post -n | grep vnet0
+ACCEPT all ::/0 ::/0 PHYSDEV
match --physdev-in vnet0
+#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out
vnet0
+#ip6tables -L INPUT -n --line-numbers | grep libvirt
+1 libvirt-host-in all ::/0 ::/0
+#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
+#ip6tables -L libvirt-in-post -n | grep vnet0
+ACCEPT all ::/0 ::/0 PHYSDEV
match --physdev-in vnet0
+#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-1.fwall
@@ -0,0 +1,22 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
state ESTABLISHED
+RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
+DROP all -- 0.0.0.0/0 0.0.0.0/0
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW,ESTABLISHED
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
+DROP all -- 0.0.0.0/0 0.0.0.0/0
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
+DROP all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-1.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-1.xml
@@ -0,0 +1,24 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <!-- allow incoming ssh connections -->
+ <rule action='accept' direction='in' priority='100'>
+ <tcp dstportstart='22'/>
+ </rule>
+
+ <!-- allow incoming ICMP (ping) packets -->
+ <rule action='accept' direction='in' priority='200'>
+ <icmp/>
+ </rule>
+
+ <!-- allow all outgoing traffic -->
+ <rule action='accept' direction='in' priority='300'>
+ <all/>
+ </rule>
+
+ <!-- drop all other traffic -->
+ <rule action='drop' direction='inout' priority='1000'>
+ <all/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-2.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/example-2.xml
@@ -0,0 +1,37 @@
+<filter name='tck-testcase'>
+ <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+
+ <!-- VM outgoing: allow all established and related connections -->
+ <rule action='accept' direction='out' priority='100'>
+ <all state='ESTABLISHED,RELATED'
+ comment='out: existing and related (ftp) connections'/>
+ </rule>
+
+ <!-- VM incoming: allow all established connections -->
+ <rule action='accept' direction='in' priority='100'>
+ <all state='ESTABLISHED'
+ comment='in: existing connections'/>
+ </rule>
+
+ <!-- allow incoming ssh and ftp traffic -->
+ <rule action='accept' direction='in' priority='200'>
+ <tcp dstportstart='21' dstportend='22' state='NEW'
+ comment='in: ftp and ssh'/>
+ </rule>
+
+ <!-- allow incoming ICMP (ping) packets -->
+ <rule action='accept' direction='in' priority='300'>
+ <icmp state='NEW' comment='in: icmp'/>
+ </rule>
+
+ <!-- allow outgong DNS lookups -->
+ <rule action='accept' direction='out' priority='300'>
+ <udp dstportstart='53' state='NEW' comment='out: DNS lookups'/>
+ </rule>
+
+ <!-- drop all other traffic -->
+ <rule action='drop' direction='inout' priority='1000'>
+ <all comment='inout: drop all non-accepted traffic'/>
+ </rule>
+
+</filter>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
@@ -0,0 +1,20 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out:
existing and related (ftp) connections */ state RELATED,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out:
DNS lookups */ udp dpt:53 state NEW
+DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* in:
existing connections */ state ESTABLISHED
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* in: ftp
and ssh */ tcp dpts:21:22 state NEW
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* in:
icmp */ state NEW
+DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out:
existing and related (ftp) connections */ state RELATED,ESTABLISHED
+RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out:
DNS lookups */ udp dpt:53 state NEW
+DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
+
2
2