[libvirt] [PATCH 1/3][TCK] nwfilter: test access to 2 lists in one rule

Test access to 2 lists in one rule --- scripts/nwfilter/nwfilter2vmtest.sh | 6 +++ scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall | 31 +++++++++++++++++ scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml | 6 +++ 3 files changed, 43 insertions(+) Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh +++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh @@ -345,6 +345,12 @@ createVM() { <source bridge='virbr0'/> <filterref filter='${filtername}'> <parameter name='IP' value='${ipaddr}'/> + <parameter name='A' value='1.1.1.1'/> + <parameter name='A' value='2.2.2.2'/> + <parameter name='A' value='3.3.3.3'/> + <parameter name='B' value='80'/> + <parameter name='B' value='90'/> + <parameter name='B' value='80'/> </filterref> <target dev='${vmname}'/> </interface> Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall =================================================================== --- /dev/null +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall @@ -0,0 +1,31 @@ +#iptables -L FI-vnet0 -n +Chain FI-vnet0 (1 references) +target prot opt source destination +RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY +RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY +RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY +#iptables -L FO-vnet0 -n +Chain FO-vnet0 (1 references) +target prot opt source destination +ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL +ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02tcp dpt:90 state ESTABLISHED ctdir ORIGINAL +ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL +#iptables -L HI-vnet0 -n +Chain HI-vnet0 (1 references) +target prot opt source destination +RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY +RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY +RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY +#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " " +HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 +#iptables -L libvirt-in -n | grep vnet0 | tr -s " " +FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 +#iptables -L libvirt-in-post -n | grep vnet0 +ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 +#iptables -L libvirt-out -n | grep vnet0 | tr -s " " +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 + Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml =================================================================== --- /dev/null +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml @@ -0,0 +1,6 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcipaddr='$A' srcportstart='$B' dscp='2'/> + </rule> +</filter>