[libvirt] [TCK][PATCH] nwfilter: test support for TCP flags evaluation
This patch extends an existing test with test cases for the TCP flags. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall | 4 ++++ scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml | 12 ++++++++++++ 2 files changed, 16 insertions(+) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall @@ -10,6 +10,10 @@ target prot opt source ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x3F +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x12 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x00 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x08/0x00 #iptables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml @@ -19,4 +19,16 @@ srcportstart='255' srcportend='256' dstportstart='65535' dstportend='65536'/> </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/ALL'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/SYN,ACK'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='RST/NONE'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='PSH/'/> + </rule> </filter>
On Fri, Apr 01, 2011 at 12:17:32PM -0400, Stefan Berger wrote:
This patch extends an existing test with test cases for the TCP flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
--- scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall | 4 ++++ scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml | 12 ++++++++++++ 2 files changed, 16 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall @@ -10,6 +10,10 @@ target prot opt source ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x3F +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x12 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x00 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x08/0x00 #iptables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml @@ -19,4 +19,16 @@ srcportstart='255' srcportend='256' dstportstart='65535' dstportend='65536'/> </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/ALL'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/SYN,ACK'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='RST/NONE'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='PSH/'/> + </rule> </filter>
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Stefan Berger