[libvirt] [test-API][PATCH] The patch covers all nwfilter api provided by libvirt.py. It includes define/undefine/list nwfilters and check them via checking ebtables rule. The following new files are added. cases/nwfilter.conf repos/nwfilter/__init__.py repos/nwfilter/nwfilter_check.py * Check the nwfilter via checking ebtales repos/nwfilter/nwfilter_define.py * Define the nwfilter using specified value repos/nwfilter/nwfilter_list.py * List all of the available network filters repos/nwfilter/nwfilter_undef
1:54 a.m.
---
cases/nwfilter.conf | 59 +++++++++++++++++
repos/nwfilter/nwfilter_check.py | 120 +++++++++++++++++++++++++++++++++++
repos/nwfilter/nwfilter_define.py | 54 ++++++++++++++++
repos/nwfilter/nwfilter_list.py | 76 ++++++++++++++++++++++
repos/nwfilter/nwfilter_undefine.py | 43 +++++++++++++
repos/nwfilter/xmls/nwfilter.xml | 3 +
6 files changed, 355 insertions(+), 0 deletions(-)
create mode 100644 cases/nwfilter.conf
create mode 100644 repos/nwfilter/__init__.py
create mode 100644 repos/nwfilter/nwfilter_check.py
create mode 100644 repos/nwfilter/nwfilter_define.py
create mode 100644 repos/nwfilter/nwfilter_list.py
create mode 100644 repos/nwfilter/nwfilter_undefine.py
create mode 100644 repos/nwfilter/xmls/nwfilter.xml
diff --git a/cases/nwfilter.conf b/cases/nwfilter.conf
new file mode 100644
index 0000000..b394ee5
--- /dev/null
+++ b/cases/nwfilter.conf
@@ -0,0 +1,59 @@
+domain:install_linux_cdrom
+ guestname
+ $defaultname
+ guestos
+ $defaultos
+ guestarch
+ $defaultarch
+ vcpu
+ $defaultvcpu
+ memory
+ $defaultmem
+ hddriver
+ $defaulthd
+ nicdriver
+ $defaultnic
+ imageformat
+ qcow2
+ macaddr
+ 54:52:00:4a:16:30
+
+nwfilter:nwfilter_list
+
+# chain -- ipv4, ipv6, arp .etc
+# action -- mandatory; drop, accept, return
+# direction -- mandatory; must either be in, out or inout
+nwfilter:nwfilter_define
+ nwfiltername
+ disallow-arp
+ chain
+ arp
+ action
+ drop
+ direction
+ inout
+
+nwfilter:nwfilter_list
+
+nwfilter:nwfilter_check
+ nwfiltername
+ disallow-arp
+ guestname
+ $defaultname
+
+nwfilter:nwfilter_define
+ nwfiltername
+ disallow-ipv6
+ chain
+ ipv6
+ action
+ drop
+ direction
+ in
+
+nwfilter:nwfilter_undefine
+ nwfiltername
+ disallow-ipv6
+
+nwfilter:nwfilter_list
+
diff --git a/repos/nwfilter/__init__.py b/repos/nwfilter/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/repos/nwfilter/nwfilter_check.py b/repos/nwfilter/nwfilter_check.py
new file mode 100644
index 0000000..b2c7ece
--- /dev/null
+++ b/repos/nwfilter/nwfilter_check.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python
+import time
+import xml.dom.minidom
+
+from libvirt import libvirtError
+from utils import utils
+from xml.dom import minidom
+
+from src import sharedmod
+
+required_params = ('nwfiltername','guestname',)
+optional_params = {}
+
+EBTABLES = "ebtables -t nat -L"
+
+def get_ebtables():
+ """ Get the output of ebtables """
+ (status, output) = utils.exec_cmd(EBTABLES,shell=True)
+ logger.info("Execute command:" + EBTABLES)
+ ebtables_list = []
+
+ if status:
+ logger.error("Executing " + EBTABLES + " failed")
+ logger.error(output)
+ return False
+ else:
+ for i in range(len(output)):
+ ebtables_list.append(output[i])
+ logger.info("Get the output of ebtables list: %s" \
+ % ebtables_list)
+
+ return ebtables_list
+
+def check_ebtables(*args):
+ """ Check the ebtables """
+ (nwfiltername,conn)= args
+ ebtables_list = get_ebtables()
+
+ #Get the filter' attribute value
+ nwfilter_xml = conn.nwfilterLookupByName(nwfiltername).XMLDesc(0)
+ nwfilter_parsedxml = minidom.parseString(nwfilter_xml)
+ chain = nwfilter_parsedxml.getElementsByTagName("filter")[0].\
+ getAttribute("chain")
+ rule = nwfilter_parsedxml.getElementsByTagName("rule")[0]
+ action = rule.getAttribute("action").upper()
+ direction = rule.getAttribute("direction")
+ logger.info("The nwfilter chain:%s ,action:%s ,direction:%s " %\
+ (chain,action,direction) )
+ in_vnet_chain = "I-vnet0-" + chain
+ out_vnet_chain = "O-vnet0-" + chain
+
+ if cmp(direction,"inout") == 0 :
+ if len(ebtables_list) == 21 and in_vnet_chain in ebtables_list[-5]\
+ and out_vnet_chain in ebtables_list[-2] \
+ and action in ebtables_list[-1] \
+ and action in ebtables_list[-4]:
+ return True
+ else:
+ return False
+ elif cmp(direction,"in") == 0:
+ if len(ebtables_list) == 14 and out_vnet_chain in ebtables_list[-2]\
+ and action in ebtables_list[-1]:
+ return True
+ else:
+ return False
+
+ elif cmp(direction,"out") == 0:
+ if len(ebtables_list) == 14 and in_vnet_chain in ebtables_list[-2] \
+ and action in ebtables_list[-1]:
+ return True
+ else:
+ return False
+
+def nwfilter_check(params):
+ """Check the nwfilter via checking ebtales"""
+ global logger
+ logger = params['logger']
+ nwfiltername = params['nwfiltername']
+ guestname = params['guestname']
+ domain_nwfilter_xml = ""
+
+ conn = sharedmod.libvirtobj['conn']
+ domobj = conn.lookupByName(guestname)
+
+ try:
+
+ #Create the nwfilter's element and append it to domain xml
+ domxml = domobj.XMLDesc(0)
+ domain_parsedxml = minidom.parseString(domxml)
+ domain_ifxml = domain_parsedxml.getElementsByTagName("interface")
+ filterxml = domain_parsedxml.createElement("filterref")
+ filterxml.setAttribute("filter", nwfiltername)
+ domain_ifxml[0].appendChild(filterxml)
+
+ #Destroy the domain and redefine it with nwfilter
+ domobj.destroy()
+ time.sleep(5)
+ domobj.undefine()
+
+ #Define the new domain with the nwfilter
+ dom_nwfilter = conn.defineXML(domain_parsedxml.toxml())
+ logger.debug("The xml of new defined domain with nwfilter %s" % \
+ dom_nwfilter.XMLDesc(0))
+
+ #Start the new defined domain
+ dom_nwfilter.create()
+ time.sleep(5)
+
+ if check_ebtables(nwfiltername,conn):
+ logger.info("Successfully create nwfilter")
+ return 0
+ else:
+ logger.error("Failed to create nwfilter")
+ return 1
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
\ No newline at end of file
diff --git a/repos/nwfilter/nwfilter_define.py b/repos/nwfilter/nwfilter_define.py
new file mode 100644
index 0000000..e20fd2d
--- /dev/null
+++ b/repos/nwfilter/nwfilter_define.py
@@ -0,0 +1,54 @@
+#! /usr/bin/env python
+
+
+
+from libvirt import libvirtError
+from src import sharedmod
+
+
+required_params =
('nwfiltername','chain','action','direction')
+optional_params = {'xml' : 'xmls/nwfilter.xml',}
+
+def nwfilter_define(params):
+ """ Define network filters."""
+ logger = params['logger']
+ conn = sharedmod.libvirtobj['conn']
+ xmlstr = params['xml']
+ nwfiltername = params['nwfiltername']
+ chain = params['chain']
+ action = params['action']
+ direction = params['direction']
+
+
+ xmlstr = xmlstr.replace('NWFILTERNAME', nwfiltername)
+ xmlstr = xmlstr.replace('CHAIN', chain)
+ xmlstr = xmlstr.replace('ACTION', action)
+ xmlstr = xmlstr.replace('DIRECTION', direction)
+ try:
+ logger.info("nwfiltername:%s chain:%s action:%s direction:%s" % \
+ (nwfiltername,chain,action,direction))
+ logger.info("The nwfilter's xml is %s" % xmlstr)
+
+ #Define the nwfilter with given attribute value from
nwfilter.conf"""
+ conn.nwfilterDefineXML(xmlstr)
+ nwfilterxml = conn.nwfilterLookupByName(nwfiltername).XMLDesc(0)
+
+ if nwfiltername in conn.listNWFilters():
+ logger.info("The nwfilter list includes the defined nwfilter")
+ if cmp(xmlstr,nwfilterxml):
+ logger.info("Successfully define the nwfilter %s" % \
+ nwfiltername)
+ return 0
+ else:
+ logger.error("Fail to define the nwfilter %s" % nwfiltername)
+ return 1
+ else:
+ logger.error("Failed,nwfilter list doesn't include the defined \
+ nwfilter")
+ return 1
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
\ No newline at end of file
diff --git a/repos/nwfilter/nwfilter_list.py b/repos/nwfilter/nwfilter_list.py
new file mode 100644
index 0000000..056ee1f
--- /dev/null
+++ b/repos/nwfilter/nwfilter_list.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+
+from libvirt import libvirtError
+from utils import utils
+
+from src import sharedmod
+
+required_params = ()
+optional_params = {}
+
+NWFILTER_LIST_API_DIR = "ls /etc/libvirt/nwfilter"
+
+def get_nwfilterlist_dir():
+ """ Get the nwfilter list from dir """
+
+ (status, output) = utils.exec_cmd(NWFILTER_LIST_API_DIR,shell=True)
+ logger.info("Execute command:" + NWFILTER_LIST_API_DIR)
+ nwfilter_list_api_dir = []
+ if status:
+ logger.error("Executing " + NWFILTER_LIST_API_DIR + "
failed")
+ logger.error(output)
+ return False
+ else:
+ for i in range(len(output)):
+ nwfilter_list_api_dir.append(output[i][:-4])
+ logger.info("Get nwfilters name list under dir: %s" \
+ % nwfilter_list_api_dir)
+ return nwfilter_list_api_dir
+
+def nwfilter_list(params):
+ """ List all of the available network filters."""
+ global logger
+ logger = params['logger']
+ conn = sharedmod.libvirtobj['conn']
+
+ try:
+ #Get the nwfilter name list from API """
+ nwfilter_namelist_api = conn.listNWFilters()
+
+ #Get the nwfilter object list
+ nwfilter_list_api = conn.listAllNWFilters(0)
+ logger.info("The connection URI %s" % \
+ nwfilter_list_api[0].connect().getURI())
+
+ #Get the number of nwfilters from API
+ nwfilter_num = conn.numOfNWFilters()
+
+ nwfilter_list_dir = get_nwfilterlist_dir()
+ if nwfilter_num == len(nwfilter_list_api) and \
+ len(nwfilter_list_api) == len(nwfilter_list_dir) and \
+ cmp(nwfilter_namelist_api,nwfilter_list_dir):
+ logger.info("The number of available network filters is %s" % \
+ nwfilter_num)
+ else:
+ logger.error("Failed to get the nwfilters list")
+ return 1
+
+ for nwfilter_item in nwfilter_list_api:
+ if nwfilter_item.name()in nwfilter_list_dir and \
+ nwfilter_item.name()in nwfilter_namelist_api:
+ logger.info("The name is %s" % nwfilter_item.name())
+ else:
+ logger.error("Failed to get nwfilter's name.")
+ return 1
+ if cmp(str(nwfilter_item.UUID()),nwfilter_item.UUIDString()):
+ logger.info("The UUID is %s" % nwfilter_item.UUIDString())
+ else:
+ logger.error("Failed to get nwfilter's uuid.")
+ return 1
+
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
\ No newline at end of file
diff --git a/repos/nwfilter/nwfilter_undefine.py b/repos/nwfilter/nwfilter_undefine.py
new file mode 100644
index 0000000..b9ea332
--- /dev/null
+++ b/repos/nwfilter/nwfilter_undefine.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+from libvirt import libvirtError
+
+from src import sharedmod
+
+required_params = ('nwfiltername',)
+optional_params = {}
+
+def nwfilter_undefine(params):
+ """Undefine the specified nwfilter"""
+ logger = params['logger']
+ nwfiltername = params['nwfiltername']
+ conn = sharedmod.libvirtobj['conn']
+
+ try:
+ nwfilter = conn.nwfilterLookupByName(nwfiltername)
+ uuidstr = nwfilter.UUIDString()
+ uuid = nwfilter.UUID()
+ # Lookup by nwfilter's uuid string
+ nwfilter_uuidstr = conn.nwfilterLookupByUUIDString(uuidstr)
+ # Lookup by nwfilter's uuid
+ nwfilter_uuid = conn.nwfilterLookupByUUID(uuid)
+
+ # Check if the nwfilter lookup by name/uuid/uuidstr is the same one
+ if cmp(nwfilter,nwfilter_uuidstr) and cmp(nwfilter_uuidstr,\
+ nwfilter_uuid):
+ # Undefine the nwfilter
+ nwfilter.undefine()
+ # Check if the nwfiler list includes the undefined nwfilter
+ if nwfiltername not in conn.listNWFilters():
+ logger.info("Successfully undefine the nwfilter %s" % \
+ nwfiltername)
+ return 0
+ else:
+ logger.error("Failed to undefine the nwfilter %s" % nwfiltername)
+ return 1
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
diff --git a/repos/nwfilter/xmls/nwfilter.xml b/repos/nwfilter/xmls/nwfilter.xml
new file mode 100644
index 0000000..6d52d5d
--- /dev/null
+++ b/repos/nwfilter/xmls/nwfilter.xml
@@ -0,0 +1,3 @@
+<filter name='NWFILTERNAME' chain='CHAIN'>
+ <rule action='ACTION' direction='DIRECTION'
priority='500'/>
+</filter>
--
1.7.7.6
4:53 a.m.
New subject: [libvirt] [test-API][PATCH] The patch covers all nwfilter api provided by libvirt.py. It includes define/undefine/list nwfilters and check them via checking ebtables rule. The following new files are added. cases/nwfilter.conf repos/nwfilter/__init__.py repos/nwfilter/nwfilter_check.py * Check the nwfilter via checking ebtales repos/nwfilter/nwfilter_define.py * Define the nwfilter using specified value repos/nwfilter/nwfilter_list.py * List all of the available network filters repos/nwfilter/nwfilter_u
On 2013年03月18日 14:54, hongming wrote:
Can you shorten the patch subject? And add the sentences in the commit
log instead?
---
cases/nwfilter.conf | 59 +++++++++++++++++
repos/nwfilter/nwfilter_check.py | 120 +++++++++++++++++++++++++++++++++++
repos/nwfilter/nwfilter_define.py | 54 ++++++++++++++++
repos/nwfilter/nwfilter_list.py | 76 ++++++++++++++++++++++
repos/nwfilter/nwfilter_undefine.py | 43 +++++++++++++
repos/nwfilter/xmls/nwfilter.xml | 3 +
6 files changed, 355 insertions(+), 0 deletions(-)
create mode 100644 cases/nwfilter.conf
create mode 100644 repos/nwfilter/__init__.py
create mode 100644 repos/nwfilter/nwfilter_check.py
create mode 100644 repos/nwfilter/nwfilter_define.py
create mode 100644 repos/nwfilter/nwfilter_list.py
create mode 100644 repos/nwfilter/nwfilter_undefine.py
create mode 100644 repos/nwfilter/xmls/nwfilter.xml
diff --git a/cases/nwfilter.conf b/cases/nwfilter.conf
new file mode 100644
index 0000000..b394ee5
--- /dev/null
+++ b/cases/nwfilter.conf
@@ -0,0 +1,59 @@
+domain:install_linux_cdrom
+ guestname
+ $defaultname
+ guestos
+ $defaultos
+ guestarch
+ $defaultarch
+ vcpu
+ $defaultvcpu
+ memory
+ $defaultmem
+ hddriver
+ $defaulthd
+ nicdriver
+ $defaultnic
+ imageformat
+ qcow2
+ macaddr
+ 54:52:00:4a:16:30
+
+nwfilter:nwfilter_list
+
+# chain -- ipv4, ipv6, arp .etc
+# action -- mandatory; drop, accept, return
+# direction -- mandatory; must either be in, out or inout
+nwfilter:nwfilter_define
+ nwfiltername
+ disallow-arp
+ chain
+ arp
+ action
+ drop
+ direction
+ inout
+
+nwfilter:nwfilter_list
+
+nwfilter:nwfilter_check
+ nwfiltername
+ disallow-arp
+ guestname
+ $defaultname
+
+nwfilter:nwfilter_define
+ nwfiltername
+ disallow-ipv6
+ chain
+ ipv6
+ action
+ drop
+ direction
+ in
+
+nwfilter:nwfilter_undefine
+ nwfiltername
+ disallow-ipv6
+
+nwfilter:nwfilter_list
+
diff --git a/repos/nwfilter/__init__.py b/repos/nwfilter/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/repos/nwfilter/nwfilter_check.py b/repos/nwfilter/nwfilter_check.py
new file mode 100644
index 0000000..b2c7ece
--- /dev/null
+++ b/repos/nwfilter/nwfilter_check.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python
+import time
+import xml.dom.minidom
+
+from libvirt import libvirtError
+from utils import utils
+from xml.dom import minidom
+
+from src import sharedmod
+
+required_params = ('nwfiltername','guestname',)
+optional_params = {}
+
+EBTABLES = "ebtables -t nat -L"
+
+def get_ebtables():
+ """ Get the output of ebtables """
+ (status, output) = utils.exec_cmd(EBTABLES,shell=True)
+ logger.info("Execute command:" + EBTABLES)
+ ebtables_list = []
+
+ if status:
+ logger.error("Executing " + EBTABLES + " failed")
+ logger.error(output)
+ return False
+ else:
+ for i in range(len(output)):
+ ebtables_list.append(output[i])
+ logger.info("Get the output of ebtables list: %s" \
+ % ebtables_list)
+
+ return ebtables_list
+
+def check_ebtables(*args):
+ """ Check the ebtables """
+ (nwfiltername,conn)= args
+ ebtables_list = get_ebtables()
+
+ #Get the filter' attribute value
+ nwfilter_xml = conn.nwfilterLookupByName(nwfiltername).XMLDesc(0)
+ nwfilter_parsedxml = minidom.parseString(nwfilter_xml)
+ chain = nwfilter_parsedxml.getElementsByTagName("filter")[0].\
+ getAttribute("chain")
+ rule = nwfilter_parsedxml.getElementsByTagName("rule")[0]
+ action = rule.getAttribute("action").upper()
+ direction = rule.getAttribute("direction")
+ logger.info("The nwfilter chain:%s ,action:%s ,direction:%s " %\
+ (chain,action,direction) )
+ in_vnet_chain = "I-vnet0-" + chain
+ out_vnet_chain = "O-vnet0-" + chain
+
+ if cmp(direction,"inout") == 0 :
+ if len(ebtables_list) == 21 and in_vnet_chain in ebtables_list[-5]\
+ and out_vnet_chain in ebtables_list[-2] \
+ and action in ebtables_list[-1] \
+ and action in ebtables_list[-4]:
+ return True
+ else:
+ return False
+ elif cmp(direction,"in") == 0:
+ if len(ebtables_list) == 14 and out_vnet_chain in ebtables_list[-2]\
+ and action in ebtables_list[-1]:
+ return True
+ else:
+ return False
+
+ elif cmp(direction,"out") == 0:
+ if len(ebtables_list) == 14 and in_vnet_chain in ebtables_list[-2] \
+ and action in ebtables_list[-1]:
+ return True
+ else:
+ return False
+
+def nwfilter_check(params):
+ """Check the nwfilter via checking ebtales"""
+ global logger
+ logger = params['logger']
+ nwfiltername = params['nwfiltername']
+ guestname = params['guestname']
+ domain_nwfilter_xml = ""
+
+ conn = sharedmod.libvirtobj['conn']
+ domobj = conn.lookupByName(guestname)
+
+ try:
+
+ #Create the nwfilter's element and append it to domain xml
+ domxml = domobj.XMLDesc(0)
+ domain_parsedxml = minidom.parseString(domxml)
+ domain_ifxml = domain_parsedxml.getElementsByTagName("interface")
+ filterxml = domain_parsedxml.createElement("filterref")
+ filterxml.setAttribute("filter", nwfiltername)
+ domain_ifxml[0].appendChild(filterxml)
+
+ #Destroy the domain and redefine it with nwfilter
+ domobj.destroy()
+ time.sleep(5)
+ domobj.undefine()
+
+ #Define the new domain with the nwfilter
+ dom_nwfilter = conn.defineXML(domain_parsedxml.toxml())
+ logger.debug("The xml of new defined domain with nwfilter %s" % \
+ dom_nwfilter.XMLDesc(0))
+
+ #Start the new defined domain
+ dom_nwfilter.create()
+ time.sleep(5)
+
+ if check_ebtables(nwfiltername,conn):
+ logger.info("Successfully create nwfilter")
+ return 0
+ else:
+ logger.error("Failed to create nwfilter")
+ return 1
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
\ No newline at end of file
diff --git a/repos/nwfilter/nwfilter_define.py b/repos/nwfilter/nwfilter_define.py
new file mode 100644
index 0000000..e20fd2d
--- /dev/null
+++ b/repos/nwfilter/nwfilter_define.py
@@ -0,0 +1,54 @@
+#! /usr/bin/env python
+
+
+
+from libvirt import libvirtError
+from src import sharedmod
+
+
+required_params =
('nwfiltername','chain','action','direction')
+optional_params = {'xml' : 'xmls/nwfilter.xml',}
+
+def nwfilter_define(params):
+ """ Define network filters."""
+ logger = params['logger']
+ conn = sharedmod.libvirtobj['conn']
+ xmlstr = params['xml']
+ nwfiltername = params['nwfiltername']
+ chain = params['chain']
+ action = params['action']
+ direction = params['direction']
+
+
+ xmlstr = xmlstr.replace('NWFILTERNAME', nwfiltername)
+ xmlstr = xmlstr.replace('CHAIN', chain)
+ xmlstr = xmlstr.replace('ACTION', action)
+ xmlstr = xmlstr.replace('DIRECTION', direction)
+ try:
+ logger.info("nwfiltername:%s chain:%s action:%s direction:%s" % \
+ (nwfiltername,chain,action,direction))
+ logger.info("The nwfilter's xml is %s" % xmlstr)
+
+ #Define the nwfilter with given attribute value from
nwfilter.conf"""
+ conn.nwfilterDefineXML(xmlstr)
+ nwfilterxml = conn.nwfilterLookupByName(nwfiltername).XMLDesc(0)
+
+ if nwfiltername in conn.listNWFilters():
+ logger.info("The nwfilter list includes the defined nwfilter")
+ if cmp(xmlstr,nwfilterxml):
+ logger.info("Successfully define the nwfilter %s" % \
+ nwfiltername)
+ return 0
+ else:
+ logger.error("Fail to define the nwfilter %s" % nwfiltername)
+ return 1
+ else:
+ logger.error("Failed,nwfilter list doesn't include the defined \
+ nwfilter")
+ return 1
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
\ No newline at end of file
diff --git a/repos/nwfilter/nwfilter_list.py b/repos/nwfilter/nwfilter_list.py
new file mode 100644
index 0000000..056ee1f
--- /dev/null
+++ b/repos/nwfilter/nwfilter_list.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+
+from libvirt import libvirtError
+from utils import utils
+
+from src import sharedmod
+
+required_params = ()
+optional_params = {}
+
+NWFILTER_LIST_API_DIR = "ls /etc/libvirt/nwfilter"
+
+def get_nwfilterlist_dir():
+ """ Get the nwfilter list from dir """
+
+ (status, output) = utils.exec_cmd(NWFILTER_LIST_API_DIR,shell=True)
+ logger.info("Execute command:" + NWFILTER_LIST_API_DIR)
+ nwfilter_list_api_dir = []
+ if status:
+ logger.error("Executing " + NWFILTER_LIST_API_DIR + "
failed")
+ logger.error(output)
+ return False
+ else:
+ for i in range(len(output)):
+ nwfilter_list_api_dir.append(output[i][:-4])
+ logger.info("Get nwfilters name list under dir: %s" \
+ % nwfilter_list_api_dir)
+ return nwfilter_list_api_dir
+
+def nwfilter_list(params):
+ """ List all of the available network filters."""
+ global logger
+ logger = params['logger']
+ conn = sharedmod.libvirtobj['conn']
+
+ try:
+ #Get the nwfilter name list from API """
+ nwfilter_namelist_api = conn.listNWFilters()
+
+ #Get the nwfilter object list
+ nwfilter_list_api = conn.listAllNWFilters(0)
+ logger.info("The connection URI %s" % \
+ nwfilter_list_api[0].connect().getURI())
+
+ #Get the number of nwfilters from API
+ nwfilter_num = conn.numOfNWFilters()
+
+ nwfilter_list_dir = get_nwfilterlist_dir()
+ if nwfilter_num == len(nwfilter_list_api) and \
+ len(nwfilter_list_api) == len(nwfilter_list_dir) and \
+ cmp(nwfilter_namelist_api,nwfilter_list_dir):
+ logger.info("The number of available network filters is %s" % \
+ nwfilter_num)
+ else:
+ logger.error("Failed to get the nwfilters list")
+ return 1
+
+ for nwfilter_item in nwfilter_list_api:
+ if nwfilter_item.name()in nwfilter_list_dir and \
+ nwfilter_item.name()in nwfilter_namelist_api:
+ logger.info("The name is %s" % nwfilter_item.name())
+ else:
+ logger.error("Failed to get nwfilter's name.")
+ return 1
+ if cmp(str(nwfilter_item.UUID()),nwfilter_item.UUIDString()):
+ logger.info("The UUID is %s" % nwfilter_item.UUIDString())
+ else:
+ logger.error("Failed to get nwfilter's uuid.")
+ return 1
+
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
\ No newline at end of file
diff --git a/repos/nwfilter/nwfilter_undefine.py b/repos/nwfilter/nwfilter_undefine.py
new file mode 100644
index 0000000..b9ea332
--- /dev/null
+++ b/repos/nwfilter/nwfilter_undefine.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+from libvirt import libvirtError
+
+from src import sharedmod
+
+required_params = ('nwfiltername',)
+optional_params = {}
+
+def nwfilter_undefine(params):
+ """Undefine the specified nwfilter"""
+ logger = params['logger']
+ nwfiltername = params['nwfiltername']
+ conn = sharedmod.libvirtobj['conn']
+
+ try:
+ nwfilter = conn.nwfilterLookupByName(nwfiltername)
+ uuidstr = nwfilter.UUIDString()
+ uuid = nwfilter.UUID()
+ # Lookup by nwfilter's uuid string
+ nwfilter_uuidstr = conn.nwfilterLookupByUUIDString(uuidstr)
+ # Lookup by nwfilter's uuid
+ nwfilter_uuid = conn.nwfilterLookupByUUID(uuid)
+
+ # Check if the nwfilter lookup by name/uuid/uuidstr is the same one
+ if cmp(nwfilter,nwfilter_uuidstr) and cmp(nwfilter_uuidstr,\
+ nwfilter_uuid):
+ # Undefine the nwfilter
+ nwfilter.undefine()
+ # Check if the nwfiler list includes the undefined nwfilter
+ if nwfiltername not in conn.listNWFilters():
+ logger.info("Successfully undefine the nwfilter %s" % \
+ nwfiltername)
+ return 0
+ else:
+ logger.error("Failed to undefine the nwfilter %s" %
nwfiltername)
+ return 1
+
+ except libvirtError, e:
+ logger.error("API error message: %s" % e.message)
+ return 1
+
+ return 0
diff --git a/repos/nwfilter/xmls/nwfilter.xml b/repos/nwfilter/xmls/nwfilter.xml
new file mode 100644
index 0000000..6d52d5d
--- /dev/null
+++ b/repos/nwfilter/xmls/nwfilter.xml
@@ -0,0 +1,3 @@
+<filter name='NWFILTERNAME' chain='CHAIN'>
+<rule action='ACTION' direction='DIRECTION'
priority='500'/>
+</filter>
8:22 p.m.
New subject: [libvirt] [test-API][PATCH] The patch covers all nwfilter api provided by libvirt.py. It includes define/undefine/list nwfilters and check them via checking ebtables rule. The following new files are added. cases/nwfilter.conf repos/nwfilter/__init__.py repos/nwfilter/nwfilter_check.py * Check the nwfilter via checking ebtales repos/nwfilter/nwfilter_define.py * Define the nwfilter using specified value repos/nwfilter/nwfilter_list.py * List all of the available network filters repos/nwfilter/nwfilter_u
On 03/18/2013 05:53 PM, Osier Yang wrote:
On 2013年03月18日 14:54, hongming wrote:
Can you shorten the patch subject? And add the sentences in the commit
log instead?
Sorry , Please ignore the patch . I made a mistake when generate patch .
I send another patch with subject - Add nwfilter test cases and conf
> ---
> cases/nwfilter.conf | 59 +++++++++++++++++
> repos/nwfilter/nwfilter_check.py | 120
> +++++++++++++++++++++++++++++++++++
> repos/nwfilter/nwfilter_define.py | 54 ++++++++++++++++
> repos/nwfilter/nwfilter_list.py | 76 ++++++++++++++++++++++
> repos/nwfilter/nwfilter_undefine.py | 43 +++++++++++++
> repos/nwfilter/xmls/nwfilter.xml | 3 +
> 6 files changed, 355 insertions(+), 0 deletions(-)
> create mode 100644 cases/nwfilter.conf
> create mode 100644 repos/nwfilter/__init__.py
> create mode 100644 repos/nwfilter/nwfilter_check.py
> create mode 100644 repos/nwfilter/nwfilter_define.py
> create mode 100644 repos/nwfilter/nwfilter_list.py
> create mode 100644 repos/nwfilter/nwfilter_undefine.py
> create mode 100644 repos/nwfilter/xmls/nwfilter.xml
>
> diff --git a/cases/nwfilter.conf b/cases/nwfilter.conf
> new file mode 100644
> index 0000000..b394ee5
> --- /dev/null
> +++ b/cases/nwfilter.conf
> @@ -0,0 +1,59 @@
> +domain:install_linux_cdrom
> + guestname
> + $defaultname
> + guestos
> + $defaultos
> + guestarch
> + $defaultarch
> + vcpu
> + $defaultvcpu
> + memory
> + $defaultmem
> + hddriver
> + $defaulthd
> + nicdriver
> + $defaultnic
> + imageformat
> + qcow2
> + macaddr
> + 54:52:00:4a:16:30
> +
> +nwfilter:nwfilter_list
> +
> +# chain -- ipv4, ipv6, arp .etc
> +# action -- mandatory; drop, accept, return
> +# direction -- mandatory; must either be in, out or inout
> +nwfilter:nwfilter_define
> + nwfiltername
> + disallow-arp
> + chain
> + arp
> + action
> + drop
> + direction
> + inout
> +
> +nwfilter:nwfilter_list
> +
> +nwfilter:nwfilter_check
> + nwfiltername
> + disallow-arp
> + guestname
> + $defaultname
> +
> +nwfilter:nwfilter_define
> + nwfiltername
> + disallow-ipv6
> + chain
> + ipv6
> + action
> + drop
> + direction
> + in
> +
> +nwfilter:nwfilter_undefine
> + nwfiltername
> + disallow-ipv6
> +
> +nwfilter:nwfilter_list
> +
> diff --git a/repos/nwfilter/__init__.py b/repos/nwfilter/__init__.py
> new file mode 100644
> index 0000000..e69de29
> diff --git a/repos/nwfilter/nwfilter_check.py
> b/repos/nwfilter/nwfilter_check.py
> new file mode 100644
> index 0000000..b2c7ece
> --- /dev/null
> +++ b/repos/nwfilter/nwfilter_check.py
> @@ -0,0 +1,120 @@
> +#!/usr/bin/env python
> +import time
> +import xml.dom.minidom
> +
> +from libvirt import libvirtError
> +from utils import utils
> +from xml.dom import minidom
> +
> +from src import sharedmod
> +
> +required_params = ('nwfiltername','guestname',)
> +optional_params = {}
> +
> +EBTABLES = "ebtables -t nat -L"
> +
> +def get_ebtables():
> + """ Get the output of ebtables """
> + (status, output) = utils.exec_cmd(EBTABLES,shell=True)
> + logger.info("Execute command:" + EBTABLES)
> + ebtables_list = []
> +
> + if status:
> + logger.error("Executing " + EBTABLES + " failed")
> + logger.error(output)
> + return False
> + else:
> + for i in range(len(output)):
> + ebtables_list.append(output[i])
> + logger.info("Get the output of ebtables list: %s" \
> + % ebtables_list)
> +
> + return ebtables_list
> +
> +def check_ebtables(*args):
> + """ Check the ebtables """
> + (nwfiltername,conn)= args
> + ebtables_list = get_ebtables()
> +
> + #Get the filter' attribute value
> + nwfilter_xml = conn.nwfilterLookupByName(nwfiltername).XMLDesc(0)
> + nwfilter_parsedxml = minidom.parseString(nwfilter_xml)
> + chain = nwfilter_parsedxml.getElementsByTagName("filter")[0].\
> + getAttribute("chain")
> + rule = nwfilter_parsedxml.getElementsByTagName("rule")[0]
> + action = rule.getAttribute("action").upper()
> + direction = rule.getAttribute("direction")
> + logger.info("The nwfilter chain:%s ,action:%s ,direction:%s " %\
> + (chain,action,direction) )
> + in_vnet_chain = "I-vnet0-" + chain
> + out_vnet_chain = "O-vnet0-" + chain
> +
> + if cmp(direction,"inout") == 0 :
> + if len(ebtables_list) == 21 and in_vnet_chain in
> ebtables_list[-5]\
> + and out_vnet_chain in ebtables_list[-2] \
> + and action in ebtables_list[-1] \
> + and action in ebtables_list[-4]:
> + return True
> + else:
> + return False
> + elif cmp(direction,"in") == 0:
> + if len(ebtables_list) == 14 and out_vnet_chain in
> ebtables_list[-2]\
> + and action in ebtables_list[-1]:
> + return True
> + else:
> + return False
> +
> + elif cmp(direction,"out") == 0:
> + if len(ebtables_list) == 14 and in_vnet_chain in
> ebtables_list[-2] \
> + and action in ebtables_list[-1]:
> + return True
> + else:
> + return False
> +
> +def nwfilter_check(params):
> + """Check the nwfilter via checking ebtales"""
> + global logger
> + logger = params['logger']
> + nwfiltername = params['nwfiltername']
> + guestname = params['guestname']
> + domain_nwfilter_xml = ""
> +
> + conn = sharedmod.libvirtobj['conn']
> + domobj = conn.lookupByName(guestname)
> +
> + try:
> +
> + #Create the nwfilter's element and append it to domain xml
> + domxml = domobj.XMLDesc(0)
> + domain_parsedxml = minidom.parseString(domxml)
> + domain_ifxml =
> domain_parsedxml.getElementsByTagName("interface")
> + filterxml = domain_parsedxml.createElement("filterref")
> + filterxml.setAttribute("filter", nwfiltername)
> + domain_ifxml[0].appendChild(filterxml)
> +
> + #Destroy the domain and redefine it with nwfilter
> + domobj.destroy()
> + time.sleep(5)
> + domobj.undefine()
> +
> + #Define the new domain with the nwfilter
> + dom_nwfilter = conn.defineXML(domain_parsedxml.toxml())
> + logger.debug("The xml of new defined domain with nwfilter
> %s" % \
> + dom_nwfilter.XMLDesc(0))
> +
> + #Start the new defined domain
> + dom_nwfilter.create()
> + time.sleep(5)
> +
> + if check_ebtables(nwfiltername,conn):
> + logger.info("Successfully create nwfilter")
> + return 0
> + else:
> + logger.error("Failed to create nwfilter")
> + return 1
> +
> + except libvirtError, e:
> + logger.error("API error message: %s" % e.message)
> + return 1
> +
> + return 0
> \ No newline at end of file
> diff --git a/repos/nwfilter/nwfilter_define.py
> b/repos/nwfilter/nwfilter_define.py
> new file mode 100644
> index 0000000..e20fd2d
> --- /dev/null
> +++ b/repos/nwfilter/nwfilter_define.py
> @@ -0,0 +1,54 @@
> +#! /usr/bin/env python
> +
> +
> +
> +from libvirt import libvirtError
> +from src import sharedmod
> +
> +
> +required_params =
('nwfiltername','chain','action','direction')
> +optional_params = {'xml' : 'xmls/nwfilter.xml',}
> +
> +def nwfilter_define(params):
> + """ Define network filters."""
> + logger = params['logger']
> + conn = sharedmod.libvirtobj['conn']
> + xmlstr = params['xml']
> + nwfiltername = params['nwfiltername']
> + chain = params['chain']
> + action = params['action']
> + direction = params['direction']
> +
> +
> + xmlstr = xmlstr.replace('NWFILTERNAME', nwfiltername)
> + xmlstr = xmlstr.replace('CHAIN', chain)
> + xmlstr = xmlstr.replace('ACTION', action)
> + xmlstr = xmlstr.replace('DIRECTION', direction)
> + try:
> + logger.info("nwfiltername:%s chain:%s action:%s
> direction:%s" % \
> + (nwfiltername,chain,action,direction))
> + logger.info("The nwfilter's xml is %s" % xmlstr)
> +
> + #Define the nwfilter with given attribute value from
> nwfilter.conf"""
> + conn.nwfilterDefineXML(xmlstr)
> + nwfilterxml =
> conn.nwfilterLookupByName(nwfiltername).XMLDesc(0)
> +
> + if nwfiltername in conn.listNWFilters():
> + logger.info("The nwfilter list includes the defined
> nwfilter")
> + if cmp(xmlstr,nwfilterxml):
> + logger.info("Successfully define the nwfilter %s" % \
> + nwfiltername)
> + return 0
> + else:
> + logger.error("Fail to define the nwfilter %s" %
> nwfiltername)
> + return 1
> + else:
> + logger.error("Failed,nwfilter list doesn't include the
> defined \
> + nwfilter")
> + return 1
> +
> + except libvirtError, e:
> + logger.error("API error message: %s" % e.message)
> + return 1
> +
> + return 0
> \ No newline at end of file
> diff --git a/repos/nwfilter/nwfilter_list.py
> b/repos/nwfilter/nwfilter_list.py
> new file mode 100644
> index 0000000..056ee1f
> --- /dev/null
> +++ b/repos/nwfilter/nwfilter_list.py
> @@ -0,0 +1,76 @@
> +#!/usr/bin/env python
> +
> +from libvirt import libvirtError
> +from utils import utils
> +
> +from src import sharedmod
> +
> +required_params = ()
> +optional_params = {}
> +
> +NWFILTER_LIST_API_DIR = "ls /etc/libvirt/nwfilter"
> +
> +def get_nwfilterlist_dir():
> + """ Get the nwfilter list from dir """
> +
> + (status, output) = utils.exec_cmd(NWFILTER_LIST_API_DIR,shell=True)
> + logger.info("Execute command:" + NWFILTER_LIST_API_DIR)
> + nwfilter_list_api_dir = []
> + if status:
> + logger.error("Executing " + NWFILTER_LIST_API_DIR + "
failed")
> + logger.error(output)
> + return False
> + else:
> + for i in range(len(output)):
> + nwfilter_list_api_dir.append(output[i][:-4])
> + logger.info("Get nwfilters name list under dir: %s" \
> + % nwfilter_list_api_dir)
> + return nwfilter_list_api_dir
> +
> +def nwfilter_list(params):
> + """ List all of the available network filters."""
> + global logger
> + logger = params['logger']
> + conn = sharedmod.libvirtobj['conn']
> +
> + try:
> + #Get the nwfilter name list from API """
> + nwfilter_namelist_api = conn.listNWFilters()
> +
> + #Get the nwfilter object list
> + nwfilter_list_api = conn.listAllNWFilters(0)
> + logger.info("The connection URI %s" % \
> + nwfilter_list_api[0].connect().getURI())
> +
> + #Get the number of nwfilters from API
> + nwfilter_num = conn.numOfNWFilters()
> +
> + nwfilter_list_dir = get_nwfilterlist_dir()
> + if nwfilter_num == len(nwfilter_list_api) and \
> + len(nwfilter_list_api) == len(nwfilter_list_dir) and \
> + cmp(nwfilter_namelist_api,nwfilter_list_dir):
> + logger.info("The number of available network filters is
> %s" % \
> + nwfilter_num)
> + else:
> + logger.error("Failed to get the nwfilters list")
> + return 1
> +
> + for nwfilter_item in nwfilter_list_api:
> + if nwfilter_item.name()in nwfilter_list_dir and \
> + nwfilter_item.name()in nwfilter_namelist_api:
> + logger.info("The name is %s" % nwfilter_item.name())
> + else:
> + logger.error("Failed to get nwfilter's name.")
> + return 1
> + if
> cmp(str(nwfilter_item.UUID()),nwfilter_item.UUIDString()):
> + logger.info("The UUID is %s" %
> nwfilter_item.UUIDString())
> + else:
> + logger.error("Failed to get nwfilter's uuid.")
> + return 1
> +
> +
> + except libvirtError, e:
> + logger.error("API error message: %s" % e.message)
> + return 1
> +
> + return 0
> \ No newline at end of file
> diff --git a/repos/nwfilter/nwfilter_undefine.py
> b/repos/nwfilter/nwfilter_undefine.py
> new file mode 100644
> index 0000000..b9ea332
> --- /dev/null
> +++ b/repos/nwfilter/nwfilter_undefine.py
> @@ -0,0 +1,43 @@
> +#!/usr/bin/env python
> +
> +from libvirt import libvirtError
> +
> +from src import sharedmod
> +
> +required_params = ('nwfiltername',)
> +optional_params = {}
> +
> +def nwfilter_undefine(params):
> + """Undefine the specified nwfilter"""
> + logger = params['logger']
> + nwfiltername = params['nwfiltername']
> + conn = sharedmod.libvirtobj['conn']
> +
> + try:
> + nwfilter = conn.nwfilterLookupByName(nwfiltername)
> + uuidstr = nwfilter.UUIDString()
> + uuid = nwfilter.UUID()
> + # Lookup by nwfilter's uuid string
> + nwfilter_uuidstr = conn.nwfilterLookupByUUIDString(uuidstr)
> + # Lookup by nwfilter's uuid
> + nwfilter_uuid = conn.nwfilterLookupByUUID(uuid)
> +
> + # Check if the nwfilter lookup by name/uuid/uuidstr is the
> same one
> + if cmp(nwfilter,nwfilter_uuidstr) and cmp(nwfilter_uuidstr,\
> + nwfilter_uuid):
> + # Undefine the nwfilter
> + nwfilter.undefine()
> + # Check if the nwfiler list includes the undefined
> nwfilter
> + if nwfiltername not in conn.listNWFilters():
> + logger.info("Successfully undefine the nwfilter %s"
> % \
> + nwfiltername)
> + return 0
> + else:
> + logger.error("Failed to undefine the nwfilter %s" %
> nwfiltername)
> + return 1
> +
> + except libvirtError, e:
> + logger.error("API error message: %s" % e.message)
> + return 1
> +
> + return 0
> diff --git a/repos/nwfilter/xmls/nwfilter.xml
> b/repos/nwfilter/xmls/nwfilter.xml
> new file mode 100644
> index 0000000..6d52d5d
> --- /dev/null
> +++ b/repos/nwfilter/xmls/nwfilter.xml
> @@ -0,0 +1,3 @@
> +<filter name='NWFILTERNAME' chain='CHAIN'>
> +<rule action='ACTION' direction='DIRECTION'
priority='500'/>
> +</filter>
4266
days inactive
4268
days old
2 comments
2 participants
participants (2)
-
hongming -
Osier Yang