I am extending the schema with the recently added connlimit-above attribute and adding a test case to the test suite. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> --- docs/schemas/nwfilter.rng | 5 +++++ tests/nwfilterxml2xmlin/conntrack-test.xml | 14 ++++++++++++++ tests/nwfilterxml2xmlout/conntrack-test.xml | 12 ++++++++++++ tests/nwfilterxml2xmltest.c | 2 ++ 4 files changed, 33 insertions(+) Index: libvirt-acl/docs/schemas/nwfilter.rng =================================================================== --- libvirt-acl.orig/docs/schemas/nwfilter.rng +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -387,6 +387,11 @@ <ref name="sixbitrange"/> </attribute> </optional> + <optional> + <attribute name="connlimit-above"> + <ref name="uint16range"/> + </attribute> + </optional> </interleave> </define> Index: libvirt-acl/tests/nwfilterxml2xmlin/conntrack-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/conntrack-test.xml @@ -0,0 +1,14 @@ +<filter name='testcase' chain='root'> + <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid> + <rule action='drop' direction='out' priority='500'> + <icmp connlimit-above='1'/> + </rule> + <rule action='drop' direction='out' priority='500'> + <tcp connlimit-above='2'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <all/> + </rule> +</filter> + + Index: libvirt-acl/tests/nwfilterxml2xmlout/conntrack-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/conntrack-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid> + <rule action='drop' direction='out' priority='500'> + <icmp connlimit-above='1'/> + </rule> + <rule action='drop' direction='out' priority='500'> + <tcp connlimit-above='2'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <all/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmltest.c =================================================================== --- libvirt-acl.orig/tests/nwfilterxml2xmltest.c +++ libvirt-acl/tests/nwfilterxml2xmltest.c @@ -119,6 +119,8 @@ mymain(int argc, char **argv) DO_TEST("icmp-direction2-test"); DO_TEST("icmp-direction3-test"); + DO_TEST("conntrack-test"); + return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE); }