[libvirt] [PATCH v1 0/2] Fixes to network filter rules instantiator + XML parser and XML parser test cases
The following two patches fix some problems when instantiating the network filtering rules provided by the test cases in the 2nd patch on a running virtual machine using 'nwfilter-define'. There's one known problem realted to 'dscp' values not being capped at '63'. This will be fixed later. Regards, Stefan
The following issues are fixed in the patch below: - ebtables requires that some of the command line parameters are passed as hex numbers; so have those attributes call a function that prints 16 and 8 bit integers as hex nunbers. - ip6tables requires '--icmpv6-type' rather than '--icmp-type' - ebtables complains about protocol identifiers lower than 0x600, so already discard anything lower than 0x600 in the parser - make the protocol entry types more readable using a #define for its entries - continue parsing a filtering rule even if a faulty entry is encountered; return an error value at the end and let the caller decide what to do with the rule's object - fix an error message Signed-off-by: Stefan Berger <stefanb@us.ibm.com> --- src/conf/nwfilter_conf.c | 131 ++++++++---------------------- src/nwfilter/nwfilter_ebiptables_driver.c | 94 +++++++++++++++++---- 2 files changed, 116 insertions(+), 109 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -138,10 +138,11 @@ printVar(virConnectPtr conn, static int -printDataType(virConnectPtr conn, - virNWFilterHashTablePtr vars, - char *buf, int bufsize, - nwItemDescPtr item) +_printDataType(virConnectPtr conn, + virNWFilterHashTablePtr vars, + char *buf, int bufsize, + nwItemDescPtr item, + bool asHex) { int done; char *data; @@ -199,8 +200,18 @@ printDataType(virConnectPtr conn, virFormatMacAddr(item->u.macaddr.addr, buf); break; - case DATATYPE_UINT16: + case DATATYPE_IPV6MASK: + case DATATYPE_IPMASK: if (snprintf(buf, bufsize, "%d", + item->u.u8) >= bufsize) { + virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + _("Buffer too small for uint8 type")); + return 1; + } + break; + + case DATATYPE_UINT16: + if (snprintf(buf, bufsize, asHex ? "0x%x" : "%d", item->u.u16) >= bufsize) { virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, _("Buffer too small for uint16 type")); @@ -208,10 +219,8 @@ printDataType(virConnectPtr conn, } break; - case DATATYPE_IPV6MASK: - case DATATYPE_IPMASK: case DATATYPE_UINT8: - if (snprintf(buf, bufsize, "%d", + if (snprintf(buf, bufsize, asHex ? "0x%x" : "%d", item->u.u8) >= bufsize) { virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, _("Buffer too small for uint8 type")); @@ -230,6 +239,26 @@ printDataType(virConnectPtr conn, } +static int +printDataType(virConnectPtr conn, + virNWFilterHashTablePtr vars, + char *buf, int bufsize, + nwItemDescPtr item) +{ + return _printDataType(conn, vars, buf, bufsize, item, 0); +} + + +static int +printDataTypeAsHex(virConnectPtr conn, + virNWFilterHashTablePtr vars, + char *buf, int bufsize, + nwItemDescPtr item) +{ + return _printDataType(conn, vars, buf, bufsize, item, 1); +} + + static void ebiptablesRuleInstFree(ebiptablesRuleInstPtr inst) { @@ -1270,6 +1299,12 @@ _iptablesCreateRuleInstance(virConnectPt goto err_exit; if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPType)) { + const char *parm; + if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP) + parm = "--icmp-type"; + else + parm = "--icmpv6-type"; + if (printDataType(conn, vars, number, sizeof(number), @@ -1277,8 +1312,9 @@ _iptablesCreateRuleInstance(virConnectPt goto err_exit; virBufferVSprintf(&buf, - " %s --icmp-type %s", + " %s %s %s", ENTRY_GET_NEG_SIGN(&rule->p.icmpHdrFilter.dataICMPType), + parm, number); if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPCode)) { @@ -1295,6 +1331,30 @@ _iptablesCreateRuleInstance(virConnectPt } break; + case VIR_NWFILTER_RULE_PROTOCOL_IGMP: + virBufferVSprintf(&buf, + CMD_DEF_PRE "%s -%%c %s %%s", + iptables_cmd, + chain); + + virBufferAddLit(&buf, " -p igmp"); + + if (iptablesHandleSrcMacAddr(conn, + &buf, + vars, + &rule->p.igmpHdrFilter.dataSrcMACAddr, + directionIn)) + goto err_exit; + + if (iptablesHandleIpHdr(conn, + &buf, + vars, + &rule->p.igmpHdrFilter.ipHdr, + directionIn)) + goto err_exit; + + break; + case VIR_NWFILTER_RULE_PROTOCOL_ALL: case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6: virBufferVSprintf(&buf, @@ -1490,10 +1550,10 @@ ebtablesCreateRuleInstance(virConnectPtr goto err_exit; if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) { - if (printDataType(conn, - vars, - number, sizeof(number), - &rule->p.ethHdrFilter.dataProtocolID)) + if (printDataTypeAsHex(conn, + vars, + number, sizeof(number), + &rule->p.ethHdrFilter.dataProtocolID)) goto err_exit; virBufferVSprintf(&buf, " -p %s %s", @@ -1541,10 +1601,10 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataProtocolType)) { - if (printDataType(conn, - vars, - number, sizeof(number), - &rule->p.arpHdrFilter.dataProtocolType)) + if (printDataTypeAsHex(conn, + vars, + number, sizeof(number), + &rule->p.arpHdrFilter.dataProtocolType)) goto err_exit; virBufferVSprintf(&buf, " --arp-ptype %s %s", Index: libvirt-acl/src/conf/nwfilter_conf.c =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.c +++ libvirt-acl/src/conf/nwfilter_conf.c @@ -409,6 +409,8 @@ checkMacProtocolID(enum attrDatatype dat res = -1; } else if (datatype == DATATYPE_UINT16) { res = (uint32_t)*(uint16_t *)value; + if (res < 0x600) + res = -1; } if (res != -1) { @@ -766,7 +768,7 @@ static const virXMLAttr2Struct ipv6Attri }, { .name = "protocol", - .datatype = DATATYPE_STRING, + .datatype = DATATYPE_STRING | DATATYPE_UINT8, .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataProtocolID), .validator= checkIPProtocolID, .formatter= formatIPProtocolID, @@ -1048,95 +1050,34 @@ struct _virAttributes { enum virNWFilterRuleProtocolType prtclType; }; +#define PROTOCOL_ENTRY(ID, ATT, PRTCLTYPE) \ + { .id = ID, .att = ATT, .prtclType = PRTCLTYPE } +#define PROTOCOL_ENTRY_LAST { .id = NULL } + static const virAttributes virAttr[] = { - { - .id = "arp", - .att = arpAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ARP, - }, { - .id = "mac", - .att = macAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_MAC, - }, { - .id = "ip", - .att = ipAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IP, - }, { - .id = "ipv6", - .att = ipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IPV6, - }, { - .id = "tcp", - .att = tcpAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_TCP, - }, { - .id = "udp", - .att = udpAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDP, - }, { - .id = "udplite", - .att = udpliteAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDPLITE, - }, { - .id = "esp", - .att = espAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ESP, - }, { - .id = "ah", - .att = ahAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_AH, - }, { - .id = "sctp", - .att = sctpAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_SCTP, - }, { - .id = "icmp", - .att = icmpAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ICMP, - }, { - .id = "all", // = 'any' - .att = allAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ALL, - }, { - .id = "igmp", - .att = igmpAttributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IGMP, - }, { - .id = "tcp-ipv6", - .att = tcpipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6, - }, { - .id = "udp-ipv6", - .att = udpipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6, - }, { - .id = "udplite-ipv6", - .att = udpliteipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6, - }, { - .id = "esp-ipv6", - .att = espipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6, - }, { - .id = "ah-ipv6", - .att = ahipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6, - }, { - .id = "sctp-ipv6", - .att = sctpipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6, - }, { - .id = "icmpv6", - .att = icmpv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ICMPV6, - }, { - .id = "all-ipv6", // = 'any' - .att = allipv6Attributes, - .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6, - }, { - .id = NULL, - } + PROTOCOL_ENTRY("arp" , arpAttributes , VIR_NWFILTER_RULE_PROTOCOL_ARP), + PROTOCOL_ENTRY("mac" , macAttributes , VIR_NWFILTER_RULE_PROTOCOL_MAC), + PROTOCOL_ENTRY("ip" , ipAttributes , VIR_NWFILTER_RULE_PROTOCOL_IP), + PROTOCOL_ENTRY("ipv6" , ipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_IPV6), + PROTOCOL_ENTRY("tcp" , tcpAttributes , VIR_NWFILTER_RULE_PROTOCOL_TCP), + PROTOCOL_ENTRY("udp" , udpAttributes , VIR_NWFILTER_RULE_PROTOCOL_UDP), + PROTOCOL_ENTRY("udplite", udpliteAttributes, VIR_NWFILTER_RULE_PROTOCOL_UDPLITE), + PROTOCOL_ENTRY("esp" , espAttributes , VIR_NWFILTER_RULE_PROTOCOL_ESP), + PROTOCOL_ENTRY("ah" , ahAttributes , VIR_NWFILTER_RULE_PROTOCOL_AH), + PROTOCOL_ENTRY("sctp" , sctpAttributes , VIR_NWFILTER_RULE_PROTOCOL_SCTP), + PROTOCOL_ENTRY("icmp" , icmpAttributes , VIR_NWFILTER_RULE_PROTOCOL_ICMP), + PROTOCOL_ENTRY("all" , allAttributes , VIR_NWFILTER_RULE_PROTOCOL_ALL), + PROTOCOL_ENTRY("igmp" , igmpAttributes , VIR_NWFILTER_RULE_PROTOCOL_IGMP), + PROTOCOL_ENTRY("tcp-ipv6" , tcpipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6), + PROTOCOL_ENTRY("udp-ipv6" , udpipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6), + PROTOCOL_ENTRY("udplite-ipv6", udpliteipv6Attributes, VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6), + PROTOCOL_ENTRY("esp-ipv6" , espipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6), + PROTOCOL_ENTRY("ah-ipv6" , ahipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6), + PROTOCOL_ENTRY("sctp-ipv6" , sctpipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6), + PROTOCOL_ENTRY("icmpv6" , icmpv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_ICMPV6), + PROTOCOL_ENTRY("all-ipv6" , allipv6Attributes , VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6), + PROTOCOL_ENTRY_LAST }; @@ -1176,7 +1117,7 @@ virNWFilterRuleDetailsParse(virConnectPt virNWFilterRuleDefPtr nwf, const virXMLAttr2Struct *att) { - int rc = 0; + int rc = 0, g_rc = 0; int idx = 0; char *prop; int found = 0; @@ -1194,7 +1135,7 @@ virNWFilterRuleDetailsParse(virConnectPt VIR_FREE(match); match = NULL; - while (att[idx].name != NULL && rc == 0) { + while (att[idx].name != NULL) { prop = virXMLPropString(node, att[idx].name); item = (nwItemDesc *)((char *)nwf + att[idx].dataIdx); @@ -1390,10 +1331,16 @@ virNWFilterRuleDetailsParse(virConnectPt } VIR_FREE(prop); } + + if (rc) { + g_rc = rc; + rc = 0; + } + idx++; } - return rc; + return g_rc; } @@ -2178,7 +2125,7 @@ virNWFilterPoolObjAssignDef(virConnectPt if (virNWFilterDefLoopDetect(conn, pools, def)) { virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, - "%s", _("filter would introduce loop")); + "%s", _("filter would introduce a loop")); return NULL; }
On Thu, Apr 01, 2010 at 03:16:23PM -0400, Stefan Berger wrote:
The following issues are fixed in the patch below:
- ebtables requires that some of the command line parameters are passed as hex numbers; so have those attributes call a function that prints 16 and 8 bit integers as hex nunbers.
- ip6tables requires '--icmpv6-type' rather than '--icmp-type'
- ebtables complains about protocol identifiers lower than 0x600, so already discard anything lower than 0x600 in the parser
- make the protocol entry types more readable using a #define for its entries
- continue parsing a filtering rule even if a faulty entry is encountered; return an error value at the end and let the caller decide what to do with the rule's object
- fix an error message
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
ACK, looks fine, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
This patch adds a couple of test cases for the XML parsing test suite covering various filterable protocols. For each test case an input XML and an output XML is provided checking the input XML after parsing and converting back into XML against the exepcted output XML. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> --- tests/Makefile.am | 10 ++ tests/nwfilterxml2xmlin/ah-ipv6-test.xml | 19 +++ tests/nwfilterxml2xmlin/ah-test.xml | 18 +++ tests/nwfilterxml2xmlin/all-ipv6-test.xml | 19 +++ tests/nwfilterxml2xmlin/all-test.xml | 18 +++ tests/nwfilterxml2xmlin/arp-test.xml | 33 ++++++ tests/nwfilterxml2xmlin/esp-ipv6-test.xml | 19 +++ tests/nwfilterxml2xmlin/esp-test.xml | 18 +++ tests/nwfilterxml2xmlin/icmp-test.xml | 18 +++ tests/nwfilterxml2xmlin/icmpv6-test.xml | 19 +++ tests/nwfilterxml2xmlin/igmp-test.xml | 18 +++ tests/nwfilterxml2xmlin/ip-test.xml | 34 +++++++ tests/nwfilterxml2xmlin/ipv6-test.xml | 43 ++++++++ tests/nwfilterxml2xmlin/mac-test.xml | 23 ++++ tests/nwfilterxml2xmlin/ref-rule-test.xml | 18 +++ tests/nwfilterxml2xmlin/ref-test.xml | 4 tests/nwfilterxml2xmlin/sctp-ipv6-test.xml | 22 ++++ tests/nwfilterxml2xmlin/sctp-test.xml | 22 ++++ tests/nwfilterxml2xmlin/tcp-ipv6-test.xml | 22 ++++ tests/nwfilterxml2xmlin/tcp-test.xml | 22 ++++ tests/nwfilterxml2xmlin/udp-ipv6-test.xml | 22 ++++ tests/nwfilterxml2xmlin/udp-test.xml | 22 ++++ tests/nwfilterxml2xmlin/udplite-ipv6-test.xml | 19 +++ tests/nwfilterxml2xmlin/udplite-test.xml | 18 +++ tests/nwfilterxml2xmlout/ah-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/ah-test.xml | 12 ++ tests/nwfilterxml2xmlout/all-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/all-test.xml | 12 ++ tests/nwfilterxml2xmlout/arp-test.xml | 18 +++ tests/nwfilterxml2xmlout/esp-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/esp-test.xml | 12 ++ tests/nwfilterxml2xmlout/icmp-test.xml | 12 ++ tests/nwfilterxml2xmlout/icmpv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/igmp-test.xml | 12 ++ tests/nwfilterxml2xmlout/ip-test.xml | 15 +++ tests/nwfilterxml2xmlout/ipv6-test.xml | 15 +++ tests/nwfilterxml2xmlout/mac-test.xml | 18 +++ tests/nwfilterxml2xmlout/ref-rule-test.xml | 13 ++ tests/nwfilterxml2xmlout/ref-test.xml | 4 tests/nwfilterxml2xmlout/sctp-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/sctp-test.xml | 12 ++ tests/nwfilterxml2xmlout/tcp-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/tcp-test.xml | 12 ++ tests/nwfilterxml2xmlout/udp-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/udp-test.xml | 12 ++ tests/nwfilterxml2xmlout/udplite-ipv6-test.xml | 12 ++ tests/nwfilterxml2xmlout/udplite-test.xml | 12 ++ tests/nwfilterxml2xmltest.c | 121 +++++++++++++++++++++++++ 48 files changed, 908 insertions(+) Index: libvirt-acl/tests/Makefile.am =================================================================== --- libvirt-acl.orig/tests/Makefile.am +++ libvirt-acl/tests/Makefile.am @@ -72,6 +72,8 @@ EXTRA_DIST = \ nodedevschemadata \ vmx2xmldata \ xml2vmxdata \ + nwfilterxml2xmlout \ + nwfilterxml2xmlin \ $(patsubst %,qemuhelpdata/%,$(qemuhelpdata)) noinst_PROGRAMS = virshtest conftest \ @@ -103,6 +105,8 @@ endif noinst_PROGRAMS += networkxml2xmltest +noinst_PROGRAMS += nwfilterxml2xmltest + noinst_PROGRAMS += storagevolxml2xmltest storagepoolxml2xmltest noinst_PROGRAMS += nodedevxml2xmltest @@ -162,6 +166,7 @@ endif if WITH_QEMU TESTS += qemuxml2argvtest qemuxml2xmltest qemuargv2xmltest qemuhelptest +TESTS += nwfilterxml2xmltest endif if WITH_ESX @@ -286,6 +291,11 @@ networkxml2xmltest_SOURCES = \ testutils.c testutils.h networkxml2xmltest_LDADD = $(LDADDS) +nwfilterxml2xmltest_SOURCES = \ + nwfilterxml2xmltest.c \ + testutils.c testutils.h +nwfilterxml2xmltest_LDADD = $(LDADDS) + storagevolxml2xmltest_SOURCES = \ storagevolxml2xmltest.c \ testutils.c testutils.h Index: libvirt-acl/tests/nwfilterxml2xmltest.c =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmltest.c @@ -0,0 +1,121 @@ +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> + +#include <sys/types.h> +#include <fcntl.h> + +#include "internal.h" +#include "testutils.h" +#include "xml.h" +#include "threads.h" +#include "nwfilter_params.h" +#include "nwfilter_conf.h" +#include "testutilsqemu.h" + +static char *progname; +static char *abs_srcdir; + +#define MAX_FILE 4096 + + +static int testCompareXMLToXMLFiles(const char *inxml, const char *outxml) { + char inXmlData[MAX_FILE]; + char *inXmlPtr = &(inXmlData[0]); + char outXmlData[MAX_FILE]; + char *outXmlPtr = &(outXmlData[0]); + char *actual = NULL; + int ret = -1; + virNWFilterDefPtr dev = NULL; + + if (virtTestLoadFile(inxml, &inXmlPtr, MAX_FILE) < 0) + goto fail; + if (virtTestLoadFile(outxml, &outXmlPtr, MAX_FILE) < 0) + goto fail; + + if (!(dev = virNWFilterDefParseString(NULL, inXmlData))) + goto fail; + + if (!(actual = virNWFilterDefFormat(NULL, dev))) + goto fail; + + if (STRNEQ(outXmlData, actual)) { + virtTestDifference(stderr, outXmlData, actual); + goto fail; + } + + ret = 0; + + fail: + free(actual); + virNWFilterDefFree(dev); + return ret; +} + +static int testCompareXMLToXMLHelper(const void *data) { + char inxml[PATH_MAX]; + char outxml[PATH_MAX]; + snprintf(inxml, PATH_MAX, "%s/nwfilterxml2xmlin/%s.xml", + abs_srcdir, (const char*)data); + snprintf(outxml, PATH_MAX, "%s/nwfilterxml2xmlout/%s.xml", + abs_srcdir, (const char*)data); + return testCompareXMLToXMLFiles(inxml, outxml); +} + + +static int +mymain(int argc, char **argv) +{ + int ret = 0; + char cwd[PATH_MAX]; + + progname = argv[0]; + + if (argc > 1) { + fprintf(stderr, "Usage: %s\n", progname); + return (EXIT_FAILURE); + } + + abs_srcdir = getenv("abs_srcdir"); + if (!abs_srcdir) + abs_srcdir = getcwd(cwd, sizeof(cwd)); + +#define DO_TEST(name) \ + if (virtTestRun("NWFilter XML-2-XML " name, \ + 1, testCompareXMLToXMLHelper, (name)) < 0) \ + ret = -1 + + DO_TEST("mac-test"); + DO_TEST("arp-test"); + DO_TEST("ip-test"); + DO_TEST("ipv6-test"); + + DO_TEST("tcp-test"); + DO_TEST("udp-test"); + DO_TEST("icmp-test"); + DO_TEST("igmp-test"); + DO_TEST("sctp-test"); + DO_TEST("udplite-test"); + DO_TEST("esp-test"); + DO_TEST("ah-test"); + DO_TEST("all-test"); + + DO_TEST("tcp-ipv6-test"); + DO_TEST("udp-ipv6-test"); + DO_TEST("icmpv6-test"); + DO_TEST("sctp-ipv6-test"); + DO_TEST("udplite-ipv6-test"); + DO_TEST("esp-ipv6-test"); + DO_TEST("ah-ipv6-test"); + DO_TEST("all-ipv6-test"); + + DO_TEST("ref-test"); + DO_TEST("ref-rule-test"); + + return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE); +} + +VIRT_TEST_MAIN(mymain) Index: libvirt-acl/tests/nwfilterxml2xmlin/tcp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/tcp-test.xml @@ -0,0 +1,22 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <tcp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <tcp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/tcp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/tcp-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <tcp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/mac-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/mac-test.xml @@ -0,0 +1,23 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='ipv4'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='1536'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='15'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/arp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/arp-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='12' protocoltype='34' opcode='Request' arpsrcmacaddr='01:02:03:04:05:06' arpdstmacaddr='0a:0b:0c:0d:0e:0f'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' hwtype='255' protocoltype='255' opcode='Request'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' hwtype='256' protocoltype='256' opcode='11'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' hwtype='65535' protocoltype='65535' opcode='65535'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/mac-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/mac-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <mac srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' protocolid='arp'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' protocolid='ipv4'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' protocolid='1536'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' protocolid='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/arp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/arp-test.xml @@ -0,0 +1,33 @@ +<filter name='testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + hwtype='12' + protocoltype='34' + opcode='Request' + arpsrcmacaddr='1:2:3:4:5:6' + arpdstmacaddr='a:b:c:d:e:f'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='1' hwtype='255' protocoltype='255'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='11' hwtype='256' protocoltype='256'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='65535' hwtype='65535' protocoltype='65535' /> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='65536' hwtype='65536' protocoltype='65536' /> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/ip-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ip-test.xml @@ -0,0 +1,34 @@ +<filter name='testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + srcipaddr='10.1.2.3' srcipmask='255.255.255.255' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + protocol='udp' + srcportstart='20' srcportend='22' + dstportstart='100' dstportend='101' + /> + </rule> + + <rule action='accept' direction='out'> + <ip srcipaddr='10.1.2.3' srcipmask='255.255.128.0' + dstipaddr='10.1.2.3' dstipmask='255.255.255.0' + protocol='17' dscp='63' + /> + </rule> + + <rule action='accept' direction='in'> + <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.254' + dstipaddr='10.1.2.3' dstipmask='255.255.255.128' + protocol='255' dscp='64' + /> + </rule> + + <rule action='accept' direction='inout'> + <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.127' + dstipaddr='10.1.2.3' dstipmask='255.255.255.254' + protocol='256' dscp='64' + /> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/ip-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ip-test.xml @@ -0,0 +1,15 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <ip srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' srcipaddr='10.1.2.3' srcipmask='32' dstipaddr='10.1.2.3' dstipmask='32' protocol='udp' srcportstart='20' srcportend='22' dstportstart='100' dstportend='101'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <ip srcipaddr='10.1.2.3' srcipmask='17' dstipaddr='10.1.2.3' dstipmask='24' protocol='udp' dscp='63'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <ip srcipaddr='10.1.2.3' srcipmask='31' dstipaddr='10.1.2.3' dstipmask='25' protocol='255'/> + </rule> + <rule action='accept' direction='inout' priority='500'> + <ip srcipaddr='10.1.2.3' dstipaddr='10.1.2.3' dstipmask='31'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ipv6-test.xml @@ -0,0 +1,43 @@ +<filter name='testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80' + srcipaddr='::10.1.2.3' srcipmask='22' + dstipaddr='::10.1.2.3' + dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000' + protocol='udp' + srcportstart='20' srcportend='22' + dstportstart='100' dstportend='101' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='6' + srcportstart='20' srcportend='22' + dstportstart='100' dstportend='101' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='6' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='18' + /> + </rule> + +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/icmp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/icmp-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <icmp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2' type='12' code='11'/> + </rule> + <rule action='accept' direction='in'> + <icmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33' type='255' code='255'/> + </rule> + <rule action='accept' direction='in'> + <icmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33' type='256' code='256'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/udp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/udp-test.xml @@ -0,0 +1,22 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <udp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/icmp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/icmp-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <icmp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2' type='12' code='11'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <icmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33' type='255' code='255'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <icmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/udp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/udp-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <udp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ipv6-test.xml @@ -0,0 +1,15 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <ipv6 srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:fe' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80' srcipaddr='::10.1.2.3' srcipmask='22' dstipaddr='::10.1.2.3' dstipmask='113' protocol='udp' srcportstart='20' srcportend='22' dstportstart='100' dstportend='101'/> + </rule> + <rule action='accept' direction='inout' priority='500'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='tcp' srcportstart='20' srcportend='22' dstportstart='100' dstportend='101'/> + </rule> + <rule action='accept' direction='inout' priority='500'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='tcp' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> + <rule action='accept' direction='inout' priority='500'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='18'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/ah-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ah-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ah srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <ah srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <ah srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/esp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/esp-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <esp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <esp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <esp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/sctp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/sctp-test.xml @@ -0,0 +1,22 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <sctp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <sctp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <sctp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/udplite-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/udplite-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udplite srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udplite srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <udplite srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/ah-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ah-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <ah srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <ah srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <ah srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/esp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/esp-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <esp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <esp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <esp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/sctp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/sctp-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <sctp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <sctp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <sctp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/udplite-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/udplite-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <udplite srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udplite srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udplite srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/all-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/all-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <all srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/igmp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/igmp-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <igmp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <igmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <igmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/all-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/all-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <all srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <all srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <all srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/igmp-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/igmp-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <igmp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <igmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <igmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='22' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/tcp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/tcp-ipv6-test.xml @@ -0,0 +1,22 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/tcp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/tcp-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/udp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/udp-ipv6-test.xml @@ -0,0 +1,22 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c' srcipmask='128' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/icmpv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/icmpv6-test.xml @@ -0,0 +1,19 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <icmpv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2' type='12' code='11'/> + </rule> + <rule action='accept' direction='in'> + <icmpv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33' type='255' code='255'/> + </rule> + <rule action='accept' direction='in'> + <icmpv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='33' type='256' code='256'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/icmpv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/icmpv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <icmpv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a' srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2' type='12' code='11'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <icmpv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33' type='255' code='255'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <icmpv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/udp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/udp-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <udp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipmask='128' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/ah-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ah-ipv6-test.xml @@ -0,0 +1,19 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ah-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <ah-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <ah-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/all-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/all-ipv6-test.xml @@ -0,0 +1,19 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <all-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <all-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <all-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/esp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/esp-ipv6-test.xml @@ -0,0 +1,19 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <esp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <esp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <esp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/sctp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/sctp-ipv6-test.xml @@ -0,0 +1,22 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65536'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/udplite-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/udplite-ipv6-test.xml @@ -0,0 +1,19 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='129' + dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/ah-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ah-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <ah-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a' srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <ah-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <ah-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/all-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/all-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <all-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a' srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <all-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <all-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/esp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/esp-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <esp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a' srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <esp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <esp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/sctp-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/sctp-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <sctp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <sctp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <sctp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/udplite-ipv6-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/udplite-ipv6-test.xml @@ -0,0 +1,12 @@ +<filter name='testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out' priority='500'> + <udplite-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a' srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udplite-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' dscp='33'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <udplite-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3' dscp='33'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/ref-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ref-test.xml @@ -0,0 +1,4 @@ +<filter name='testcase'> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter='clean-traffic'/> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/ref-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ref-test.xml @@ -0,0 +1,4 @@ +<filter name='testcase' chain='root'> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter='clean-traffic'/> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlin/ref-rule-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ref-rule-test.xml @@ -0,0 +1,18 @@ +<filter name='testcase'> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter='clean-traffic'/> + <rule action='accept' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='accept' direction='out'> + <tcp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='out'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> +</filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/ref-rule-test.xml =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ref-rule-test.xml @@ -0,0 +1,13 @@ +<filter name='testcase' chain='root'> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter='clean-traffic'/> + <rule action='accept' direction='out' priority='500'> + <mac srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' protocolid='arp'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <tcp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <udp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f' dstipmask='128' dscp='2'/> + </rule> +</filter>
On Thu, Apr 01, 2010 at 03:16:24PM -0400, Stefan Berger wrote:
This patch adds a couple of test cases for the XML parsing test suite covering various filterable protocols. For each test case an input XML and an output XML is provided checking the input XML after parsing and converting back into XML against the exepcted output XML.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
[...]
tests/nwfilterxml2xmltest.c | 121 +++++++++++++++++++++++++ 48 files changed, 908 insertions(+)
[...]
+static int testCompareXMLToXMLFiles(const char *inxml, const char *outxml) { + char inXmlData[MAX_FILE]; + char *inXmlPtr = &(inXmlData[0]); + char outXmlData[MAX_FILE]; + char *outXmlPtr = &(outXmlData[0]); + char *actual = NULL; + int ret = -1; + virNWFilterDefPtr dev = NULL; + + if (virtTestLoadFile(inxml, &inXmlPtr, MAX_FILE) < 0) + goto fail; + if (virtTestLoadFile(outxml, &outXmlPtr, MAX_FILE) < 0) + goto fail; + + if (!(dev = virNWFilterDefParseString(NULL, inXmlData))) + goto fail; + + if (!(actual = virNWFilterDefFormat(NULL, dev))) + goto fail; + + if (STRNEQ(outXmlData, actual)) { + virtTestDifference(stderr, outXmlData, actual); + goto fail; + } + + ret = 0; + + fail: + free(actual); + virNWFilterDefFree(dev); + return ret; +} + +static int testCompareXMLToXMLHelper(const void *data) { + char inxml[PATH_MAX]; + char outxml[PATH_MAX]; + snprintf(inxml, PATH_MAX, "%s/nwfilterxml2xmlin/%s.xml", + abs_srcdir, (const char*)data); + snprintf(outxml, PATH_MAX, "%s/nwfilterxml2xmlout/%s.xml", + abs_srcdir, (const char*)data); + return testCompareXMLToXMLFiles(inxml, outxml); +} + + +static int +mymain(int argc, char **argv) +{ + int ret = 0; + char cwd[PATH_MAX]; + + progname = argv[0]; + + if (argc > 1) { + fprintf(stderr, "Usage: %s\n", progname); + return (EXIT_FAILURE); + } + + abs_srcdir = getenv("abs_srcdir"); + if (!abs_srcdir) + abs_srcdir = getcwd(cwd, sizeof(cwd)); + +#define DO_TEST(name) \ + if (virtTestRun("NWFilter XML-2-XML " name, \ + 1, testCompareXMLToXMLHelper, (name)) < 0) \ + ret = -1 +
ACK, good idea, but it would be nice if the XML could also be validated against the Relax-NG syntax for the filters. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
Daniel Veillard <veillard@redhat.com> wrote on 04/02/2010 12:59:47 PM:
+ +#define DO_TEST(name) \ + if (virtTestRun("NWFilter XML-2-XML " name, \ + 1, testCompareXMLToXMLHelper, (name)) < 0) \ + ret = -1 +
ACK, good idea, but it would be nice if the XML could also be validated against the Relax-NG syntax for the filters.
Will do. Regards, Stefan
Daniel
-- Daniel Veillard | libxml Gnome XML XSLT toolkit
daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel Veillard -
Stefan Berger