[libvirt] [PATCH v1 0/2] Fixes to network filter rules instantiator + XML parser and XML parser test cases
2:16 p.m.
The following two patches fix some problems when instantiating the network filtering rules
provided by the test cases in the 2nd patch on a running
virtual machine using 'nwfilter-define'.
There's one known problem realted to 'dscp' values not being capped at
'63'. This will be fixed later.
Regards,
Stefan
2:16 p.m.
New subject: [libvirt] [PATCH v1 1/2] nwfilter: Fixes to instantiator and some more parser fixes
The following issues are fixed in the patch below:
- ebtables requires that some of the command line parameters are passed as hex numbers; so
have those attributes call a function that prints 16 and 8 bit integers as hex nunbers.
- ip6tables requires '--icmpv6-type' rather than '--icmp-type'
- ebtables complains about protocol identifiers lower than 0x600, so already discard
anything lower than 0x600 in the parser
- make the protocol entry types more readable using a #define for its entries
- continue parsing a filtering rule even if a faulty entry is encountered; return an error
value at the end and let the caller decide what to do with the rule's object
- fix an error message
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
src/conf/nwfilter_conf.c | 131 ++++++++----------------------
src/nwfilter/nwfilter_ebiptables_driver.c | 94 +++++++++++++++++----
2 files changed, 116 insertions(+), 109 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -138,10 +138,11 @@ printVar(virConnectPtr conn,
static int
-printDataType(virConnectPtr conn,
- virNWFilterHashTablePtr vars,
- char *buf, int bufsize,
- nwItemDescPtr item)
+_printDataType(virConnectPtr conn,
+ virNWFilterHashTablePtr vars,
+ char *buf, int bufsize,
+ nwItemDescPtr item,
+ bool asHex)
{
int done;
char *data;
@@ -199,8 +200,18 @@ printDataType(virConnectPtr conn,
virFormatMacAddr(item->u.macaddr.addr, buf);
break;
- case DATATYPE_UINT16:
+ case DATATYPE_IPV6MASK:
+ case DATATYPE_IPMASK:
if (snprintf(buf, bufsize, "%d",
+ item->u.u8) >= bufsize) {
+ virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER,
+ _("Buffer too small for uint8 type"));
+ return 1;
+ }
+ break;
+
+ case DATATYPE_UINT16:
+ if (snprintf(buf, bufsize, asHex ? "0x%x" : "%d",
item->u.u16) >= bufsize) {
virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER,
_("Buffer too small for uint16 type"));
@@ -208,10 +219,8 @@ printDataType(virConnectPtr conn,
}
break;
- case DATATYPE_IPV6MASK:
- case DATATYPE_IPMASK:
case DATATYPE_UINT8:
- if (snprintf(buf, bufsize, "%d",
+ if (snprintf(buf, bufsize, asHex ? "0x%x" : "%d",
item->u.u8) >= bufsize) {
virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER,
_("Buffer too small for uint8 type"));
@@ -230,6 +239,26 @@ printDataType(virConnectPtr conn,
}
+static int
+printDataType(virConnectPtr conn,
+ virNWFilterHashTablePtr vars,
+ char *buf, int bufsize,
+ nwItemDescPtr item)
+{
+ return _printDataType(conn, vars, buf, bufsize, item, 0);
+}
+
+
+static int
+printDataTypeAsHex(virConnectPtr conn,
+ virNWFilterHashTablePtr vars,
+ char *buf, int bufsize,
+ nwItemDescPtr item)
+{
+ return _printDataType(conn, vars, buf, bufsize, item, 1);
+}
+
+
static void
ebiptablesRuleInstFree(ebiptablesRuleInstPtr inst)
{
@@ -1270,6 +1299,12 @@ _iptablesCreateRuleInstance(virConnectPt
goto err_exit;
if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPType)) {
+ const char *parm;
+ if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP)
+ parm = "--icmp-type";
+ else
+ parm = "--icmpv6-type";
+
if (printDataType(conn,
vars,
number, sizeof(number),
@@ -1277,8 +1312,9 @@ _iptablesCreateRuleInstance(virConnectPt
goto err_exit;
virBufferVSprintf(&buf,
- " %s --icmp-type %s",
+ " %s %s %s",
ENTRY_GET_NEG_SIGN(&rule->p.icmpHdrFilter.dataICMPType),
+ parm,
number);
if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPCode)) {
@@ -1295,6 +1331,30 @@ _iptablesCreateRuleInstance(virConnectPt
}
break;
+ case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
+ virBufferVSprintf(&buf,
+ CMD_DEF_PRE "%s -%%c %s %%s",
+ iptables_cmd,
+ chain);
+
+ virBufferAddLit(&buf, " -p igmp");
+
+ if (iptablesHandleSrcMacAddr(conn,
+ &buf,
+ vars,
+ &rule->p.igmpHdrFilter.dataSrcMACAddr,
+ directionIn))
+ goto err_exit;
+
+ if (iptablesHandleIpHdr(conn,
+ &buf,
+ vars,
+ &rule->p.igmpHdrFilter.ipHdr,
+ directionIn))
+ goto err_exit;
+
+ break;
+
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
virBufferVSprintf(&buf,
@@ -1490,10 +1550,10 @@ ebtablesCreateRuleInstance(virConnectPtr
goto err_exit;
if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) {
- if (printDataType(conn,
- vars,
- number, sizeof(number),
- &rule->p.ethHdrFilter.dataProtocolID))
+ if (printDataTypeAsHex(conn,
+ vars,
+ number, sizeof(number),
+ &rule->p.ethHdrFilter.dataProtocolID))
goto err_exit;
virBufferVSprintf(&buf,
" -p %s %s",
@@ -1541,10 +1601,10 @@ ebtablesCreateRuleInstance(virConnectPtr
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataProtocolType)) {
- if (printDataType(conn,
- vars,
- number, sizeof(number),
- &rule->p.arpHdrFilter.dataProtocolType))
+ if (printDataTypeAsHex(conn,
+ vars,
+ number, sizeof(number),
+ &rule->p.arpHdrFilter.dataProtocolType))
goto err_exit;
virBufferVSprintf(&buf,
" --arp-ptype %s %s",
Index: libvirt-acl/src/conf/nwfilter_conf.c
===================================================================
--- libvirt-acl.orig/src/conf/nwfilter_conf.c
+++ libvirt-acl/src/conf/nwfilter_conf.c
@@ -409,6 +409,8 @@ checkMacProtocolID(enum attrDatatype dat
res = -1;
} else if (datatype == DATATYPE_UINT16) {
res = (uint32_t)*(uint16_t *)value;
+ if (res < 0x600)
+ res = -1;
}
if (res != -1) {
@@ -766,7 +768,7 @@ static const virXMLAttr2Struct ipv6Attri
},
{
.name = "protocol",
- .datatype = DATATYPE_STRING,
+ .datatype = DATATYPE_STRING | DATATYPE_UINT8,
.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataProtocolID),
.validator= checkIPProtocolID,
.formatter= formatIPProtocolID,
@@ -1048,95 +1050,34 @@ struct _virAttributes {
enum virNWFilterRuleProtocolType prtclType;
};
+#define PROTOCOL_ENTRY(ID, ATT, PRTCLTYPE) \
+ { .id = ID, .att = ATT, .prtclType = PRTCLTYPE }
+#define PROTOCOL_ENTRY_LAST { .id = NULL }
+
static const virAttributes virAttr[] = {
- {
- .id = "arp",
- .att = arpAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ARP,
- }, {
- .id = "mac",
- .att = macAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_MAC,
- }, {
- .id = "ip",
- .att = ipAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IP,
- }, {
- .id = "ipv6",
- .att = ipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IPV6,
- }, {
- .id = "tcp",
- .att = tcpAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_TCP,
- }, {
- .id = "udp",
- .att = udpAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDP,
- }, {
- .id = "udplite",
- .att = udpliteAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDPLITE,
- }, {
- .id = "esp",
- .att = espAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ESP,
- }, {
- .id = "ah",
- .att = ahAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_AH,
- }, {
- .id = "sctp",
- .att = sctpAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_SCTP,
- }, {
- .id = "icmp",
- .att = icmpAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ICMP,
- }, {
- .id = "all", // = 'any'
- .att = allAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ALL,
- }, {
- .id = "igmp",
- .att = igmpAttributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IGMP,
- }, {
- .id = "tcp-ipv6",
- .att = tcpipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6,
- }, {
- .id = "udp-ipv6",
- .att = udpipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6,
- }, {
- .id = "udplite-ipv6",
- .att = udpliteipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6,
- }, {
- .id = "esp-ipv6",
- .att = espipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6,
- }, {
- .id = "ah-ipv6",
- .att = ahipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6,
- }, {
- .id = "sctp-ipv6",
- .att = sctpipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6,
- }, {
- .id = "icmpv6",
- .att = icmpv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ICMPV6,
- }, {
- .id = "all-ipv6", // = 'any'
- .att = allipv6Attributes,
- .prtclType = VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6,
- }, {
- .id = NULL,
- }
+ PROTOCOL_ENTRY("arp" , arpAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_ARP),
+ PROTOCOL_ENTRY("mac" , macAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_MAC),
+ PROTOCOL_ENTRY("ip" , ipAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_IP),
+ PROTOCOL_ENTRY("ipv6" , ipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_IPV6),
+ PROTOCOL_ENTRY("tcp" , tcpAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_TCP),
+ PROTOCOL_ENTRY("udp" , udpAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_UDP),
+ PROTOCOL_ENTRY("udplite", udpliteAttributes,
VIR_NWFILTER_RULE_PROTOCOL_UDPLITE),
+ PROTOCOL_ENTRY("esp" , espAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_ESP),
+ PROTOCOL_ENTRY("ah" , ahAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_AH),
+ PROTOCOL_ENTRY("sctp" , sctpAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_SCTP),
+ PROTOCOL_ENTRY("icmp" , icmpAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_ICMP),
+ PROTOCOL_ENTRY("all" , allAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_ALL),
+ PROTOCOL_ENTRY("igmp" , igmpAttributes ,
VIR_NWFILTER_RULE_PROTOCOL_IGMP),
+ PROTOCOL_ENTRY("tcp-ipv6" , tcpipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6),
+ PROTOCOL_ENTRY("udp-ipv6" , udpipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6),
+ PROTOCOL_ENTRY("udplite-ipv6", udpliteipv6Attributes,
VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6),
+ PROTOCOL_ENTRY("esp-ipv6" , espipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6),
+ PROTOCOL_ENTRY("ah-ipv6" , ahipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6),
+ PROTOCOL_ENTRY("sctp-ipv6" , sctpipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6),
+ PROTOCOL_ENTRY("icmpv6" , icmpv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_ICMPV6),
+ PROTOCOL_ENTRY("all-ipv6" , allipv6Attributes ,
VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6),
+ PROTOCOL_ENTRY_LAST
};
@@ -1176,7 +1117,7 @@ virNWFilterRuleDetailsParse(virConnectPt
virNWFilterRuleDefPtr nwf,
const virXMLAttr2Struct *att)
{
- int rc = 0;
+ int rc = 0, g_rc = 0;
int idx = 0;
char *prop;
int found = 0;
@@ -1194,7 +1135,7 @@ virNWFilterRuleDetailsParse(virConnectPt
VIR_FREE(match);
match = NULL;
- while (att[idx].name != NULL && rc == 0) {
+ while (att[idx].name != NULL) {
prop = virXMLPropString(node, att[idx].name);
item = (nwItemDesc *)((char *)nwf + att[idx].dataIdx);
@@ -1390,10 +1331,16 @@ virNWFilterRuleDetailsParse(virConnectPt
}
VIR_FREE(prop);
}
+
+ if (rc) {
+ g_rc = rc;
+ rc = 0;
+ }
+
idx++;
}
- return rc;
+ return g_rc;
}
@@ -2178,7 +2125,7 @@ virNWFilterPoolObjAssignDef(virConnectPt
if (virNWFilterDefLoopDetect(conn, pools, def)) {
virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER,
- "%s", _("filter would introduce
loop"));
+ "%s", _("filter would introduce a
loop"));
return NULL;
}
11:56 a.m.
New subject: [libvirt] [PATCH v1 1/2] nwfilter: Fixes to instantiator and some more parser fixes
On Thu, Apr 01, 2010 at 03:16:23PM -0400, Stefan Berger wrote:
The following issues are fixed in the patch below:
- ebtables requires that some of the command line parameters are passed as hex numbers;
so have those attributes call a function that prints 16 and 8 bit integers as hex
nunbers.
- ip6tables requires '--icmpv6-type' rather than '--icmp-type'
- ebtables complains about protocol identifiers lower than 0x600, so already discard
anything lower than 0x600 in the parser
- make the protocol entry types more readable using a #define for its entries
- continue parsing a filtering rule even if a faulty entry is encountered; return an
error value at the end and let the caller decide what to do with the rule's object
- fix an error message
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
ACK, looks fine,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
2:16 p.m.
New subject: [libvirt] [PATCH v1 2/2] nwfilter: Add a couple of test cases to the XML parsing test suite
This patch adds a couple of test cases for the XML parsing test suite covering various
filterable protocols. For each test case an input XML and an output XML is provided
checking the input XML after parsing and converting back into XML against the exepcted
output XML.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
tests/Makefile.am | 10 ++
tests/nwfilterxml2xmlin/ah-ipv6-test.xml | 19 +++
tests/nwfilterxml2xmlin/ah-test.xml | 18 +++
tests/nwfilterxml2xmlin/all-ipv6-test.xml | 19 +++
tests/nwfilterxml2xmlin/all-test.xml | 18 +++
tests/nwfilterxml2xmlin/arp-test.xml | 33 ++++++
tests/nwfilterxml2xmlin/esp-ipv6-test.xml | 19 +++
tests/nwfilterxml2xmlin/esp-test.xml | 18 +++
tests/nwfilterxml2xmlin/icmp-test.xml | 18 +++
tests/nwfilterxml2xmlin/icmpv6-test.xml | 19 +++
tests/nwfilterxml2xmlin/igmp-test.xml | 18 +++
tests/nwfilterxml2xmlin/ip-test.xml | 34 +++++++
tests/nwfilterxml2xmlin/ipv6-test.xml | 43 ++++++++
tests/nwfilterxml2xmlin/mac-test.xml | 23 ++++
tests/nwfilterxml2xmlin/ref-rule-test.xml | 18 +++
tests/nwfilterxml2xmlin/ref-test.xml | 4
tests/nwfilterxml2xmlin/sctp-ipv6-test.xml | 22 ++++
tests/nwfilterxml2xmlin/sctp-test.xml | 22 ++++
tests/nwfilterxml2xmlin/tcp-ipv6-test.xml | 22 ++++
tests/nwfilterxml2xmlin/tcp-test.xml | 22 ++++
tests/nwfilterxml2xmlin/udp-ipv6-test.xml | 22 ++++
tests/nwfilterxml2xmlin/udp-test.xml | 22 ++++
tests/nwfilterxml2xmlin/udplite-ipv6-test.xml | 19 +++
tests/nwfilterxml2xmlin/udplite-test.xml | 18 +++
tests/nwfilterxml2xmlout/ah-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/ah-test.xml | 12 ++
tests/nwfilterxml2xmlout/all-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/all-test.xml | 12 ++
tests/nwfilterxml2xmlout/arp-test.xml | 18 +++
tests/nwfilterxml2xmlout/esp-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/esp-test.xml | 12 ++
tests/nwfilterxml2xmlout/icmp-test.xml | 12 ++
tests/nwfilterxml2xmlout/icmpv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/igmp-test.xml | 12 ++
tests/nwfilterxml2xmlout/ip-test.xml | 15 +++
tests/nwfilterxml2xmlout/ipv6-test.xml | 15 +++
tests/nwfilterxml2xmlout/mac-test.xml | 18 +++
tests/nwfilterxml2xmlout/ref-rule-test.xml | 13 ++
tests/nwfilterxml2xmlout/ref-test.xml | 4
tests/nwfilterxml2xmlout/sctp-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/sctp-test.xml | 12 ++
tests/nwfilterxml2xmlout/tcp-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/tcp-test.xml | 12 ++
tests/nwfilterxml2xmlout/udp-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/udp-test.xml | 12 ++
tests/nwfilterxml2xmlout/udplite-ipv6-test.xml | 12 ++
tests/nwfilterxml2xmlout/udplite-test.xml | 12 ++
tests/nwfilterxml2xmltest.c | 121 +++++++++++++++++++++++++
48 files changed, 908 insertions(+)
Index: libvirt-acl/tests/Makefile.am
===================================================================
--- libvirt-acl.orig/tests/Makefile.am
+++ libvirt-acl/tests/Makefile.am
@@ -72,6 +72,8 @@ EXTRA_DIST = \
nodedevschemadata \
vmx2xmldata \
xml2vmxdata \
+ nwfilterxml2xmlout \
+ nwfilterxml2xmlin \
$(patsubst %,qemuhelpdata/%,$(qemuhelpdata))
noinst_PROGRAMS = virshtest conftest \
@@ -103,6 +105,8 @@ endif
noinst_PROGRAMS += networkxml2xmltest
+noinst_PROGRAMS += nwfilterxml2xmltest
+
noinst_PROGRAMS += storagevolxml2xmltest storagepoolxml2xmltest
noinst_PROGRAMS += nodedevxml2xmltest
@@ -162,6 +166,7 @@ endif
if WITH_QEMU
TESTS += qemuxml2argvtest qemuxml2xmltest qemuargv2xmltest qemuhelptest
+TESTS += nwfilterxml2xmltest
endif
if WITH_ESX
@@ -286,6 +291,11 @@ networkxml2xmltest_SOURCES = \
testutils.c testutils.h
networkxml2xmltest_LDADD = $(LDADDS)
+nwfilterxml2xmltest_SOURCES = \
+ nwfilterxml2xmltest.c \
+ testutils.c testutils.h
+nwfilterxml2xmltest_LDADD = $(LDADDS)
+
storagevolxml2xmltest_SOURCES = \
storagevolxml2xmltest.c \
testutils.c testutils.h
Index: libvirt-acl/tests/nwfilterxml2xmltest.c
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmltest.c
@@ -0,0 +1,121 @@
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <sys/types.h>
+#include <fcntl.h>
+
+#include "internal.h"
+#include "testutils.h"
+#include "xml.h"
+#include "threads.h"
+#include "nwfilter_params.h"
+#include "nwfilter_conf.h"
+#include "testutilsqemu.h"
+
+static char *progname;
+static char *abs_srcdir;
+
+#define MAX_FILE 4096
+
+
+static int testCompareXMLToXMLFiles(const char *inxml, const char *outxml) {
+ char inXmlData[MAX_FILE];
+ char *inXmlPtr = &(inXmlData[0]);
+ char outXmlData[MAX_FILE];
+ char *outXmlPtr = &(outXmlData[0]);
+ char *actual = NULL;
+ int ret = -1;
+ virNWFilterDefPtr dev = NULL;
+
+ if (virtTestLoadFile(inxml, &inXmlPtr, MAX_FILE) < 0)
+ goto fail;
+ if (virtTestLoadFile(outxml, &outXmlPtr, MAX_FILE) < 0)
+ goto fail;
+
+ if (!(dev = virNWFilterDefParseString(NULL, inXmlData)))
+ goto fail;
+
+ if (!(actual = virNWFilterDefFormat(NULL, dev)))
+ goto fail;
+
+ if (STRNEQ(outXmlData, actual)) {
+ virtTestDifference(stderr, outXmlData, actual);
+ goto fail;
+ }
+
+ ret = 0;
+
+ fail:
+ free(actual);
+ virNWFilterDefFree(dev);
+ return ret;
+}
+
+static int testCompareXMLToXMLHelper(const void *data) {
+ char inxml[PATH_MAX];
+ char outxml[PATH_MAX];
+ snprintf(inxml, PATH_MAX, "%s/nwfilterxml2xmlin/%s.xml",
+ abs_srcdir, (const char*)data);
+ snprintf(outxml, PATH_MAX, "%s/nwfilterxml2xmlout/%s.xml",
+ abs_srcdir, (const char*)data);
+ return testCompareXMLToXMLFiles(inxml, outxml);
+}
+
+
+static int
+mymain(int argc, char **argv)
+{
+ int ret = 0;
+ char cwd[PATH_MAX];
+
+ progname = argv[0];
+
+ if (argc > 1) {
+ fprintf(stderr, "Usage: %s\n", progname);
+ return (EXIT_FAILURE);
+ }
+
+ abs_srcdir = getenv("abs_srcdir");
+ if (!abs_srcdir)
+ abs_srcdir = getcwd(cwd, sizeof(cwd));
+
+#define DO_TEST(name) \
+ if (virtTestRun("NWFilter XML-2-XML " name, \
+ 1, testCompareXMLToXMLHelper, (name)) < 0) \
+ ret = -1
+
+ DO_TEST("mac-test");
+ DO_TEST("arp-test");
+ DO_TEST("ip-test");
+ DO_TEST("ipv6-test");
+
+ DO_TEST("tcp-test");
+ DO_TEST("udp-test");
+ DO_TEST("icmp-test");
+ DO_TEST("igmp-test");
+ DO_TEST("sctp-test");
+ DO_TEST("udplite-test");
+ DO_TEST("esp-test");
+ DO_TEST("ah-test");
+ DO_TEST("all-test");
+
+ DO_TEST("tcp-ipv6-test");
+ DO_TEST("udp-ipv6-test");
+ DO_TEST("icmpv6-test");
+ DO_TEST("sctp-ipv6-test");
+ DO_TEST("udplite-ipv6-test");
+ DO_TEST("esp-ipv6-test");
+ DO_TEST("ah-ipv6-test");
+ DO_TEST("all-ipv6-test");
+
+ DO_TEST("ref-test");
+ DO_TEST("ref-rule-test");
+
+ return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
+}
+
+VIRT_TEST_MAIN(mymain)
Index: libvirt-acl/tests/nwfilterxml2xmlin/tcp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/tcp-test.xml
@@ -0,0 +1,22 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='32'
+ dscp='33'
+ srcportstart='20' srcportend='21'
+ dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='32'
+ dscp='63'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/tcp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/tcp-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <tcp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='32' dscp='33' srcportstart='20' srcportend='21'
dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='32' dscp='63' srcportstart='255'
srcportend='256' dstportstart='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/mac-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/mac-test.xml
@@ -0,0 +1,23 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='arp'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff'
dstmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='ipv4'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff'
dstmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='1536'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff'
dstmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='15'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff'
dstmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/arp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/arp-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='12' protocoltype='34' opcode='Request'
arpsrcmacaddr='01:02:03:04:05:06' arpdstmacaddr='0a:0b:0c:0d:0e:0f'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
hwtype='255' protocoltype='255' opcode='Request'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
hwtype='256' protocoltype='256' opcode='11'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
hwtype='65535' protocoltype='65535' opcode='65535'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <arp srcmacaddr='01:02:03:04:05:06'
srcmacmask='ff:ff:ff:ff:ff:ff'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/mac-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/mac-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <mac srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
protocolid='arp'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
protocolid='ipv4'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
protocolid='1536'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff'
dstmacmask='ff:ff:ff:ff:ff:ff'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
protocolid='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/arp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/arp-test.xml
@@ -0,0 +1,33 @@
+<filter name='testcase'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='arp'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ hwtype='12'
+ protocoltype='34'
+ opcode='Request'
+ arpsrcmacaddr='1:2:3:4:5:6'
+ arpdstmacaddr='a:b:c:d:e:f'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ opcode='1' hwtype='255' protocoltype='255'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ opcode='11' hwtype='256' protocoltype='256'/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ opcode='65535' hwtype='65535' protocoltype='65535'
/>
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ opcode='65536' hwtype='65536' protocoltype='65536'
/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/ip-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/ip-test.xml
@@ -0,0 +1,34 @@
+<filter name='testcase'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+ srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ protocol='udp'
+ srcportstart='20' srcportend='22'
+ dstportstart='100' dstportend='101'
+ />
+ </rule>
+
+ <rule action='accept' direction='out'>
+ <ip srcipaddr='10.1.2.3' srcipmask='255.255.128.0'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.0'
+ protocol='17' dscp='63'
+ />
+ </rule>
+
+ <rule action='accept' direction='in'>
+ <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.254'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.128'
+ protocol='255' dscp='64'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.127'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.254'
+ protocol='256' dscp='64'
+ />
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/ip-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/ip-test.xml
@@ -0,0 +1,15 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <ip srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
srcipaddr='10.1.2.3' srcipmask='32' dstipaddr='10.1.2.3'
dstipmask='32' protocol='udp' srcportstart='20'
srcportend='22' dstportstart='100' dstportend='101'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <ip srcipaddr='10.1.2.3' srcipmask='17'
dstipaddr='10.1.2.3' dstipmask='24' protocol='udp'
dscp='63'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <ip srcipaddr='10.1.2.3' srcipmask='31'
dstipaddr='10.1.2.3' dstipmask='25' protocol='255'/>
+ </rule>
+ <rule action='accept' direction='inout' priority='500'>
+ <ip srcipaddr='10.1.2.3' dstipaddr='10.1.2.3'
dstipmask='31'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/ipv6-test.xml
@@ -0,0 +1,43 @@
+<filter name='testcase'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
+ dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
+ srcipaddr='::10.1.2.3' srcipmask='22'
+ dstipaddr='::10.1.2.3'
+ dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
+ protocol='udp'
+ srcportstart='20' srcportend='22'
+ dstportstart='100' dstportend='101'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='6'
+ srcportstart='20' srcportend='22'
+ dstportstart='100' dstportend='101'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='6'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='18'
+ />
+ </rule>
+
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/icmp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/icmp-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <icmp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2' type='12' code='11'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <icmp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33' type='255' code='255'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <icmp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33' type='256' code='256'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/udp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/udp-test.xml
@@ -0,0 +1,22 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <udp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='32'
+ dscp='33'
+ srcportstart='20' srcportend='21'
+ dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='32'
+ dscp='63'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/icmp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/icmp-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <icmp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2' type='12' code='11'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <icmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33' type='255' code='255'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <icmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/udp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/udp-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <udp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='32' dscp='33' srcportstart='20' srcportend='21'
dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='32' dscp='63' srcportstart='255'
srcportend='256' dstportstart='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/ipv6-test.xml
@@ -0,0 +1,15 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <ipv6 srcmacaddr='01:02:03:04:05:06'
srcmacmask='ff:ff:ff:ff:ff:fe' dstmacaddr='aa:bb:cc:dd:ee:ff'
dstmacmask='ff:ff:ff:ff:ff:80' srcipaddr='::10.1.2.3'
srcipmask='22' dstipaddr='::10.1.2.3' dstipmask='113'
protocol='udp' srcportstart='20' srcportend='22'
dstportstart='100' dstportend='101'/>
+ </rule>
+ <rule action='accept' direction='inout' priority='500'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::'
dstipmask='65' protocol='tcp' srcportstart='20'
srcportend='22' dstportstart='100' dstportend='101'/>
+ </rule>
+ <rule action='accept' direction='inout' priority='500'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::'
dstipmask='65' protocol='tcp' srcportstart='255'
srcportend='256' dstportstart='65535'/>
+ </rule>
+ <rule action='accept' direction='inout' priority='500'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::'
dstipmask='65' protocol='18'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/ah-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/ah-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <ah srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <ah srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <ah srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/esp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/esp-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <esp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <esp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <esp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/sctp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/sctp-test.xml
@@ -0,0 +1,22 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <sctp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <sctp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='32'
+ dscp='33'
+ srcportstart='20' srcportend='21'
+ dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <sctp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='32'
+ dscp='63'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/udplite-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/udplite-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <udplite srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udplite srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udplite srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/ah-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/ah-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <ah srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <ah srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <ah srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/esp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/esp-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <esp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <esp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <esp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/sctp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/sctp-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <sctp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <sctp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='32' dscp='33' srcportstart='20' srcportend='21'
dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <sctp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='32' dscp='63' srcportstart='255'
srcportend='256' dstportstart='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/udplite-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/udplite-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <udplite srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udplite srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udplite srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/all-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/all-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <all srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <all srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <all srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/igmp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/igmp-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <igmp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <igmp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <igmp srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='10.1.2.3' srcipmask='22'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/all-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/all-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <all srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <all srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <all srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/igmp-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/igmp-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <igmp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <igmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <igmp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3'
srcipmask='22' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/tcp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/tcp-ipv6-test.xml
@@ -0,0 +1,22 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33'
+ srcportstart='20' srcportend='21'
+ dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='63'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/tcp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/tcp-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f'
dstipmask='128' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33' srcportstart='20'
srcportend='21' dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='63' srcportstart='255' srcportend='256'
dstportstart='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/udp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/udp-ipv6-test.xml
@@ -0,0 +1,22 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <udp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c' srcipmask='128'
+ dscp='33'
+ srcportstart='20' srcportend='21'
+ dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='63'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/icmpv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/icmpv6-test.xml
@@ -0,0 +1,19 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <icmpv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ srcipaddr='f:e:d::c:b:a' srcipmask='127'
+ dscp='2' type='12' code='11'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <icmpv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33' type='255' code='255'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <icmpv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='33' type='256' code='256'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/icmpv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/icmpv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <icmpv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a'
srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128'
dscp='2' type='12' code='11'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <icmpv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33' type='255' code='255'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <icmpv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/udp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/udp-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <udp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f'
dstipmask='128' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipmask='128'
dscp='33' srcportstart='20' srcportend='21'
dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='63' srcportstart='255' srcportend='256'
dstportstart='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/ah-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/ah-ipv6-test.xml
@@ -0,0 +1,19 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <ah-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ srcipaddr='f:e:d::c:b:a' srcipmask='127'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <ah-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <ah-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/all-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/all-ipv6-test.xml
@@ -0,0 +1,19 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <all-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ srcipaddr='f:e:d::c:b:a' srcipmask='127'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <all-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <all-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/esp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/esp-ipv6-test.xml
@@ -0,0 +1,19 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <esp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ srcipaddr='f:e:d::c:b:a' srcipmask='127'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <esp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <esp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/sctp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/sctp-ipv6-test.xml
@@ -0,0 +1,22 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <sctp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <sctp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33'
+ srcportstart='20' srcportend='21'
+ dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <sctp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='63'
+ srcportstart='255' srcportend='256'
+ dstportstart='65535' dstportend='65536'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/udplite-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/udplite-ipv6-test.xml
@@ -0,0 +1,19 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <udplite-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ srcipaddr='f:e:d::c:b:a' srcipmask='127'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udplite-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='a:b:c::' srcipmask='128'
+ dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <udplite-ipv6 srcmacaddr='1:2:3:4:5:6'
+ srcipaddr='::10.1.2.3' srcipmask='129'
+ dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/ah-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/ah-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <ah-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a'
srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128'
dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <ah-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <ah-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/all-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/all-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <all-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a'
srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128'
dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <all-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <all-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/esp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/esp-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <esp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='f:e:d::c:b:a'
srcipmask='127' dstipaddr='a:b:c::d:e:f' dstipmask='128'
dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <esp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <esp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/sctp-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/sctp-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <sctp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f'
dstipmask='128' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <sctp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33' srcportstart='20'
srcportend='21' dstportstart='100' dstportend='1111'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <sctp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='::10.1.2.3'
dscp='63' srcportstart='255' srcportend='256'
dstportstart='65535'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/udplite-ipv6-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/udplite-ipv6-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out' priority='500'>
+ <udplite-ipv6 srcmacaddr='01:02:03:04:05:06'
srcipaddr='f:e:d::c:b:a' srcipmask='127' dstipaddr='a:b:c::d:e:f'
dstipmask='128' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udplite-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::'
srcipmask='128' dscp='33'/>
+ </rule>
+ <rule action='accept' direction='in' priority='500'>
+ <udplite-ipv6 srcmacaddr='01:02:03:04:05:06'
srcipaddr='::10.1.2.3' dscp='33'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/ref-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/ref-test.xml
@@ -0,0 +1,4 @@
+<filter name='testcase'>
+ <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid>
+ <filterref filter='clean-traffic'/>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/ref-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/ref-test.xml
@@ -0,0 +1,4 @@
+<filter name='testcase' chain='root'>
+ <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid>
+ <filterref filter='clean-traffic'/>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlin/ref-rule-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/ref-rule-test.xml
@@ -0,0 +1,18 @@
+<filter name='testcase'>
+ <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid>
+ <filterref filter='clean-traffic'/>
+ <rule action='accept' direction='out'>
+ <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+ protocolid='arp'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <tcp srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+ dscp='2'/>
+ </rule>
+ <rule action='accept' direction='out'>
+ <udp-ipv6 srcmacaddr='1:2:3:4:5:6'
+ dstipaddr='a:b:c::d:e:f' dstipmask='128'
+ dscp='2'/>
+ </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/ref-rule-test.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/ref-rule-test.xml
@@ -0,0 +1,13 @@
+<filter name='testcase' chain='root'>
+ <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid>
+ <filterref filter='clean-traffic'/>
+ <rule action='accept' direction='out' priority='500'>
+ <mac srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'
protocolid='arp'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <tcp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3'
dstipmask='32' dscp='2'/>
+ </rule>
+ <rule action='accept' direction='out' priority='500'>
+ <udp-ipv6 srcmacaddr='01:02:03:04:05:06' dstipaddr='a:b:c::d:e:f'
dstipmask='128' dscp='2'/>
+ </rule>
+</filter>
11:59 a.m.
New subject: [libvirt] [PATCH v1 2/2] nwfilter: Add a couple of test cases to the XML parsing test suite
On Thu, Apr 01, 2010 at 03:16:24PM -0400, Stefan Berger wrote:
This patch adds a couple of test cases for the XML parsing test suite
covering various filterable protocols. For each test case an input XML and an output XML
is provided checking the input XML after parsing and converting back into XML against the
exepcted output XML.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
[...]
tests/nwfilterxml2xmltest.c | 121
+++++++++++++++++++++++++
48 files changed, 908 insertions(+)
[...]
+static int testCompareXMLToXMLFiles(const char *inxml, const char
*outxml) {
+ char inXmlData[MAX_FILE];
+ char *inXmlPtr = &(inXmlData[0]);
+ char outXmlData[MAX_FILE];
+ char *outXmlPtr = &(outXmlData[0]);
+ char *actual = NULL;
+ int ret = -1;
+ virNWFilterDefPtr dev = NULL;
+
+ if (virtTestLoadFile(inxml, &inXmlPtr, MAX_FILE) < 0)
+ goto fail;
+ if (virtTestLoadFile(outxml, &outXmlPtr, MAX_FILE) < 0)
+ goto fail;
+
+ if (!(dev = virNWFilterDefParseString(NULL, inXmlData)))
+ goto fail;
+
+ if (!(actual = virNWFilterDefFormat(NULL, dev)))
+ goto fail;
+
+ if (STRNEQ(outXmlData, actual)) {
+ virtTestDifference(stderr, outXmlData, actual);
+ goto fail;
+ }
+
+ ret = 0;
+
+ fail:
+ free(actual);
+ virNWFilterDefFree(dev);
+ return ret;
+}
+
+static int testCompareXMLToXMLHelper(const void *data) {
+ char inxml[PATH_MAX];
+ char outxml[PATH_MAX];
+ snprintf(inxml, PATH_MAX, "%s/nwfilterxml2xmlin/%s.xml",
+ abs_srcdir, (const char*)data);
+ snprintf(outxml, PATH_MAX, "%s/nwfilterxml2xmlout/%s.xml",
+ abs_srcdir, (const char*)data);
+ return testCompareXMLToXMLFiles(inxml, outxml);
+}
+
+
+static int
+mymain(int argc, char **argv)
+{
+ int ret = 0;
+ char cwd[PATH_MAX];
+
+ progname = argv[0];
+
+ if (argc > 1) {
+ fprintf(stderr, "Usage: %s\n", progname);
+ return (EXIT_FAILURE);
+ }
+
+ abs_srcdir = getenv("abs_srcdir");
+ if (!abs_srcdir)
+ abs_srcdir = getcwd(cwd, sizeof(cwd));
+
+#define DO_TEST(name) \
+ if (virtTestRun("NWFilter XML-2-XML " name, \
+ 1, testCompareXMLToXMLHelper, (name)) < 0) \
+ ret = -1
+
ACK, good idea, but it would be nice if the XML could also be
validated against the Relax-NG syntax for the filters.
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
12:32 p.m.
New subject: [libvirt] [PATCH v1 2/2] nwfilter: Add a couple of test cases to the XML parsing test suite
Daniel Veillard <veillard(a)redhat.com> wrote on 04/02/2010 12:59:47 PM:
> +
> +#define DO_TEST(name) \
> + if (virtTestRun("NWFilter XML-2-XML " name, \
> + 1, testCompareXMLToXMLHelper, (name)) < 0) \
> + ret = -1
> +
ACK, good idea, but it would be nice if the XML could also be
validated against the Relax-NG syntax for the filters.
Will do.
Regards,
Stefan
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
5348
days inactive
5349
days old
5 comments
2 participants
participants (2)
-
Daniel Veillard -
Stefan Berger