10:34 a.m.
Follow recent changes in libvirt and add --physdev-is-bridged to test cases where needed.
---
scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 8 ++++----
scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall | 8 ++++----
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 4 ++--
scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall | 2 +-
scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall | 2 +-
31 files changed, 38 insertions(+), 38 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
@@ -25,4 +25,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall
@@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
@@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#ip6tables -L FORWARD --line-number | grep libvirt
1 libvirt-in all anywhere anywhere
2 libvirt-out all anywhere anywhere
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall
@@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#iptables -L FORWARD -n --line-number | grep libvirt
1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -27,7 +27,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
@@ -56,7 +56,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
@@ -64,7 +64,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
@@ -74,4 +74,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall
@@ -21,4 +21,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
@@ -25,4 +25,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall
@@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
@@ -27,7 +27,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
@@ -47,7 +47,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
@@ -55,7 +55,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ip6tables -L INPUT -n --line-numbers | grep libvirt
1 libvirt-host-in all ::/0 ::/0
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
@@ -65,4 +65,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall
@@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall
@@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall
@@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall
@@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
@@ -22,5 +22,5 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall
@@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall
@@ -32,7 +32,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall
@@ -16,4 +16,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
@@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#iptables -L FORWARD -n --line-number | grep libvirt
1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall
@@ -185,7 +185,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#iptables -L FORWARD -n --line-number | grep libvirt
1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall
@@ -29,7 +29,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#iptables -L FORWARD -n --line-number | grep libvirt
1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
@@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall
@@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall
@@ -41,7 +41,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#iptables -L FORWARD -n --line-number | grep libvirt
1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall
@@ -26,7 +26,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#iptables -L FORWARD -n --line-number | grep libvirt
1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
@@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
@@ -27,7 +27,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
@@ -48,7 +48,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
@@ -68,4 +68,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
@@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall
@@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
#ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v
"^$"
#ebtables -t nat -L PREROUTING | grep vnet0
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
@@ -25,4 +25,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma
#ip6tables -L libvirt-in-post -n | grep vnet0
ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in
vnet0
#ip6tables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall
@@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
-FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
--physdev-is-bridged
11:48 a.m.
On 01/24/2013 11:34 AM, Stefan Berger wrote:
Follow recent changes in libvirt and add --physdev-is-bridged to test
cases where needed.
ACK. (Does this mean that new libvirt-tck will fail when run against an
older libvirt, though?)
By the way, when the patch went into libvirt, the person who posted it
mentioned that when restarting libvirtd after the first upgrade with
that patch, the existing rules wouldn't get removed because they
wouldn't be an exact match to what libvirt was trying to remove:
On 01/18/2013 02:44 AM, Reinier Schoof wrote:
On a side note, please be aware that when upgrading to a libvirt
version with this patch included, libvirt will not be able to remove
the earlier ip(6)tables rules without the '--physdev-is-bridged'
addition. When restarting libvirt, it will look for rules that match
with '--physdev-is-bridged' and since that wasn't there before, you'll
end up with a duplicate/malfunctioning ruleset. You'll have to remove
these rules/chains manually.
Is this actually a problem? I had thought that nwfilter always removed
entire chains instead of individual rules.
4:25 p.m.
On 01/24/2013 12:48 PM, Laine Stump wrote:
On 01/24/2013 11:34 AM, Stefan Berger wrote:
> Follow recent changes in libvirt and add --physdev-is-bridged to test cases where
needed.
ACK. (Does this mean that new libvirt-tck will fail when run against an
older libvirt, though?)
I hadn't seen this message.
Yes, due to other rules now being generated the effect will be that
previous version of libvirt will fail that test.
By the way, when the patch went into libvirt, the person who posted it
mentioned that when restarting libvirtd after the first upgrade with
that patch, the existing rules wouldn't get removed because they
wouldn't be an exact match to what libvirt was trying to remove:
On 01/18/2013 02:44 AM, Reinier Schoof wrote:
> On a side note, please be aware that when upgrading to a libvirt
> version with this patch included, libvirt will not be able to remove
> the earlier ip(6)tables rules without the '--physdev-is-bridged'
> addition. When restarting libvirt, it will look for rules that match
> with '--physdev-is-bridged' and since that wasn't there before,
you'll
> end up with a duplicate/malfunctioning ruleset. You'll have to remove
> these rules/chains manually.
Is this actually a problem? I had thought that nwfilter always removed
entire chains instead of individual rules.
It will leave a stray rule and a user-defined table behind. I hadn't
tested an update and didn't think of this problem. Let me see how I can
solve this...
Stefan
4:51 p.m.
On 02/14/2013 05:25 PM, Stefan Berger wrote:
On 01/24/2013 12:48 PM, Laine Stump wrote:
> On 01/24/2013 11:34 AM, Stefan Berger wrote:
>> Follow recent changes in libvirt and add --physdev-is-bridged to
>> test cases where needed.
> ACK. (Does this mean that new libvirt-tck will fail when run against an
> older libvirt, though?)
I hadn't seen this message.
Yes, due to other rules now being generated the effect will be that
previous version of libvirt will fail that test.
>
> By the way, when the patch went into libvirt, the person who posted it
> mentioned that when restarting libvirtd after the first upgrade with
> that patch, the existing rules wouldn't get removed because they
> wouldn't be an exact match to what libvirt was trying to remove:
>
> On 01/18/2013 02:44 AM, Reinier Schoof wrote:
>> On a side note, please be aware that when upgrading to a libvirt
>> version with this patch included, libvirt will not be able to remove
>> the earlier ip(6)tables rules without the '--physdev-is-bridged'
>> addition. When restarting libvirt, it will look for rules that match
>> with '--physdev-is-bridged' and since that wasn't there before,
you'll
>> end up with a duplicate/malfunctioning ruleset. You'll have to remove
>> these rules/chains manually.
> Is this actually a problem? I had thought that nwfilter always removed
> entire chains instead of individual rules.
It will leave a stray rule and a user-defined table behind. I hadn't
tested an update and didn't think of this problem. Let me see how I
can solve this...
Ok, so here is a solution:
---
src/nwfilter/nwfilter_ebiptables_driver.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -167,16 +167,24 @@ static const char ebiptables_script_set_
#define PHYSDEV_IN "--physdev-in"
#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
+/*
+ * Previous versions of libvirt only used --physdev-out.
+ * To be able to upgrade with running VMs we need to be able
+ * to remove rules generated by older versions of libvirt.
+ */
+#define PHYSDEV_OUT_OLD "--physdev-out"
static const char *m_state_out_str = "-m state --state NEW,ESTABLISHED";
static const char *m_state_in_str = "-m state --state ESTABLISHED";
static const char *m_physdev_in_str = "-m physdev " PHYSDEV_IN;
static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT;
+static const char *m_physdev_out_old_str = "-m physdev " PHYSDEV_OUT_OLD;
#define MATCH_STATE_OUT m_state_out_str
#define MATCH_STATE_IN m_state_in_str
#define MATCH_PHYSDEV_IN m_physdev_in_str
#define MATCH_PHYSDEV_OUT m_physdev_out_str
+#define MATCH_PHYSDEV_OUT_OLD m_physdev_out_old_str
#define COMMENT_VARNAME "comment"
@@ -821,6 +829,8 @@ _iptablesUnlinkRootChain(virBufferPtr bu
: CHAINPREFIX_HOST_OUT;
const char *match = (incoming) ? MATCH_PHYSDEV_IN
: MATCH_PHYSDEV_OUT;
+ const char *old_match = (incoming) ? NULL
+ : MATCH_PHYSDEV_OUT_OLD;
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
@@ -830,6 +840,18 @@ _iptablesUnlinkRootChain(virBufferPtr bu
basechain,
match, ifname, chain);
+ /*
+ * Previous versions of libvirt may have created a rule
+ * with the --physdev-is-bridged missing. Remove this one
+ * as well.
+ */
+ if (old_match)
+ virBufferAsprintf(buf,
+ "$IPT -D %s "
+ "%s %s -g %s" CMD_SEPARATOR,
+ basechain,
+ old_match, ifname, chain);
+
return 0;
}
I am guilty of breaking the upgrade path. I'll try this patch some more
and then post it separately...
Stefan
4:15 p.m.
On 02/14/2013 03:04 PM, Stefan Berger wrote:
On 01/24/2013 11:34 AM, Stefan Berger wrote:
> Follow recent changes in libvirt and add --physdev-is-bridged to test
> cases where needed.
This gets a lot of test cases passing again after the change in libvirt.
Anyone got a spare ACK?
Looks like Laine gave it an ack in January:
https://www.redhat.com/archives/libvir-list/2013-January/msg01812.html
I also agree with the patch.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4298
days inactive
4319
days old
5 comments
3 participants
participants (3)
-
Eric Blake -
Laine Stump -
Stefan Berger