[libvirt] [TCK] [PATCH] nwfilter: Add a test case for filtering of gratuitous ARP packets
This patch adds a test for filtering of gratuitous ARP packets to the TCK tests. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall | 2 ++ scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 1 + scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml | 4 ++++ 3 files changed, 7 insertions(+) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall @@ -4,6 +4,8 @@ -p ARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT -p ARP -s 1:2:3:4:5:6 --arp-op 65535 --arp-htype 65535 --arp-ptype 0xffff -j ACCEPT -p ARP -s 1:2:3:4:5:6 -j ACCEPT +#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$" +-p ARP --arp-gratuitous -j ACCEPT #ebtables -t nat -L PREROUTING | grep vnet0 -i vnet0 -j libvirt-I-vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat @@ -26,6 +26,7 @@ -p ARP --arp-op Reply -j ACCEPT -j DROP #ebtables -t nat -L O-vnet0-arp | grep -v "^Bridge" | grep -v "^$" +-p ARP --arp-gratuitous -j ACCEPT -p ARP --arp-op Reply --arp-mac-dst ! 52:54:0:9f:33:da -j DROP -p ARP --arp-ip-dst ! 10.1.1.1 -j DROP -p ARP --arp-op Request -j ACCEPT Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml @@ -30,4 +30,8 @@ <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' opcode='65536' hwtype='65536' protocoltype='65536' /> </rule> + + <rule action='accept' direction='in'> + <arp gratuitous='true'/> + </rule> </filter>
On 05/23/2011 05:34 PM, Stefan Berger wrote:
This patch adds a test for filtering of gratuitous ARP packets to the TCK tests.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
--- scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall | 2 ++ scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 1 + scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml | 4 ++++ 3 files changed, 7 insertions(+)
ACK. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
On 05/23/2011 07:38 PM, Eric Blake wrote:
On 05/23/2011 05:34 PM, Stefan Berger wrote:
This patch adds a test for filtering of gratuitous ARP packets to the TCK tests.
Signed-off-by: Stefan Berger<stefanb@linux.vnet.ibm.com>
--- scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall | 2 ++ scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 1 + scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml | 4 ++++ 3 files changed, 7 insertions(+) ACK.
Pushed.
participants (2)
-
Eric Blake -
Stefan Berger