[libvirt] [PATCH] [RESEND] [TCK] nwfilter: Adapt to changes how filters are instantiated

Thu Oct 21 16:52:48 UTC 2010

On Thu, Oct 21, 2010 at 12:17:40PM -0400, Stefan Berger wrote:
> I am resending the patch with 'evolution' and hope no patch-mangling
> occurs. At least it looks ok before sending (also sending patch as an
> attachment)

Yes it has formatted correctly. Soooooo much easier to read now :-)

> 
> Recent changes to how filters are being instantiated require follow-up
> changes to the test suite. The following changes are related to
> 
> - usage of 'ctdir'
> - changes to the host's incoming filter chain
> 
> Signed-off-by: Stefan Berger <stefanb at us.ibm.com>

ACK if you can confirm the following are correct:

>  #iptables -L HI-vnet0 -n
>  Chain HI-vnet0 (1 references)
>  target     prot opt source               destination         
> -ACCEPT     udplite--  0.0.0.0/0            10.1.2.3            MAC 01:02:03:04:05:06 DSCP match 0x02
> -ACCEPT     udplite--  0.0.0.0/0            10.1.0.0/22         DSCP match 0x21
> -ACCEPT     udplite--  0.0.0.0/0            10.1.0.0/22         DSCP match 0x21
> +RETURN     udplite--  0.0.0.0/0            10.1.2.3            MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
> +RETURN     udplite--  0.0.0.0/0            10.1.0.0/22         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
> +RETURN     udplite--  0.0.0.0/0            10.1.0.0/22         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL

>  Chain HI-vnet0 (1 references)
>  target     prot opt source               destination         
> -ACCEPT     udp  --  0.0.0.0/0            10.1.2.3            MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 
> +RETURN     udp  --  0.0.0.0/0            10.1.2.3            MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
>  #iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
>  HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 
>  #iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "

>  #ip6tables -L HI-vnet0 -n
>  Chain HI-vnet0 (1 references)
>  target     prot opt source               destination         
> -ACCEPT     tcp      ::/0                 a:b:c::/128         tcp spts:256:4369 dpts:32:33 
> +RETURN     tcp      ::/0                 a:b:c::/128         tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
>  #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
>  HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0 
>  #ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "

Odd to see these ACCEPTs turning into RETURN ? Was that intentional ?

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|