[libvirt] [TCK][PATCH] nwfilter: test support for TCP flags evaluation

Stefan Berger stefanb at linux.vnet.ibm.com
Fri Apr 1 16:17:32 UTC 2011 

This patch extends an existing test with test cases for the TCP flags.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>

---
  scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall |    4 ++++
  scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml      |   12 ++++++++++++
  2 files changed, 16 insertions(+)

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
@@ -10,6 +10,10 @@ target     prot opt source
  ACCEPT     tcp  --  10.1.2.3             0.0.0.0/0           DSCP 
match 0x02state ESTABLISHED ctdir ORIGINAL
  ACCEPT     tcp  --  10.1.2.3             0.0.0.0/0           MAC 
01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111
  ACCEPT     tcp  --  10.1.2.3             0.0.0.0/0           MAC 
01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535
+ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
flags:0x02/0x3F
+ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
flags:0x02/0x12
+ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
flags:0x04/0x00
+ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
flags:0x08/0x00
  #iptables -L HI-vnet0 -n
  Chain HI-vnet0 (1 references)
  target     prot opt source               destination
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml
@@ -19,4 +19,16 @@
            srcportstart='255' srcportend='256'
            dstportstart='65535' dstportend='65536'/>
</rule>
+ <rule action='accept' direction='in'>
+ <tcp state='NONE' flags='SYN/ALL'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp state='NONE' flags='SYN/SYN,ACK'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp state='NONE' flags='RST/NONE'/>
+ </rule>
+ <rule action='accept' direction='in'>
+ <tcp state='NONE' flags='PSH/'/>
+ </rule>
</filter>

More information about the libvir-list mailing list