[libvirt] [TCK] [PATCH] follow reordering of match extensions relative to state match
Stefan Berger
stefanb at linux.vnet.ibm.com
Mon Feb 14 15:09:40 UTC 2011
This patch adjusts the tck test cases following the reordering of the
match extensions relative to the state match in libvirt.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 30
+++++++--------
scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall | 14 +++----
2 files changed, 22 insertions(+), 22 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
---
libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -11,15 +11,15 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED ctdir REPLY/* udp rule */
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED
ctdir ORIGINAL
+ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match
0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL/*
udp rule */
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400
dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY
+RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC
01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state
NEW,ESTABLISHED ctdir REPLY/* udp rule */
#iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in
vnet0
#iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,24 +31,24 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
#ip6tables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir
ORIGINAL
-RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir
ORIGINAL
-RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \, $x, and two spaces */ state ESTABLISHED ctdir
ORIGINAL
-RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6
rule */
+RETURN udp ::/0 ::/0 state
ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
+RETURN sctp ::/0 ::/0 state
ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and
two spaces */
+RETURN ah ::/0 ::/0 state
ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat
< ${tmp}; rm -f ${tmp} */
#ip6tables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state
NEW,ESTABLISHED ctdir REPLY
-ACCEPT udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED
ctdir REPLY
-ACCEPT sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \, $x, and two spaces */ state NEW,ESTABLISHED
ctdir REPLY
-ACCEPT ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state NEW,ESTABLISHED ctdir REPLY
+ACCEPT tcp a:b:c::/128 ::/0 MAC
01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED
ctdir REPLY/* tcp/ipv6 rule */
+ACCEPT udp ::/0 ::/0 state
NEW,ESTABLISHED ctdir REPLY/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
+ACCEPT sctp ::/0 ::/0 state
NEW,ESTABLISHED ctdir REPLY/* comment with lone ', `, ", `, \, $x, and
two spaces */
+ACCEPT ah ::/0 ::/0 state
NEW,ESTABLISHED ctdir REPLY/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ;
cat < ${tmp}; rm -f ${tmp} */
#ip6tables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN tcp ::/0 a:b:c::/128 /*
tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir
ORIGINAL
-RETURN udp ::/0 ::/0 /*
`ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir
ORIGINAL
-RETURN sctp ::/0 ::/0 /* comment
with lone ', `, ", `, \, $x, and two spaces */ state ESTABLISHED ctdir
ORIGINAL
-RETURN ah ::/0 ::/0 /*
tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
state ESTABLISHED ctdir ORIGINAL
+RETURN tcp ::/0 a:b:c::/128 tcp
spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6
rule */
+RETURN udp ::/0 ::/0 state
ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */
+RETURN sctp ::/0 ::/0 state
ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and
two spaces */
+RETURN ah ::/0 ::/0 state
ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat
< ${tmp}; rm -f ${tmp} */
#ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
#ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
@@ -1,20 +1,20 @@
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out:
existing and related (ftp) connections */ state RELATED,ESTABLISHED
-RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out:
DNS lookups */ udp dpt:53 state NEW
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED /* out: existing and related (ftp) connections */
+RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
state NEW /* out: DNS lookups */
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* in:
existing connections */ state ESTABLISHED
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* in: ftp
and ssh */ tcp dpts:21:22 state NEW
-ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* in:
icmp */ state NEW
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED /* in: existing connections */
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:21:22 state NEW /* in: ftp and ssh */
+ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
/* in: icmp */
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out:
existing and related (ftp) connections */ state RELATED,ESTABLISHED
-RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out:
DNS lookups */ udp dpt:53 state NEW
+RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED /* out: existing and related (ftp) connections */
+RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
state NEW /* out: DNS lookups */
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout:
drop all non-accepted traffic */
More information about the libvir-list
mailing list