[libvirt] [TCK] [PATCH] nwfilter: Add a test case for filtering of gratuitous ARP packets

Stefan Berger stefanb at linux.vnet.ibm.com
Mon May 23 23:34:13 UTC 2011 

This patch adds a test for filtering of gratuitous ARP packets to the 
TCK tests.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>

---
  scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall   |    2 ++
  scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat |    1 +
  scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml        |    4 ++++
  3 files changed, 7 insertions(+)

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
@@ -4,6 +4,8 @@
  -p ARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j 
ACCEPT
  -p ARP -s 1:2:3:4:5:6 --arp-op 65535 --arp-htype 65535 --arp-ptype 
0xffff -j ACCEPT
  -p ARP -s 1:2:3:4:5:6 -j ACCEPT
+#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p ARP --arp-gratuitous -j ACCEPT
  #ebtables -t nat -L PREROUTING | grep vnet0
  -i vnet0 -j libvirt-I-vnet0

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
@@ -26,6 +26,7 @@
  -p ARP --arp-op Reply -j ACCEPT
  -j DROP
  #ebtables -t nat -L O-vnet0-arp | grep -v "^Bridge" | grep -v "^$"
+-p ARP --arp-gratuitous -j ACCEPT
  -p ARP --arp-op Reply --arp-mac-dst ! 52:54:0:9f:33:da -j DROP
  -p ARP --arp-ip-dst ! 10.1.1.1 -j DROP
  -p ARP --arp-op Request -j ACCEPT
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml
@@ -30,4 +30,8 @@
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
            opcode='65536' hwtype='65536' protocoltype='65536' />
</rule>
+
+ <rule action='accept' direction='in'>
+ <arp gratuitous='true'/>
+ </rule>
</filter>

More information about the libvir-list mailing list