[libvirt] [PATCH 1/3][TCK] nwfilter: test access to 2 lists in one rule

[Stefan Berger]

Test access to 2 lists in one rule

---
 scripts/nwfilter/nwfilter2vmtest.sh                    |    6 +++
 scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall |   31 +++++++++++++++++
 scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml      |    6 +++
 3 files changed, 43 insertions(+)

Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -345,6 +345,12 @@ createVM() {
         <source bridge='virbr0'/>
         <filterref filter='${filtername}'>
           <parameter name='IP' value='${ipaddr}'/>
+          <parameter name='A' value='1.1.1.1'/>
+          <parameter name='A' value='2.2.2.2'/>
+          <parameter name='A' value='3.3.3.3'/>
+          <parameter name='B' value='80'/>
+          <parameter name='B' value='90'/>
+          <parameter name='B' value='80'/>
         </filterref>
         <target dev='${vmname}'/>
       </interface>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
@@ -0,0 +1,31 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target     prot opt source               destination         
+RETURN     tcp  --  1.1.1.1              0.0.0.0/0           DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN     tcp  --  2.2.2.2              0.0.0.0/0           DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN     tcp  --  3.3.3.3              0.0.0.0/0           DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target     prot opt source               destination         
+ACCEPT     tcp  --  0.0.0.0/0            1.1.1.1             DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT     tcp  --  0.0.0.0/0            2.2.2.2             DSCP match 0x02tcp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT     tcp  --  0.0.0.0/0            3.3.3.3             DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target     prot opt source               destination         
+RETURN     tcp  --  1.1.1.1              0.0.0.0/0           DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN     tcp  --  2.2.2.2              0.0.0.0/0           DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN     tcp  --  3.3.3.3              0.0.0.0/0           DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in vnet0 
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 
+#iptables -L FORWARD -n --line-number | grep libvirt
+1    libvirt-in  all  --  0.0.0.0/0            0.0.0.0/0           
+2    libvirt-out  all  --  0.0.0.0/0            0.0.0.0/0           
+3    libvirt-in-post  all  --  0.0.0.0/0            0.0.0.0/0           
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml
@@ -0,0 +1,6 @@
+<filter name='tck-testcase' chain='root'>
+  <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+  <rule action='accept' direction='out'>
+     <tcp  srcipaddr='$A' srcportstart='$B' dscp='2'/>
+  </rule>
+</filter>