External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-08 12:41:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: fix iptables test case commandline options in virfirewalltest.c

Browse Source 
This test was created with all the commandlines erroneously having
"--source-host", which is not a valid iptables option. The correct
name for the option is "--source". However, since the test is just
checking that the generated commandline matches what we told it to
generate (and never actually runs iptables, as that would be a "Really
Bad Idea"(tm)), the test has always succeeded. I only found it because
I made a change to the code that caused the test to incorrectly try to
run iptables during the test, and the error message I received was
"odd" (it complained about the bad option, rather than complaining
that I had insufficient privilege to run the command).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This commit is contained in:
Laine Stump 2020-11-17 13:51:45 -05:00
parent 0a867cd895
commit e9693502fb
1 changed files with 84 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
tests/virfirewalltest.c
View File

@ -186,8 +186,8 @@ testFirewallSingleGroup(const void *opaque)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled; fwDisabled = data->fwDisabled;
@ -203,12 +203,12 @@ testFirewallSingleGroup(const void *opaque)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
if (virFirewallApply(fw) < 0) if (virFirewallApply(fw) < 0)
@ -238,8 +238,8 @@ testFirewallRemoveRule(const void *opaque)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
virFirewallRulePtr fwrule; virFirewallRulePtr fwrule;
@ -256,17 +256,17 @@ testFirewallRemoveRule(const void *opaque)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", NULL); "-A", "INPUT", NULL);
virFirewallRuleAddArg(fw, fwrule, "--source-host"); virFirewallRuleAddArg(fw, fwrule, "--source");
virFirewallRemoveRule(fw, fwrule); virFirewallRemoveRule(fw, fwrule);
fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", NULL); "-A", "INPUT", NULL);
virFirewallRuleAddArg(fw, fwrule, "--source-host"); virFirewallRuleAddArg(fw, fwrule, "--source");
virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1"); virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1");
virFirewallRuleAddArgList(fw, fwrule, "--jump", "REJECT", NULL); virFirewallRuleAddArgList(fw, fwrule, "--jump", "REJECT", NULL);
@ -297,9 +297,9 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"
IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A OUTPUT --jump DROP\n"; IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
@ -316,19 +316,19 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallStartTransaction(fw, 0); virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "OUTPUT", "-A", "OUTPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@ -384,9 +384,9 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A OUTPUT --jump DROP\n"; IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
@ -405,19 +405,19 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallStartTransaction(fw, 0); virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "OUTPUT", "-A", "OUTPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@ -452,9 +452,9 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A OUTPUT --jump DROP\n"; IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
@ -473,18 +473,18 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
true, NULL, NULL, true, NULL, NULL,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "OUTPUT", "-A", "OUTPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@ -519,8 +519,8 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled; fwDisabled = data->fwDisabled;
@ -538,17 +538,17 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
if (virFirewallApply(fw) == 0) { if (virFirewallApply(fw) == 0) {
@ -579,11 +579,11 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -D INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled; fwDisabled = data->fwDisabled;
@ -601,34 +601,34 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0); virFirewallStartRollback(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
if (virFirewallApply(fw) == 0) { if (virFirewallApply(fw) == 0) {
@ -659,10 +659,10 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled; fwDisabled = data->fwDisabled;
@ -680,38 +680,38 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallStartRollback(fw, 0); virFirewallStartRollback(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallStartTransaction(fw, 0); virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0); virFirewallStartRollback(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
if (virFirewallApply(fw) == 0) { if (virFirewallApply(fw) == 0) {
@ -742,14 +742,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.127 --jump REJECT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.127 --jump REJECT\n" IPTABLES_PATH " -w -D INPUT --source 192.168.122.127 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n" IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n"
IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled; fwDisabled = data->fwDisabled;
@ -767,14 +767,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallStartRollback(fw, 0); virFirewallStartRollback(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
@ -782,24 +782,24 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.127", "--source", "192.168.122.127",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0); virFirewallStartRollback(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.127", "--source", "192.168.122.127",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
@ -807,24 +807,24 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS); virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "192.168.122.255", "--source", "192.168.122.255",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-D", "INPUT", "-D", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
if (virFirewallApply(fw) == 0) { if (virFirewallApply(fw) == 0) {
@ -906,7 +906,7 @@ testFirewallQueryCallback(virFirewallPtr fw,
size_t i; size_t i;
virFirewallAddRule(fw, layer, virFirewallAddRule(fw, layer,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.129", "--source", "!192.168.122.129",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
for (i = 0; lines[i] != NULL; i++) { for (i = 0; lines[i] != NULL; i++) {
@ -934,15 +934,15 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
int ret = -1; int ret = -1;
const char *actual = NULL; const char *actual = NULL;
const char *expected = const char *expected =
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.127 --jump REJECT\n"
IPTABLES_PATH " -w -L\n" IPTABLES_PATH " -w -L\n"
IPTABLES_PATH " -w -t nat -L\n" IPTABLES_PATH " -w -t nat -L\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.130 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.130 --jump REJECT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n"
IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.128 --jump REJECT\n" IPTABLES_PATH " -w -A INPUT --source 192.168.122.128 --jump REJECT\n"
IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque; const struct testFirewallData *data = opaque;
expectedLineNum = 0; expectedLineNum = 0;
@ -962,14 +962,14 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.1", "--source", "192.168.122.1",
"--jump", "ACCEPT", NULL); "--jump", "ACCEPT", NULL);
virFirewallStartTransaction(fw, 0); virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.127", "--source", "192.168.122.127",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
@ -985,7 +985,7 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.130", "--source", "192.168.122.130",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
@ -993,12 +993,12 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "192.168.122.128", "--source", "192.168.122.128",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT", "-A", "INPUT",
"--source-host", "!192.168.122.1", "--source", "!192.168.122.1",
"--jump", "REJECT", NULL); "--jump", "REJECT", NULL);
if (virFirewallApply(fw) < 0) if (virFirewallApply(fw) < 0)