Make use of the ebtables functionality to be able to filter certain
parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
type ranges, codes, and code ranges. Extend the nwfilter documentation,
schema, and test cases.
Being able to filter icmpv6 types and codes helps extending the DHCP
snooper for IPv6 and filtering at least some parameters of IPv6's NDP
(Neighbor Discovery Protocol) packets. However, the filtering will not
be as good as the filtering of ARP packets since we cannot
check on IP addresses in the payload of the NDP packets.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create a nwfilterxml2firewalltest to exercise the
ebiptables_driver.applyNewRules method with a variety of
different XML input files. The XML input files are taken
from the libvirt-tck nwfilter tests. While the nwfilter
tests verify the final state of the iptables chains, this
test verifies the set of commands invoked to create the
chains.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
