Daniel P. Berrange 3ba789ccd5 Add a test suite for nwfilter ebiptables tech driver
Create a nwfilterxml2firewalltest to exercise the
ebiptables_driver.applyNewRules method with a variety of
different XML input files. The XML input files are taken
from the libvirt-tck nwfilter tests. While the nwfilter
tests verify the final state of the iptables chains, this
test verifies the set of commands invoked to create the
chains.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-04-25 15:44:10 +01:00

72 lines
2.5 KiB
XML

<filter name='tck-testcase'>
<uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
<rule action='accept' direction='in'>
<mac protocolid='0x1234' comment='mac rule'/>
</rule>
<rule action='accept' direction='out'>
<ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
protocol='udp'
srcportstart='0x123' srcportend='0x234'
dstportstart='0x3456' dstportend='0x4567'
dscp='0x32' comment='ip rule'/>
</rule>
<rule action='accept' direction='out'>
<ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
srcipaddr='::10.1.2.3' srcipmask='22'
dstipaddr='::10.1.2.3'
dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
protocol='tcp'
srcportstart='0x111' srcportend='400'
dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
</rule>
<rule action='accept' direction='out'>
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='0x12'
protocoltype='0x56'
opcode='Request'
arpsrcmacaddr='1:2:3:4:5:6'
arpdstmacaddr='a:b:c:d:e:f'
comment='arp rule'/>
</rule>
<rule action='accept' direction='out'>
<udp srcmacaddr='1:2:3:4:5:6'
dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
dscp='0x22'
srcportstart='0x123' srcportend='400'
dstportstart='0x234' dstportend='0x444'
comment='udp rule'/>
</rule>
<rule action='accept' direction='in'>
<tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
srcipaddr='a:b:c::' srcipmask='128'
dscp='0x39'
srcportstart='0x20' srcportend='0x21'
dstportstart='0x100' dstportend='0x1111'
comment='tcp/ipv6 rule'/>
</rule>
<rule action='accept' direction='in'>
<udp-ipv6 comment='`ls`;${COLUMNS};$(ls);"test";&amp;&apos;3 spaces&apos;'/>
</rule>
<rule action='accept' direction='in'>
<sctp-ipv6 comment='comment with lone &apos;, `, ", `, \, $x, and two spaces'/>
</rule>
<rule action='accept' direction='in'>
<ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat &lt; ${tmp}; rm -f ${tmp}'/>
</rule>
</filter>