[patch 3/5] nwfilter: Add test case for testing the state attribute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This patch adds a test case for testing the XML parser's and instantiator's
support of the state attribute. The other test case tests existing
capabilities. Both test cases will be used in TCK again.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

---
 tests/nwfilterxml2xmlin/example-1.xml  |   24 +++++++++++++++++++++
 tests/nwfilterxml2xmlin/example-2.xml  |   37 +++++++++++++++++++++++++++++++++
 tests/nwfilterxml2xmlout/example-1.xml |   15 +++++++++++++
 tests/nwfilterxml2xmlout/example-2.xml |   21 ++++++++++++++++++
 tests/nwfilterxml2xmltest.c            |    3 ++
 5 files changed, 100 insertions(+)

Index: libvirt-acl/tests/nwfilterxml2xmlin/example-1.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/example-1.xml
@@ -0,0 +1,24 @@
+<filter name='testcase'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+
+  <!-- allow incoming ssh connections -->
+  <rule action='accept' direction='in' priority='100'>
+    <tcp dstportstart='22'/>
+  </rule>
+
+  <!-- allow incoming ICMP (ping) packets -->
+  <rule action='accept' direction='in' priority='200'>
+    <icmp/>
+  </rule>
+
+  <!-- allow all outgoing traffic -->
+  <rule action='accept' direction='in' priority='300'>
+    <all/>
+  </rule>
+
+  <!-- drop all other traffic -->
+  <rule action='drop' direction='inout' priority='1000'>
+    <all/>
+  </rule>
+
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/example-1.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/example-1.xml
@@ -0,0 +1,15 @@
+<filter name='testcase' chain='root'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+  <rule action='accept' direction='in' priority='100'>
+    <tcp dstportstart='22'/>
+  </rule>
+  <rule action='accept' direction='in' priority='200'>
+    <icmp/>
+  </rule>
+  <rule action='accept' direction='in' priority='300'>
+    <all/>
+  </rule>
+  <rule action='drop' direction='inout' priority='1000'>
+    <all/>
+  </rule>
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmltest.c
===================================================================
--- libvirt-acl.orig/tests/nwfilterxml2xmltest.c
+++ libvirt-acl/tests/nwfilterxml2xmltest.c
@@ -126,6 +126,9 @@ mymain(int argc, char **argv)
 
     DO_TEST("comment-test");
 
+    DO_TEST("example-1");
+    DO_TEST("example-2");
+
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
 }
 
Index: libvirt-acl/tests/nwfilterxml2xmlin/example-2.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlin/example-2.xml
@@ -0,0 +1,37 @@
+<filter name='testcase'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+
+  <!-- VM outgoing: allow all established and related connections -->
+  <rule action='accept' direction='out' priority='100'>
+    <all state='ESTABLISHED,RELATED'
+         comment='out: existing and related (ftp) connections'/>
+  </rule>
+
+  <!-- VM incoming: allow all established connections -->
+  <rule action='accept' direction='in' priority='100'>
+    <all state='ESTABLISHED'
+         comment='in: existing connections'/>
+  </rule>
+
+  <!-- allow incoming ssh and ftp traffic -->
+  <rule action='accept' direction='in' priority='200'>
+    <tcp dstportstart='21' dstportend='22' state='NEW'
+         comment='in: ftp and ssh'/>
+  </rule>
+
+  <!-- allow incoming ICMP (ping) packets -->
+  <rule action='accept' direction='in' priority='300'>
+    <icmp state='NEW' comment='in: icmp'/>
+  </rule>
+
+  <!-- allow outgong DNS lookups -->
+  <rule action='accept' direction='out' priority='300'>
+    <udp dstportstart='53' state='NEW' comment='out: DNS lookups'/>
+  </rule>
+
+  <!-- drop all other traffic -->
+  <rule action='drop' direction='inout' priority='1000'>
+    <all comment='inout: drop all non-accepted traffic'/>
+  </rule>
+
+</filter>
Index: libvirt-acl/tests/nwfilterxml2xmlout/example-2.xml
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterxml2xmlout/example-2.xml
@@ -0,0 +1,21 @@
+<filter name='testcase' chain='root'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+  <rule action='accept' direction='out' priority='100'>
+    <all state='ESTABLISHED,RELATED' comment='out: existing and related (ftp) connections'/>
+  </rule>
+  <rule action='accept' direction='in' priority='100'>
+    <all state='ESTABLISHED' comment='in: existing connections'/>
+  </rule>
+  <rule action='accept' direction='in' priority='200'>
+    <tcp state='NEW' dstportstart='21' dstportend='22' comment='in: ftp and ssh'/>
+  </rule>
+  <rule action='accept' direction='in' priority='300'>
+    <icmp state='NEW' comment='in: icmp'/>
+  </rule>
+  <rule action='accept' direction='out' priority='300'>
+    <udp state='NEW' dstportstart='53' comment='out: DNS lookups'/>
+  </rule>
+  <rule action='drop' direction='inout' priority='1000'>
+    <all comment='inout: drop all non-accepted traffic'/>
+  </rule>
+</filter>

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]