[TCK] [PATCH] follow reordering of match extensions relative to state match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This patch adjusts the tck test cases following the reordering of the match extensions relative to the state match in libvirt. 

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>

---
scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 30 +++++++-------- 
 scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall    |   14 +++----
 2 files changed, 22 insertions(+), 22 deletions(-)

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall 
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -11,15 +11,15 @@
 #iptables -L FI-vnet0 -n
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY/* udp rule */ 
 #iptables -L FO-vnet0 -n
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination
-ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22/* udp rule */ udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL +ACCEPT udp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x22udp spts:564:1092 dpts:291:400 state ESTABLISHED ctdir ORIGINAL/* udp rule */ 
 #iptables -L HI-vnet0 -n
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination
-RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22/* udp rule */ udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x22udp spts:291:400 dpts:564:1092 state NEW,ESTABLISHED ctdir REPLY/* udp rule */ 
 #iptables -L libvirt-host-in -n | grep HI-vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 
 #iptables -L libvirt-in -n | grep FI-vnet0 | tr -s " "
@@ -31,24 +31,24 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got
 #ip6tables -L FI-vnet0 -n
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination
-RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL -RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir ORIGINAL -RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \, $x, and two spaces */ state ESTABLISHED ctdir ORIGINAL -RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED ctdir ORIGINAL +RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ +RETURN udp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ +RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */ +RETURN ah ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ 
 #ip6tables -L FO-vnet0 -n
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination
-ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 /* tcp/ipv6 rule */ tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY -ACCEPT udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state NEW,ESTABLISHED ctdir REPLY -ACCEPT sctp ::/0 ::/0 /* comment with lone ', `, ", `, \, $x, and two spaces */ state NEW,ESTABLISHED ctdir REPLY -ACCEPT ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state NEW,ESTABLISHED ctdir REPLY +ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule */ +ACCEPT udp ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ +ACCEPT sctp ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* comment with lone ', `, ", `, \, $x, and two spaces */ +ACCEPT ah ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ 
 #ip6tables -L HI-vnet0 -n
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination
-RETURN tcp ::/0 a:b:c::/128 /* tcp/ipv6 rule */ tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL -RETURN udp ::/0 ::/0 /* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ state ESTABLISHED ctdir ORIGINAL -RETURN sctp ::/0 ::/0 /* comment with lone ', `, ", `, \, $x, and two spaces */ state ESTABLISHED ctdir ORIGINAL -RETURN ah ::/0 ::/0 /* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ state ESTABLISHED ctdir ORIGINAL +RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ +RETURN udp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ +RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */ +RETURN ah ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ 
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
 HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0
 #ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/example-2.fwall
@@ -1,20 +1,20 @@
 #iptables -L FI-vnet0 -n
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out: existing and related (ftp) connections */ state RELATED,ESTABLISHED -RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out: DNS lookups */ udp dpt:53 state NEW +RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* out: existing and related (ftp) connections */ +RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW /* out: DNS lookups */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout: drop all non-accepted traffic */ 
 #iptables -L FO-vnet0 -n
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* in: existing connections */ state ESTABLISHED -ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 /* in: ftp and ssh */ tcp dpts:21:22 state NEW -ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* in: icmp */ state NEW +ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED /* in: existing connections */ +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:21:22 state NEW /* in: ftp and ssh */ +ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW /* in: icmp */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout: drop all non-accepted traffic */ 
 #iptables -L HI-vnet0 -n
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination
-RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* out: existing and related (ftp) connections */ state RELATED,ESTABLISHED -RETURN udp -- 0.0.0.0/0 0.0.0.0/0 /* out: DNS lookups */ udp dpt:53 state NEW +RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* out: existing and related (ftp) connections */ +RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW /* out: DNS lookups */ DROP all -- 0.0.0.0/0 0.0.0.0/0 /* inout: drop all non-accepted traffic */ 

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]