Re: [TCK][PATCH] nwfilter: test support for TCP flags evaluation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Apr 01, 2011 at 12:17:32PM -0400, Stefan Berger wrote:
> This patch extends an existing test with test cases for the TCP flags.
> 
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
> 
> ---
>  scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall |    4 ++++
>  scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml      |   12 ++++++++++++
>  2 files changed, 16 insertions(+)
> 
> Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
> ===================================================================
> --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
> +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall
> @@ -10,6 +10,10 @@ target     prot opt source
>  ACCEPT     tcp  --  10.1.2.3             0.0.0.0/0           DSCP
> match 0x02state ESTABLISHED ctdir ORIGINAL
>  ACCEPT     tcp  --  10.1.2.3             0.0.0.0/0           MAC
> 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111
>  ACCEPT     tcp  --  10.1.2.3             0.0.0.0/0           MAC
> 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535
> +ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> flags:0x02/0x3F
> +ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> flags:0x02/0x12
> +ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> flags:0x04/0x00
> +ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> flags:0x08/0x00
>  #iptables -L HI-vnet0 -n
>  Chain HI-vnet0 (1 references)
>  target     prot opt source               destination
> Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml
> ===================================================================
> --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml
> +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml
> @@ -19,4 +19,16 @@
>            srcportstart='255' srcportend='256'
>            dstportstart='65535' dstportend='65536'/>
> </rule>
> + <rule action='accept' direction='in'>
> + <tcp state='NONE' flags='SYN/ALL'/>
> + </rule>
> + <rule action='accept' direction='in'>
> + <tcp state='NONE' flags='SYN/SYN,ACK'/>
> + </rule>
> + <rule action='accept' direction='in'>
> + <tcp state='NONE' flags='RST/NONE'/>
> + </rule>
> + <rule action='accept' direction='in'>
> + <tcp state='NONE' flags='PSH/'/>
> + </rule>
> </filter>

ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]