[TCK] [PATCH] nwfilter: Add a test case for filtering of gratuitous ARP packets

Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> · Mon, 23 May 2011 19:34:13 -0400

This patch adds a test for filtering of gratuitous ARP packets to the 
TCK tests.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>

---
 scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall   |    2 ++
 scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat |    1 +
 scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml        |    4 ++++
 3 files changed, 7 insertions(+)

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
===================================================================

--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall
@@ -4,6 +4,8 @@
 -p ARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j 
ACCEPT
 -p ARP -s 1:2:3:4:5:6 --arp-op 65535 --arp-htype 65535 --arp-ptype 
0xffff -j ACCEPT
 -p ARP -s 1:2:3:4:5:6 -j ACCEPT
+#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
+-p ARP --arp-gratuitous -j ACCEPT
 #ebtables -t nat -L PREROUTING | grep vnet0
 -i vnet0 -j libvirt-I-vnet0

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
@@ -26,6 +26,7 @@
 -p ARP --arp-op Reply -j ACCEPT
 -j DROP
 #ebtables -t nat -L O-vnet0-arp | grep -v "^Bridge" | grep -v "^$"
+-p ARP --arp-gratuitous -j ACCEPT
 -p ARP --arp-op Reply --arp-mac-dst ! 52:54:0:9f:33:da -j DROP
 -p ARP --arp-ip-dst ! 10.1.1.1 -j DROP
 -p ARP --arp-op Request -j ACCEPT
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml
@@ -30,4 +30,8 @@
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
           opcode='65536' hwtype='65536' protocoltype='65536' />
</rule>
+
+ <rule action='accept' direction='in'>
+ <arp gratuitous='true'/>
+ </rule>
</filter>

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





