Test access to 2 lists in one rule
---
scripts/nwfilter/nwfilter2vmtest.sh | 6 +++
scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall | 31 +++++++++++++++++
scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml | 6 +++
3 files changed, 43 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -345,6 +345,12 @@ createVM() {
<source bridge='virbr0'/>
<filterref filter='${filtername}'>
<parameter name='IP' value='${ipaddr}'/>
+ <parameter name='A' value='1.1.1.1'/>
+ <parameter name='A' value='2.2.2.2'/>
+ <parameter name='A' value='3.3.3.3'/>
+ <parameter name='B' value='80'/>
+ <parameter name='B' value='90'/>
+ <parameter name='B' value='80'/>
</filterref>
<target dev='${vmname}'/>
</interface>
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall
@@ -0,0 +1,31 @@
+#iptables -L FI-vnet0 -n
+Chain FI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L FO-vnet0 -n
+Chain FO-vnet0 (1 references)
+target prot opt source destination
+ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02tcp dpt:90 state ESTABLISHED ctdir ORIGINAL
+ACCEPT tcp -- 0.0.0.0/0 3.3.3.3 DSCP match 0x02tcp dpt:80 state ESTABLISHED ctdir ORIGINAL
+#iptables -L HI-vnet0 -n
+Chain HI-vnet0 (1 references)
+target prot opt source destination
+RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02tcp spt:90 state NEW,ESTABLISHED ctdir REPLY
+RETURN tcp -- 3.3.3.3 0.0.0.0/0 DSCP match 0x02tcp spt:80 state NEW,ESTABLISHED ctdir REPLY
+#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
+HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
+FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-in-post -n | grep vnet0
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0
+#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
+FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
+#iptables -L FORWARD -n --line-number | grep libvirt
+1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0
+2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0
+3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0
+
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml
===================================================================
--- /dev/null
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test1.xml
@@ -0,0 +1,6 @@
+<filter name='tck-testcase' chain='root'>
+ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+ <rule action='accept' direction='out'>
+ <tcp srcipaddr='$A' srcportstart='$B' dscp='2'/>
+ </rule>
+</filter>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list