Test access to variables using index and iterators --- scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall | 37 +++++++++++++++++ scripts/nwfilter/nwfilterxml2xmlin/iter-test3.xml | 13 +++++ 2 files changed, 50 insertions(+) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall =================================================================== --- /dev/null +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall @@ -0,0 +1,37 @@ +#iptables -L FI-vnet0 -n +Chain FI-vnet0 (1 references) +target prot opt source destination +RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY +RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY +RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY +#iptables -L FO-vnet0 -n +Chain FO-vnet0 (1 references) +target prot opt source destination +ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x01tcp dpt:80 state ESTABLISHED ctdir ORIGINAL +ACCEPT tcp -- 0.0.0.0/0 1.1.1.1 DSCP match 0x01tcp dpt:90 state ESTABLISHED ctdir ORIGINAL +ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:80 state ESTABLISHED ctdir ORIGINAL +ACCEPT udp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x02udp dpt:90 state ESTABLISHED ctdir ORIGINAL +ACCEPT sctp -- 0.0.0.0/0 2.2.2.2 DSCP match 0x03sctp spt:1100 dpt:80 state ESTABLISHED ctdir ORIGINAL +#iptables -L HI-vnet0 -n +Chain HI-vnet0 (1 references) +target prot opt source destination +RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:80 state NEW,ESTABLISHED ctdir REPLY +RETURN tcp -- 1.1.1.1 0.0.0.0/0 DSCP match 0x01tcp spt:90 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:80 state NEW,ESTABLISHED ctdir REPLY +RETURN udp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x02udp spt:90 state NEW,ESTABLISHED ctdir REPLY +RETURN sctp -- 2.2.2.2 0.0.0.0/0 DSCP match 0x03sctp spt:80 dpt:1100 state NEW,ESTABLISHED ctdir REPLY +#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " " +HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 +#iptables -L libvirt-in -n | grep vnet0 | tr -s " " +FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 +#iptables -L libvirt-in-post -n | grep vnet0 +ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 +#iptables -L libvirt-out -n | grep vnet0 | tr -s " " +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 + Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test3.xml =================================================================== --- /dev/null +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/iter-test3.xml @@ -0,0 +1,13 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcipaddr='$A[ 0]' srcportstart='$B[ @0 ] ' dscp='1'/> + </rule> + <rule action='accept' direction='out'> + <udp srcipaddr='$A[1 ]' srcportstart='$B[ @2 ]' dscp='2'/> + </rule> + <rule action='accept' direction='out'> + <sctp srcipaddr='$A[ 1 ] ' srcportstart='$B[2 ] ' dstportstart='$C[ 2 ]' + dscp='3'/> + </rule> +</filter> -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list