diff options
| author | Guido Günther <agx@sigxcpu.org> | 2014-05-02 11:06:08 +0200 |
|---|---|---|
| committer | Guido Günther <agx@sigxcpu.org> | 2014-05-02 11:06:08 +0200 |
| commit | 1190eb8d003c872dcb203f9e3dade0c92f14cc9c (patch) | |
| tree | bd6c409ad3615c381004bc7c2a6b69b48a9e649d /tests | |
| parent | cca8c1eae0ec5a881e37fa3dfc49981de1fd5900 (diff) | |
New upstream version 1.2.4~rc2
Diffstat (limited to 'tests')
207 files changed, 7739 insertions, 650 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 6e15af881..4a5e14bd7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -43,6 +43,9 @@ AM_CFLAGS = \ $(COVERAGE_CFLAGS) \ $(WARN_CFLAGS) +AM_LDFLAGS = \ + -export-dynamic + if WITH_DRIVER_MODULES INCLUDES += \ -DTEST_DRIVER_DIR=\"$(top_builddir)/src/.libs\" @@ -65,6 +68,7 @@ LDADDS = \ EXTRA_DIST = \ bhyvexml2argvdata \ + bhyvexml2xmloutdata \ capabilityschemadata \ capabilityschematest \ commanddata \ @@ -87,10 +91,12 @@ EXTRA_DIST = \ networkxml2confdata \ networkxml2xmlupdatein \ networkxml2xmlupdateout \ + networkxml2firewalldata \ nodedevschemadata \ nodedevschematest \ nodeinfodata \ nwfilterschematest \ + nwfilterxml2firewalldata \ nwfilterxml2xmlin \ nwfilterxml2xmlout \ oomtrace.pl \ @@ -129,7 +135,8 @@ EXTRA_DIST = \ xml2sexprdata \ xml2vmxdata \ vmwareverdata \ - .valgrind.supp + .valgrind.supp \ + virmock.h test_helpers = commandhelper ssh test_conf test_programs = virshtest sockettest \ @@ -139,6 +146,7 @@ test_programs = virshtest sockettest \ viratomictest \ utiltest shunloadtest \ virtimetest viruritest virkeyfiletest \ + viralloctest \ virauthconfigtest \ virbitmaptest \ vircgrouptest \ @@ -146,7 +154,7 @@ test_programs = virshtest sockettest \ virpcitest \ virendiantest \ virfiletest \ - viridentitytest \ + virfirewalltest \ viriscsitest \ virkeycodetest \ virlockspacetest \ @@ -188,7 +196,8 @@ endif WITH_DBUS if WITH_SECDRIVER_SELINUX if WITH_ATTR -test_programs += securityselinuxtest +test_programs += securityselinuxtest \ + viridentitytest if WITH_QEMU test_programs += securityselinuxlabeltest endif WITH_QEMU @@ -235,7 +244,7 @@ test_programs += vmwarevertest endif WITH_VMWARE if WITH_BHYVE -test_programs += bhyvexml2argvtest +test_programs += bhyvexml2argvtest bhyvexml2xmltest endif WITH_BHYVE if WITH_CIL @@ -246,10 +255,16 @@ if WITH_YAJL test_programs += jsontest endif WITH_YAJL -test_programs += networkxml2xmltest networkxml2xmlupdatetest +test_programs += \ + networkxml2xmltest \ + networkxml2xmlupdatetest \ + $(NULL) if WITH_NETWORK -test_programs += networkxml2conftest +test_programs += \ + networkxml2conftest \ + networkxml2firewalltest \ + $(NULL) endif WITH_NETWORK if WITH_STORAGE_SHEEPDOG @@ -258,6 +273,11 @@ endif WITH_STORAGE_SHEEPDOG test_programs += nwfilterxml2xmltest +if WITH_NWFILTER +test_programs += nwfilterebiptablestest +test_programs += nwfilterxml2firewalltest +endif WITH_NWFILTER + if WITH_STORAGE test_programs += storagevolxml2argvtest endif WITH_STORAGE @@ -364,7 +384,8 @@ test_libraries += bhyvexml2argvmock.la endif WITH_BHYVE if WITH_DBUS -test_libraries += virsystemdmock.la +test_libraries += \ + virmockdbus.la endif WITH_DBUS if WITH_LINUX @@ -632,8 +653,13 @@ bhyvexml2argvtest_SOURCES = \ bhyvexml2argvtest.c \ testutils.c testutils.h bhyvexml2argvtest_LDADD = $(bhyve_LDADDS) + +bhyvexml2xmltest_SOURCES = \ + bhyvexml2xmltest.c \ + testutils.c testutils.h +bhyvexml2xmltest_LDADD = $(bhyve_LDADDS) else ! WITH_BHYVE -EXTRA_DIST += bhyvexml2argvtest.c bhyvexml2argvmock.c +EXTRA_DIST += bhyvexml2argvtest.c bhyvexml2xmltest.c bhyvexml2argvmock.c endif ! WITH_BHYVE networkxml2xmltest_SOURCES = \ @@ -651,6 +677,12 @@ networkxml2conftest_SOURCES = \ networkxml2conftest.c \ testutils.c testutils.h networkxml2conftest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS) + +networkxml2firewalltest_SOURCES = \ + networkxml2firewalltest.c \ + testutils.c testutils.h +networkxml2firewalltest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS) + else ! WITH_NETWORK EXTRA_DIST += networkxml2conftest.c endif ! WITH_NETWORK @@ -670,6 +702,19 @@ nwfilterxml2xmltest_SOURCES = \ testutils.c testutils.h nwfilterxml2xmltest_LDADD = $(LDADDS) +if WITH_NWFILTER +nwfilterebiptablestest_SOURCES = \ + nwfilterebiptablestest.c \ + testutils.c testutils.h +nwfilterebiptablestest_LDADD = ../src/libvirt_driver_nwfilter_impl.la $(LDADDS) + +nwfilterxml2firewalltest_SOURCES = \ + nwfilterxml2firewalltest.c \ + testutils.c testutils.h +nwfilterxml2firewalltest_LDADD = \ + ../src/libvirt_driver_nwfilter_impl.la $(LDADDS) +endif WITH_NWFILTER + secretxml2xmltest_SOURCES = \ secretxml2xmltest.c \ testutils.c testutils.h @@ -681,6 +726,7 @@ storagevolxml2argvtest_SOURCES = \ storagevolxml2argvtest.c \ testutils.c testutils.h storagevolxml2argvtest_LDADD = \ + $(LIBXML_LIBS) \ ../src/libvirt_driver_storage_impl.la $(LDADDS) else ! WITH_STORAGE @@ -902,19 +948,19 @@ virdbustest_SOURCES = \ virdbustest_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) virdbustest_LDADD = $(LDADDS) $(DBUS_LIBS) +virmockdbus_la_SOURCES = \ + virmockdbus.c +virmockdbus_la_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) +virmockdbus_la_LDFLAGS = -module -avoid-version \ + -rpath /evil/libtool/hack/to/force/shared/lib/creation + virsystemdtest_SOURCES = \ virsystemdtest.c testutils.h testutils.c -virsystemdtest_CFLAGS = $(AM_CFLAGS) +virsystemdtest_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) virsystemdtest_LDADD = $(LDADDS) -virsystemdmock_la_SOURCES = \ - virsystemdmock.c -virsystemdmock_la_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) -virsystemdmock_la_LDFLAGS = -module -avoid-version \ - -rpath /evil/libtool/hack/to/force/shared/lib/creation - else ! WITH_DBUS -EXTRA_DIST += virdbustest.c virsystemdtest.c virsystemdmock.c +EXTRA_DIST += virdbustest.c virmockdbus.c virsystemdtest.c endif ! WITH_DBUS viruritest_SOURCES = \ @@ -925,6 +971,10 @@ virkeyfiletest_SOURCES = \ virkeyfiletest.c testutils.h testutils.c virkeyfiletest_LDADD = $(LDADDS) +viralloctest_SOURCES = \ + viralloctest.c testutils.h testutils.c +viralloctest_LDADD = $(LDADDS) + virauthconfigtest_SOURCES = \ virauthconfigtest.c testutils.h testutils.c virauthconfigtest_LDADD = $(LDADDS) @@ -989,6 +1039,11 @@ virfiletest_SOURCES = \ virfiletest.c testutils.h testutils.c virfiletest_LDADD = $(LDADDS) +virfirewalltest_SOURCES = \ + virfirewalltest.c testutils.h testutils.c +virfirewalltest_LDADD = $(LDADDS) +virfirewalltest_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) + jsontest_SOURCES = \ jsontest.c testutils.h testutils.c jsontest_LDADD = $(LDADDS) diff --git a/tests/Makefile.in b/tests/Makefile.in index cd78e3175..9b2a5540f 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -94,7 +94,9 @@ host_triplet = @host@ @WITH_DBUS_TRUE@am__append_7 = virdbustest \ @WITH_DBUS_TRUE@ virsystemdtest -@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@am__append_8 = securityselinuxtest +@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@am__append_8 = securityselinuxtest \ +@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@ viridentitytest + @WITH_ATTR_TRUE@@WITH_QEMU_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@am__append_9 = securityselinuxlabeltest @WITH_DRIVER_MODULES_TRUE@am__append_10 = virdrivermoduletest @WITH_XEN_TRUE@am__append_11 = xml2sexprtest sexpr2xmltest \ @@ -110,15 +112,21 @@ host_triplet = @host@ @WITH_ESX_TRUE@am__append_15 = esxutilstest @WITH_VMX_TRUE@am__append_16 = vmx2xmltest xml2vmxtest @WITH_VMWARE_TRUE@am__append_17 = vmwarevertest -@WITH_BHYVE_TRUE@am__append_18 = bhyvexml2argvtest +@WITH_BHYVE_TRUE@am__append_18 = bhyvexml2argvtest bhyvexml2xmltest @WITH_CIL_TRUE@am__append_19 = objectlocking @WITH_YAJL_TRUE@am__append_20 = jsontest -@WITH_NETWORK_TRUE@am__append_21 = networkxml2conftest +@WITH_NETWORK_TRUE@am__append_21 = \ +@WITH_NETWORK_TRUE@ networkxml2conftest \ +@WITH_NETWORK_TRUE@ networkxml2firewalltest \ +@WITH_NETWORK_TRUE@ $(NULL) + @WITH_STORAGE_SHEEPDOG_TRUE@am__append_22 = storagebackendsheepdogtest -@WITH_STORAGE_TRUE@am__append_23 = storagevolxml2argvtest -@WITH_LINUX_TRUE@am__append_24 = virscsitest -@WITH_LINUX_TRUE@am__append_25 = virusbtest -@WITH_LIBVIRTD_TRUE@am__append_26 = \ +@WITH_NWFILTER_TRUE@am__append_23 = nwfilterebiptablestest \ +@WITH_NWFILTER_TRUE@ nwfilterxml2firewalltest +@WITH_STORAGE_TRUE@am__append_24 = storagevolxml2argvtest +@WITH_LINUX_TRUE@am__append_25 = virscsitest +@WITH_LINUX_TRUE@am__append_26 = virusbtest +@WITH_LIBVIRTD_TRUE@am__append_27 = \ @WITH_LIBVIRTD_TRUE@ test_conf.sh \ @WITH_LIBVIRTD_TRUE@ cpuset \ @WITH_LIBVIRTD_TRUE@ define-dev-segfault \ @@ -137,11 +145,11 @@ host_triplet = @host@ @WITH_LIBVIRTD_TRUE@ virsh-undefine \ @WITH_LIBVIRTD_TRUE@ $(NULL) -@WITH_LIBVIRTD_TRUE@am__append_27 = \ +@WITH_LIBVIRTD_TRUE@am__append_28 = \ @WITH_LIBVIRTD_TRUE@ eventtest \ @WITH_LIBVIRTD_TRUE@ libvirtdconftest -@WITH_LIBVIRTD_FALSE@am__append_28 = \ +@WITH_LIBVIRTD_FALSE@am__append_29 = \ @WITH_LIBVIRTD_FALSE@ test_conf.sh \ @WITH_LIBVIRTD_FALSE@ cpuset \ @WITH_LIBVIRTD_FALSE@ define-dev-segfault \ @@ -159,26 +167,28 @@ host_triplet = @host@ @WITH_LIBVIRTD_FALSE@ virsh-undefine \ @WITH_LIBVIRTD_FALSE@ $(NULL) -@WITH_SECDRIVER_APPARMOR_TRUE@am__append_29 = virt-aa-helper-test -@WITH_SECDRIVER_APPARMOR_FALSE@am__append_30 = virt-aa-helper-test -@WITH_QEMU_TRUE@am__append_31 = libqemumonitortestutils.la \ +@WITH_SECDRIVER_APPARMOR_TRUE@am__append_30 = virt-aa-helper-test +@WITH_SECDRIVER_APPARMOR_FALSE@am__append_31 = virt-aa-helper-test +@WITH_QEMU_TRUE@am__append_32 = libqemumonitortestutils.la \ @WITH_QEMU_TRUE@ qemuxml2argvmock.la \ @WITH_QEMU_TRUE@ $(NULL) -@WITH_BHYVE_TRUE@am__append_32 = bhyvexml2argvmock.la -@WITH_DBUS_TRUE@am__append_33 = virsystemdmock.la -@WITH_LINUX_TRUE@am__append_34 = virusbmock.la -@WITH_TESTS_TRUE@noinst_PROGRAMS = $(am__EXEEXT_25) $(am__EXEEXT_26) -@WITH_TESTS_FALSE@check_PROGRAMS = $(am__EXEEXT_25) $(am__EXEEXT_26) -TESTS = $(am__EXEEXT_25) $(am__EXEEXT_28) -@WITH_XEN_FALSE@am__append_35 = xml2sexprtest.c sexpr2xmltest.c xmconfigtest.c \ +@WITH_BHYVE_TRUE@am__append_33 = bhyvexml2argvmock.la +@WITH_DBUS_TRUE@am__append_34 = \ +@WITH_DBUS_TRUE@ virmockdbus.la + +@WITH_LINUX_TRUE@am__append_35 = virusbmock.la +@WITH_TESTS_TRUE@noinst_PROGRAMS = $(am__EXEEXT_26) $(am__EXEEXT_27) +@WITH_TESTS_FALSE@check_PROGRAMS = $(am__EXEEXT_26) $(am__EXEEXT_27) +TESTS = $(am__EXEEXT_26) $(am__EXEEXT_29) +@WITH_XEN_FALSE@am__append_36 = xml2sexprtest.c sexpr2xmltest.c xmconfigtest.c \ @WITH_XEN_FALSE@ xencapstest.c reconnect.c \ @WITH_XEN_FALSE@ testutilsxen.c testutilsxen.h -@WITH_NETWORK_TRUE@@WITH_QEMU_TRUE@am__append_36 = ../src/libvirt_driver_network_impl.la -@WITH_QEMU_TRUE@@WITH_STORAGE_TRUE@am__append_37 = ../src/libvirt_driver_storage_impl.la -@WITH_DTRACE_PROBES_TRUE@@WITH_QEMU_TRUE@am__append_38 = ../src/libvirt_qemu_probes.lo -@WITH_QEMU_FALSE@am__append_39 = qemuxml2argvtest.c qemuxml2xmltest.c qemuargv2xmltest.c \ +@WITH_NETWORK_TRUE@@WITH_QEMU_TRUE@am__append_37 = ../src/libvirt_driver_network_impl.la +@WITH_QEMU_TRUE@@WITH_STORAGE_TRUE@am__append_38 = ../src/libvirt_driver_storage_impl.la +@WITH_DTRACE_PROBES_TRUE@@WITH_QEMU_TRUE@am__append_39 = ../src/libvirt_qemu_probes.lo +@WITH_QEMU_FALSE@am__append_40 = qemuxml2argvtest.c qemuxml2xmltest.c qemuargv2xmltest.c \ @WITH_QEMU_FALSE@ qemuxmlnstest.c qemuhelptest.c domainsnapshotxml2xmltest.c \ @WITH_QEMU_FALSE@ qemumonitortest.c testutilsqemu.c testutilsqemu.h \ @WITH_QEMU_FALSE@ qemumonitorjsontest.c qemuhotplugtest.c \ @@ -186,34 +196,34 @@ TESTS = $(am__EXEEXT_25) $(am__EXEEXT_28) @WITH_QEMU_FALSE@ qemucaps2xmltest.c \ @WITH_QEMU_FALSE@ $(QEMUMONITORTESTUTILS_SOURCES) -@WITH_LXC_TRUE@@WITH_NETWORK_TRUE@am__append_40 = ../src/libvirt_driver_network_impl.la -@WITH_LXC_FALSE@am__append_41 = lxcxml2xmltest.c testutilslxc.c testutilslxc.h -@WITH_OPENVZ_FALSE@am__append_42 = openvzutilstest.c -@WITH_ESX_FALSE@am__append_43 = esxutilstest.c -@WITH_VMX_FALSE@am__append_44 = vmx2xmltest.c xml2vmxtest.c -@WITH_VMWARE_FALSE@am__append_45 = vmwarevertest.c -@WITH_BHYVE_FALSE@am__append_46 = bhyvexml2argvtest.c bhyvexml2argvmock.c -@WITH_NETWORK_FALSE@am__append_47 = networkxml2conftest.c -@WITH_STORAGE_SHEEPDOG_FALSE@am__append_48 = storagebackendsheepdogtest.c -@WITH_STORAGE_FALSE@am__append_49 = storagevolxml2argvtest.c -@WITH_LIBVIRTD_FALSE@am__append_50 = libvirtdconftest.c -@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_51 = pkix_asn1_tab.c -@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_52 = -ltasn1 -@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_53 = pkix_asn1_tab.c -@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_54 = -ltasn1 -@HAVE_LIBTASN1_FALSE@@WITH_GNUTLS_TRUE@am__append_55 = pkix_asn1_tab.c -@WITH_GNUTLS_FALSE@am__append_56 = \ +@WITH_LXC_TRUE@@WITH_NETWORK_TRUE@am__append_41 = ../src/libvirt_driver_network_impl.la +@WITH_LXC_FALSE@am__append_42 = lxcxml2xmltest.c testutilslxc.c testutilslxc.h +@WITH_OPENVZ_FALSE@am__append_43 = openvzutilstest.c +@WITH_ESX_FALSE@am__append_44 = esxutilstest.c +@WITH_VMX_FALSE@am__append_45 = vmx2xmltest.c xml2vmxtest.c +@WITH_VMWARE_FALSE@am__append_46 = vmwarevertest.c +@WITH_BHYVE_FALSE@am__append_47 = bhyvexml2argvtest.c bhyvexml2xmltest.c bhyvexml2argvmock.c +@WITH_NETWORK_FALSE@am__append_48 = networkxml2conftest.c +@WITH_STORAGE_SHEEPDOG_FALSE@am__append_49 = storagebackendsheepdogtest.c +@WITH_STORAGE_FALSE@am__append_50 = storagevolxml2argvtest.c +@WITH_LIBVIRTD_FALSE@am__append_51 = libvirtdconftest.c +@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_52 = pkix_asn1_tab.c +@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_53 = -ltasn1 +@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_54 = pkix_asn1_tab.c +@HAVE_LIBTASN1_TRUE@@WITH_GNUTLS_TRUE@am__append_55 = -ltasn1 +@HAVE_LIBTASN1_FALSE@@WITH_GNUTLS_TRUE@am__append_56 = pkix_asn1_tab.c +@WITH_GNUTLS_FALSE@am__append_57 = \ @WITH_GNUTLS_FALSE@ virnettlscontexttest.c virnettlssessiontest.c \ @WITH_GNUTLS_FALSE@ virnettlshelpers.h virnettlshelpers.c \ @WITH_GNUTLS_FALSE@ testutils.h testutils.c pkix_asn1_tab.c @WITH_SELINUX_FALSE@viridentitytest_DEPENDENCIES = \ @WITH_SELINUX_FALSE@ $(am__DEPENDENCIES_2) -@WITH_DBUS_FALSE@am__append_57 = virdbustest.c virsystemdtest.c virsystemdmock.c -@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@@WITH_TESTS_TRUE@am__append_58 = libsecurityselinuxhelper.la -@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@@WITH_TESTS_FALSE@am__append_59 = libsecurityselinuxhelper.la -@WITH_LINUX_FALSE@am__append_60 = fchosttest.c virscsitest.c -@WITH_CIL_FALSE@am__append_61 = objectlocking.ml +@WITH_DBUS_FALSE@am__append_58 = virdbustest.c virmockdbus.c virsystemdtest.c +@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@@WITH_TESTS_TRUE@am__append_59 = libsecurityselinuxhelper.la +@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@@WITH_TESTS_FALSE@am__append_60 = libsecurityselinuxhelper.la +@WITH_LINUX_FALSE@am__append_61 = fchosttest.c virscsitest.c +@WITH_CIL_FALSE@am__append_62 = objectlocking.ml subdir = tests DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/build-aux/mkinstalldirs \ @@ -462,6 +472,17 @@ vircgroupmock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(vircgroupmock_la_LDFLAGS) $(LDFLAGS) -o $@ @WITH_TESTS_FALSE@am_vircgroupmock_la_rpath = @WITH_TESTS_TRUE@am_vircgroupmock_la_rpath = +virmockdbus_la_LIBADD = +am__virmockdbus_la_SOURCES_DIST = virmockdbus.c +@WITH_DBUS_TRUE@am_virmockdbus_la_OBJECTS = \ +@WITH_DBUS_TRUE@ virmockdbus_la-virmockdbus.lo +virmockdbus_la_OBJECTS = $(am_virmockdbus_la_OBJECTS) +virmockdbus_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(virmockdbus_la_CFLAGS) $(CFLAGS) $(virmockdbus_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@WITH_DBUS_TRUE@@WITH_TESTS_FALSE@am_virmockdbus_la_rpath = +@WITH_DBUS_TRUE@@WITH_TESTS_TRUE@am_virmockdbus_la_rpath = virnetserverclientmock_la_LIBADD = am_virnetserverclientmock_la_OBJECTS = \ virnetserverclientmock_la-virnetserverclientmock.lo @@ -481,17 +502,6 @@ virpcimock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(CFLAGS) $(virpcimock_la_LDFLAGS) $(LDFLAGS) -o $@ @WITH_TESTS_FALSE@am_virpcimock_la_rpath = @WITH_TESTS_TRUE@am_virpcimock_la_rpath = -virsystemdmock_la_LIBADD = -am__virsystemdmock_la_SOURCES_DIST = virsystemdmock.c -@WITH_DBUS_TRUE@am_virsystemdmock_la_OBJECTS = \ -@WITH_DBUS_TRUE@ virsystemdmock_la-virsystemdmock.lo -virsystemdmock_la_OBJECTS = $(am_virsystemdmock_la_OBJECTS) -virsystemdmock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(virsystemdmock_la_CFLAGS) $(CFLAGS) \ - $(virsystemdmock_la_LDFLAGS) $(LDFLAGS) -o $@ -@WITH_DBUS_TRUE@@WITH_TESTS_FALSE@am_virsystemdmock_la_rpath = -@WITH_DBUS_TRUE@@WITH_TESTS_TRUE@am_virsystemdmock_la_rpath = virusbmock_la_LIBADD = am__virusbmock_la_SOURCES_DIST = virusbmock.c @WITH_LINUX_TRUE@am_virusbmock_la_OBJECTS = \ @@ -511,7 +521,8 @@ virusbmock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @WITH_LIBVIRTD_TRUE@am__EXEEXT_4 = fdstreamtest$(EXEEXT) @WITH_DBUS_TRUE@am__EXEEXT_5 = virdbustest$(EXEEXT) \ @WITH_DBUS_TRUE@ virsystemdtest$(EXEEXT) -@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@am__EXEEXT_6 = securityselinuxtest$(EXEEXT) +@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@am__EXEEXT_6 = securityselinuxtest$(EXEEXT) \ +@WITH_ATTR_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@ viridentitytest$(EXEEXT) @WITH_ATTR_TRUE@@WITH_QEMU_TRUE@@WITH_SECDRIVER_SELINUX_TRUE@am__EXEEXT_7 = securityselinuxlabeltest$(EXEEXT) @WITH_DRIVER_MODULES_TRUE@am__EXEEXT_8 = virdrivermoduletest$(EXEEXT) @WITH_XEN_TRUE@am__EXEEXT_9 = xml2sexprtest$(EXEEXT) \ @@ -537,47 +548,52 @@ virusbmock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @WITH_VMX_TRUE@am__EXEEXT_14 = vmx2xmltest$(EXEEXT) \ @WITH_VMX_TRUE@ xml2vmxtest$(EXEEXT) @WITH_VMWARE_TRUE@am__EXEEXT_15 = vmwarevertest$(EXEEXT) -@WITH_BHYVE_TRUE@am__EXEEXT_16 = bhyvexml2argvtest$(EXEEXT) +@WITH_BHYVE_TRUE@am__EXEEXT_16 = bhyvexml2argvtest$(EXEEXT) \ +@WITH_BHYVE_TRUE@ bhyvexml2xmltest$(EXEEXT) @WITH_CIL_TRUE@am__EXEEXT_17 = objectlocking$(EXEEXT) @WITH_YAJL_TRUE@am__EXEEXT_18 = jsontest$(EXEEXT) -@WITH_NETWORK_TRUE@am__EXEEXT_19 = networkxml2conftest$(EXEEXT) +@WITH_NETWORK_TRUE@am__EXEEXT_19 = networkxml2conftest$(EXEEXT) \ +@WITH_NETWORK_TRUE@ networkxml2firewalltest$(EXEEXT) @WITH_STORAGE_SHEEPDOG_TRUE@am__EXEEXT_20 = storagebackendsheepdogtest$(EXEEXT) -@WITH_STORAGE_TRUE@am__EXEEXT_21 = storagevolxml2argvtest$(EXEEXT) -@WITH_LINUX_TRUE@am__EXEEXT_22 = virscsitest$(EXEEXT) -@WITH_LINUX_TRUE@am__EXEEXT_23 = virusbtest$(EXEEXT) -@WITH_LIBVIRTD_TRUE@am__EXEEXT_24 = eventtest$(EXEEXT) \ +@WITH_NWFILTER_TRUE@am__EXEEXT_21 = nwfilterebiptablestest$(EXEEXT) \ +@WITH_NWFILTER_TRUE@ nwfilterxml2firewalltest$(EXEEXT) +@WITH_STORAGE_TRUE@am__EXEEXT_22 = storagevolxml2argvtest$(EXEEXT) +@WITH_LINUX_TRUE@am__EXEEXT_23 = virscsitest$(EXEEXT) +@WITH_LINUX_TRUE@am__EXEEXT_24 = virusbtest$(EXEEXT) +@WITH_LIBVIRTD_TRUE@am__EXEEXT_25 = eventtest$(EXEEXT) \ @WITH_LIBVIRTD_TRUE@ libvirtdconftest$(EXEEXT) -am__EXEEXT_25 = virshtest$(EXEEXT) sockettest$(EXEEXT) \ +am__EXEEXT_26 = virshtest$(EXEEXT) sockettest$(EXEEXT) \ nodeinfotest$(EXEEXT) virbuftest$(EXEEXT) commandtest$(EXEEXT) \ seclabeltest$(EXEEXT) virhashtest$(EXEEXT) \ viratomictest$(EXEEXT) utiltest$(EXEEXT) shunloadtest$(EXEEXT) \ virtimetest$(EXEEXT) viruritest$(EXEEXT) \ - virkeyfiletest$(EXEEXT) virauthconfigtest$(EXEEXT) \ - virbitmaptest$(EXEEXT) vircgrouptest$(EXEEXT) \ - vircryptotest$(EXEEXT) virpcitest$(EXEEXT) \ - virendiantest$(EXEEXT) virfiletest$(EXEEXT) \ - viridentitytest$(EXEEXT) viriscsitest$(EXEEXT) \ - virkeycodetest$(EXEEXT) virlockspacetest$(EXEEXT) \ - virlogtest$(EXEEXT) virstringtest$(EXEEXT) \ - virportallocatortest$(EXEEXT) sysinfotest$(EXEEXT) \ - virstoragetest$(EXEEXT) virnetdevbandwidthtest$(EXEEXT) \ - virkmodtest$(EXEEXT) vircapstest$(EXEEXT) \ - domainconftest$(EXEEXT) virhostdevtest$(EXEEXT) \ - $(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3) \ - $(am__EXEEXT_4) $(am__EXEEXT_5) $(am__EXEEXT_6) \ - $(am__EXEEXT_7) $(am__EXEEXT_8) $(am__EXEEXT_9) \ - $(am__EXEEXT_10) $(am__EXEEXT_11) $(am__EXEEXT_12) \ - $(am__EXEEXT_13) $(am__EXEEXT_14) $(am__EXEEXT_15) \ - $(am__EXEEXT_16) $(am__EXEEXT_17) $(am__EXEEXT_18) \ - networkxml2xmltest$(EXEEXT) networkxml2xmlupdatetest$(EXEEXT) \ - $(am__EXEEXT_19) $(am__EXEEXT_20) nwfilterxml2xmltest$(EXEEXT) \ - $(am__EXEEXT_21) $(am__EXEEXT_22) \ + virkeyfiletest$(EXEEXT) viralloctest$(EXEEXT) \ + virauthconfigtest$(EXEEXT) virbitmaptest$(EXEEXT) \ + vircgrouptest$(EXEEXT) vircryptotest$(EXEEXT) \ + virpcitest$(EXEEXT) virendiantest$(EXEEXT) \ + virfiletest$(EXEEXT) virfirewalltest$(EXEEXT) \ + viriscsitest$(EXEEXT) virkeycodetest$(EXEEXT) \ + virlockspacetest$(EXEEXT) virlogtest$(EXEEXT) \ + virstringtest$(EXEEXT) virportallocatortest$(EXEEXT) \ + sysinfotest$(EXEEXT) virstoragetest$(EXEEXT) \ + virnetdevbandwidthtest$(EXEEXT) virkmodtest$(EXEEXT) \ + vircapstest$(EXEEXT) domainconftest$(EXEEXT) \ + virhostdevtest$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \ + $(am__EXEEXT_3) $(am__EXEEXT_4) $(am__EXEEXT_5) \ + $(am__EXEEXT_6) $(am__EXEEXT_7) $(am__EXEEXT_8) \ + $(am__EXEEXT_9) $(am__EXEEXT_10) $(am__EXEEXT_11) \ + $(am__EXEEXT_12) $(am__EXEEXT_13) $(am__EXEEXT_14) \ + $(am__EXEEXT_15) $(am__EXEEXT_16) $(am__EXEEXT_17) \ + $(am__EXEEXT_18) networkxml2xmltest$(EXEEXT) \ + networkxml2xmlupdatetest$(EXEEXT) $(am__EXEEXT_19) \ + $(am__EXEEXT_20) nwfilterxml2xmltest$(EXEEXT) $(am__EXEEXT_21) \ + $(am__EXEEXT_22) $(am__EXEEXT_23) \ storagevolxml2xmltest$(EXEEXT) storagepoolxml2xmltest$(EXEEXT) \ nodedevxml2xmltest$(EXEEXT) interfacexml2xmltest$(EXEEXT) \ cputest$(EXEEXT) metadatatest$(EXEEXT) \ - secretxml2xmltest$(EXEEXT) $(am__EXEEXT_23) $(am__EXEEXT_24) \ + secretxml2xmltest$(EXEEXT) $(am__EXEEXT_24) $(am__EXEEXT_25) \ objecteventtest$(EXEEXT) -am__EXEEXT_26 = commandhelper$(EXEEXT) ssh$(EXEEXT) test_conf$(EXEEXT) +am__EXEEXT_27 = commandhelper$(EXEEXT) ssh$(EXEEXT) test_conf$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) am__bhyvexml2argvtest_SOURCES_DIST = bhyvexml2argvtest.c testutils.c \ testutils.h @@ -593,6 +609,14 @@ am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @WITH_BHYVE_TRUE@ $(am__DEPENDENCIES_2) @WITH_BHYVE_TRUE@bhyvexml2argvtest_DEPENDENCIES = \ @WITH_BHYVE_TRUE@ $(am__DEPENDENCIES_3) +am__bhyvexml2xmltest_SOURCES_DIST = bhyvexml2xmltest.c testutils.c \ + testutils.h +@WITH_BHYVE_TRUE@am_bhyvexml2xmltest_OBJECTS = \ +@WITH_BHYVE_TRUE@ bhyvexml2xmltest.$(OBJEXT) \ +@WITH_BHYVE_TRUE@ testutils.$(OBJEXT) +bhyvexml2xmltest_OBJECTS = $(am_bhyvexml2xmltest_OBJECTS) +@WITH_BHYVE_TRUE@bhyvexml2xmltest_DEPENDENCIES = \ +@WITH_BHYVE_TRUE@ $(am__DEPENDENCIES_3) am_commandhelper_OBJECTS = commandhelper.$(OBJEXT) commandhelper_OBJECTS = $(am_commandhelper_OBJECTS) commandhelper_DEPENDENCIES = $(am__DEPENDENCIES_2) @@ -619,8 +643,8 @@ domainsnapshotxml2xmltest_OBJECTS = \ $(am_domainsnapshotxml2xmltest_OBJECTS) @WITH_QEMU_TRUE@am__DEPENDENCIES_4 = \ @WITH_QEMU_TRUE@ ../src/libvirt_driver_qemu_impl.la \ -@WITH_QEMU_TRUE@ $(am__append_36) $(am__append_37) \ -@WITH_QEMU_TRUE@ $(am__append_38) $(am__DEPENDENCIES_2) +@WITH_QEMU_TRUE@ $(am__append_37) $(am__append_38) \ +@WITH_QEMU_TRUE@ $(am__append_39) $(am__DEPENDENCIES_2) @WITH_QEMU_TRUE@domainsnapshotxml2xmltest_DEPENDENCIES = \ @WITH_QEMU_TRUE@ $(am__DEPENDENCIES_4) am__esxutilstest_SOURCES_DIST = esxutilstest.c testutils.c testutils.h @@ -663,7 +687,7 @@ am__lxcconf2xmltest_SOURCES_DIST = lxcconf2xmltest.c testutils.c \ @WITH_LXC_TRUE@ testutils.$(OBJEXT) lxcconf2xmltest_OBJECTS = $(am_lxcconf2xmltest_OBJECTS) @WITH_LXC_TRUE@am__DEPENDENCIES_5 = ../src/libvirt_driver_lxc_impl.la \ -@WITH_LXC_TRUE@ $(am__append_40) $(am__DEPENDENCIES_2) +@WITH_LXC_TRUE@ $(am__append_41) $(am__DEPENDENCIES_2) @WITH_LXC_TRUE@lxcconf2xmltest_DEPENDENCIES = $(am__DEPENDENCIES_5) am__lxcxml2xmltest_SOURCES_DIST = lxcxml2xmltest.c testutilslxc.c \ testutilslxc.h testutils.c testutils.h @@ -684,6 +708,16 @@ networkxml2conftest_OBJECTS = $(am_networkxml2conftest_OBJECTS) @WITH_NETWORK_TRUE@networkxml2conftest_DEPENDENCIES = \ @WITH_NETWORK_TRUE@ ../src/libvirt_driver_network_impl.la \ @WITH_NETWORK_TRUE@ $(am__DEPENDENCIES_2) +am__networkxml2firewalltest_SOURCES_DIST = networkxml2firewalltest.c \ + testutils.c testutils.h +@WITH_NETWORK_TRUE@am_networkxml2firewalltest_OBJECTS = \ +@WITH_NETWORK_TRUE@ networkxml2firewalltest.$(OBJEXT) \ +@WITH_NETWORK_TRUE@ testutils.$(OBJEXT) +networkxml2firewalltest_OBJECTS = \ + $(am_networkxml2firewalltest_OBJECTS) +@WITH_NETWORK_TRUE@networkxml2firewalltest_DEPENDENCIES = \ +@WITH_NETWORK_TRUE@ ../src/libvirt_driver_network_impl.la \ +@WITH_NETWORK_TRUE@ $(am__DEPENDENCIES_2) am_networkxml2xmltest_OBJECTS = networkxml2xmltest.$(OBJEXT) \ testutils.$(OBJEXT) networkxml2xmltest_OBJECTS = $(am_networkxml2xmltest_OBJECTS) @@ -700,6 +734,25 @@ nodedevxml2xmltest_DEPENDENCIES = $(am__DEPENDENCIES_2) am_nodeinfotest_OBJECTS = nodeinfotest.$(OBJEXT) testutils.$(OBJEXT) nodeinfotest_OBJECTS = $(am_nodeinfotest_OBJECTS) nodeinfotest_DEPENDENCIES = $(am__DEPENDENCIES_2) +am__nwfilterebiptablestest_SOURCES_DIST = nwfilterebiptablestest.c \ + testutils.c testutils.h +@WITH_NWFILTER_TRUE@am_nwfilterebiptablestest_OBJECTS = \ +@WITH_NWFILTER_TRUE@ nwfilterebiptablestest.$(OBJEXT) \ +@WITH_NWFILTER_TRUE@ testutils.$(OBJEXT) +nwfilterebiptablestest_OBJECTS = $(am_nwfilterebiptablestest_OBJECTS) +@WITH_NWFILTER_TRUE@nwfilterebiptablestest_DEPENDENCIES = \ +@WITH_NWFILTER_TRUE@ ../src/libvirt_driver_nwfilter_impl.la \ +@WITH_NWFILTER_TRUE@ $(am__DEPENDENCIES_2) +am__nwfilterxml2firewalltest_SOURCES_DIST = \ + nwfilterxml2firewalltest.c testutils.c testutils.h +@WITH_NWFILTER_TRUE@am_nwfilterxml2firewalltest_OBJECTS = \ +@WITH_NWFILTER_TRUE@ nwfilterxml2firewalltest.$(OBJEXT) \ +@WITH_NWFILTER_TRUE@ testutils.$(OBJEXT) +nwfilterxml2firewalltest_OBJECTS = \ + $(am_nwfilterxml2firewalltest_OBJECTS) +@WITH_NWFILTER_TRUE@nwfilterxml2firewalltest_DEPENDENCIES = \ +@WITH_NWFILTER_TRUE@ ../src/libvirt_driver_nwfilter_impl.la \ +@WITH_NWFILTER_TRUE@ $(am__DEPENDENCIES_2) am_nwfilterxml2xmltest_OBJECTS = nwfilterxml2xmltest.$(OBJEXT) \ testutils.$(OBJEXT) nwfilterxml2xmltest_OBJECTS = $(am_nwfilterxml2xmltest_OBJECTS) @@ -865,6 +918,7 @@ am__storagevolxml2argvtest_SOURCES_DIST = storagevolxml2argvtest.c \ @WITH_STORAGE_TRUE@ testutils.$(OBJEXT) storagevolxml2argvtest_OBJECTS = $(am_storagevolxml2argvtest_OBJECTS) @WITH_STORAGE_TRUE@storagevolxml2argvtest_DEPENDENCIES = \ +@WITH_STORAGE_TRUE@ $(am__DEPENDENCIES_1) \ @WITH_STORAGE_TRUE@ ../src/libvirt_driver_storage_impl.la \ @WITH_STORAGE_TRUE@ $(am__DEPENDENCIES_2) am_storagevolxml2xmltest_OBJECTS = storagevolxml2xmltest.$(OBJEXT) \ @@ -880,6 +934,9 @@ test_conf_DEPENDENCIES = $(am__DEPENDENCIES_2) am_utiltest_OBJECTS = utiltest.$(OBJEXT) testutils.$(OBJEXT) utiltest_OBJECTS = $(am_utiltest_OBJECTS) utiltest_DEPENDENCIES = $(am__DEPENDENCIES_2) +am_viralloctest_OBJECTS = viralloctest.$(OBJEXT) testutils.$(OBJEXT) +viralloctest_OBJECTS = $(am_viralloctest_OBJECTS) +viralloctest_DEPENDENCIES = $(am__DEPENDENCIES_2) am_viratomictest_OBJECTS = viratomictest.$(OBJEXT) testutils.$(OBJEXT) viratomictest_OBJECTS = $(am_viratomictest_OBJECTS) viratomictest_DEPENDENCIES = $(am__DEPENDENCIES_2) @@ -926,6 +983,15 @@ virendiantest_DEPENDENCIES = $(am__DEPENDENCIES_2) am_virfiletest_OBJECTS = virfiletest.$(OBJEXT) testutils.$(OBJEXT) virfiletest_OBJECTS = $(am_virfiletest_OBJECTS) virfiletest_DEPENDENCIES = $(am__DEPENDENCIES_2) +am_virfirewalltest_OBJECTS = \ + virfirewalltest-virfirewalltest.$(OBJEXT) \ + virfirewalltest-testutils.$(OBJEXT) +virfirewalltest_OBJECTS = $(am_virfirewalltest_OBJECTS) +virfirewalltest_DEPENDENCIES = $(am__DEPENDENCIES_2) +virfirewalltest_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(virfirewalltest_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ am_virhashtest_OBJECTS = virhashtest.$(OBJEXT) testutils.$(OBJEXT) virhashtest_OBJECTS = $(am_virhashtest_OBJECTS) virhashtest_DEPENDENCIES = $(am__DEPENDENCIES_2) @@ -1125,19 +1191,23 @@ SOURCES = $(bhyvexml2argvmock_la_SOURCES) \ $(libshunload_la_SOURCES) \ $(libvirportallocatormock_la_SOURCES) \ $(qemuxml2argvmock_la_SOURCES) $(vircgroupmock_la_SOURCES) \ - $(virnetserverclientmock_la_SOURCES) $(virpcimock_la_SOURCES) \ - $(virsystemdmock_la_SOURCES) $(virusbmock_la_SOURCES) \ - $(bhyvexml2argvtest_SOURCES) $(commandhelper_SOURCES) \ - $(commandtest_SOURCES) $(cputest_SOURCES) \ - $(domainconftest_SOURCES) $(domainsnapshotxml2xmltest_SOURCES) \ - $(esxutilstest_SOURCES) $(eventtest_SOURCES) \ - $(fchosttest_SOURCES) $(fdstreamtest_SOURCES) \ - $(interfacexml2xmltest_SOURCES) $(jsontest_SOURCES) \ - $(libvirtdconftest_SOURCES) $(lxcconf2xmltest_SOURCES) \ - $(lxcxml2xmltest_SOURCES) $(metadatatest_SOURCES) \ - $(networkxml2conftest_SOURCES) $(networkxml2xmltest_SOURCES) \ + $(virmockdbus_la_SOURCES) $(virnetserverclientmock_la_SOURCES) \ + $(virpcimock_la_SOURCES) $(virusbmock_la_SOURCES) \ + $(bhyvexml2argvtest_SOURCES) $(bhyvexml2xmltest_SOURCES) \ + $(commandhelper_SOURCES) $(commandtest_SOURCES) \ + $(cputest_SOURCES) $(domainconftest_SOURCES) \ + $(domainsnapshotxml2xmltest_SOURCES) $(esxutilstest_SOURCES) \ + $(eventtest_SOURCES) $(fchosttest_SOURCES) \ + $(fdstreamtest_SOURCES) $(interfacexml2xmltest_SOURCES) \ + $(jsontest_SOURCES) $(libvirtdconftest_SOURCES) \ + $(lxcconf2xmltest_SOURCES) $(lxcxml2xmltest_SOURCES) \ + $(metadatatest_SOURCES) $(networkxml2conftest_SOURCES) \ + $(networkxml2firewalltest_SOURCES) \ + $(networkxml2xmltest_SOURCES) \ $(networkxml2xmlupdatetest_SOURCES) \ $(nodedevxml2xmltest_SOURCES) $(nodeinfotest_SOURCES) \ + $(nwfilterebiptablestest_SOURCES) \ + $(nwfilterxml2firewalltest_SOURCES) \ $(nwfilterxml2xmltest_SOURCES) $(objecteventtest_SOURCES) \ $(objectlocking_SOURCES) $(openvzutilstest_SOURCES) \ $(qemuagenttest_SOURCES) $(qemuargv2xmltest_SOURCES) \ @@ -1155,12 +1225,13 @@ SOURCES = $(bhyvexml2argvmock_la_SOURCES) \ $(storagevolxml2argvtest_SOURCES) \ $(storagevolxml2xmltest_SOURCES) $(sysinfotest_SOURCES) \ $(test_conf_SOURCES) $(utiltest_SOURCES) \ - $(viratomictest_SOURCES) $(virauthconfigtest_SOURCES) \ - $(virbitmaptest_SOURCES) $(virbuftest_SOURCES) \ - $(vircapstest_SOURCES) $(vircgrouptest_SOURCES) \ - $(vircryptotest_SOURCES) $(virdbustest_SOURCES) \ - $(virdrivermoduletest_SOURCES) $(virendiantest_SOURCES) \ - $(virfiletest_SOURCES) $(virhashtest_SOURCES) \ + $(viralloctest_SOURCES) $(viratomictest_SOURCES) \ + $(virauthconfigtest_SOURCES) $(virbitmaptest_SOURCES) \ + $(virbuftest_SOURCES) $(vircapstest_SOURCES) \ + $(vircgrouptest_SOURCES) $(vircryptotest_SOURCES) \ + $(virdbustest_SOURCES) $(virdrivermoduletest_SOURCES) \ + $(virendiantest_SOURCES) $(virfiletest_SOURCES) \ + $(virfirewalltest_SOURCES) $(virhashtest_SOURCES) \ $(virhostdevtest_SOURCES) $(viridentitytest_SOURCES) \ $(viriscsitest_SOURCES) $(virkeycodetest_SOURCES) \ $(virkeyfiletest_SOURCES) $(virkmodtest_SOURCES) \ @@ -1183,11 +1254,11 @@ DIST_SOURCES = $(am__bhyvexml2argvmock_la_SOURCES_DIST) \ $(libshunload_la_SOURCES) \ $(libvirportallocatormock_la_SOURCES) \ $(am__qemuxml2argvmock_la_SOURCES_DIST) \ - $(vircgroupmock_la_SOURCES) \ + $(vircgroupmock_la_SOURCES) $(am__virmockdbus_la_SOURCES_DIST) \ $(virnetserverclientmock_la_SOURCES) $(virpcimock_la_SOURCES) \ - $(am__virsystemdmock_la_SOURCES_DIST) \ $(am__virusbmock_la_SOURCES_DIST) \ - $(am__bhyvexml2argvtest_SOURCES_DIST) $(commandhelper_SOURCES) \ + $(am__bhyvexml2argvtest_SOURCES_DIST) \ + $(am__bhyvexml2xmltest_SOURCES_DIST) $(commandhelper_SOURCES) \ $(commandtest_SOURCES) $(cputest_SOURCES) \ $(domainconftest_SOURCES) \ $(am__domainsnapshotxml2xmltest_SOURCES_DIST) \ @@ -1198,9 +1269,12 @@ DIST_SOURCES = $(am__bhyvexml2argvmock_la_SOURCES_DIST) \ $(am__lxcconf2xmltest_SOURCES_DIST) \ $(am__lxcxml2xmltest_SOURCES_DIST) $(metadatatest_SOURCES) \ $(am__networkxml2conftest_SOURCES_DIST) \ + $(am__networkxml2firewalltest_SOURCES_DIST) \ $(networkxml2xmltest_SOURCES) \ $(networkxml2xmlupdatetest_SOURCES) \ $(nodedevxml2xmltest_SOURCES) $(nodeinfotest_SOURCES) \ + $(am__nwfilterebiptablestest_SOURCES_DIST) \ + $(am__nwfilterxml2firewalltest_SOURCES_DIST) \ $(nwfilterxml2xmltest_SOURCES) $(objecteventtest_SOURCES) \ $(am__objectlocking_SOURCES_DIST) \ $(am__openvzutilstest_SOURCES_DIST) \ @@ -1227,19 +1301,20 @@ DIST_SOURCES = $(am__bhyvexml2argvmock_la_SOURCES_DIST) \ $(am__storagevolxml2argvtest_SOURCES_DIST) \ $(storagevolxml2xmltest_SOURCES) $(sysinfotest_SOURCES) \ $(test_conf_SOURCES) $(utiltest_SOURCES) \ - $(viratomictest_SOURCES) $(virauthconfigtest_SOURCES) \ - $(virbitmaptest_SOURCES) $(virbuftest_SOURCES) \ - $(vircapstest_SOURCES) $(vircgrouptest_SOURCES) \ - $(vircryptotest_SOURCES) $(am__virdbustest_SOURCES_DIST) \ + $(viralloctest_SOURCES) $(viratomictest_SOURCES) \ + $(virauthconfigtest_SOURCES) $(virbitmaptest_SOURCES) \ + $(virbuftest_SOURCES) $(vircapstest_SOURCES) \ + $(vircgrouptest_SOURCES) $(vircryptotest_SOURCES) \ + $(am__virdbustest_SOURCES_DIST) \ $(am__virdrivermoduletest_SOURCES_DIST) \ $(virendiantest_SOURCES) $(virfiletest_SOURCES) \ - $(virhashtest_SOURCES) $(virhostdevtest_SOURCES) \ - $(viridentitytest_SOURCES) $(viriscsitest_SOURCES) \ - $(virkeycodetest_SOURCES) $(virkeyfiletest_SOURCES) \ - $(virkmodtest_SOURCES) $(virlockspacetest_SOURCES) \ - $(virlogtest_SOURCES) $(virnetdevbandwidthtest_SOURCES) \ - $(virnetmessagetest_SOURCES) $(virnetserverclienttest_SOURCES) \ - $(virnetsockettest_SOURCES) \ + $(virfirewalltest_SOURCES) $(virhashtest_SOURCES) \ + $(virhostdevtest_SOURCES) $(viridentitytest_SOURCES) \ + $(viriscsitest_SOURCES) $(virkeycodetest_SOURCES) \ + $(virkeyfiletest_SOURCES) $(virkmodtest_SOURCES) \ + $(virlockspacetest_SOURCES) $(virlogtest_SOURCES) \ + $(virnetdevbandwidthtest_SOURCES) $(virnetmessagetest_SOURCES) \ + $(virnetserverclienttest_SOURCES) $(virnetsockettest_SOURCES) \ $(am__virnettlscontexttest_SOURCES_DIST) \ $(am__virnettlssessiontest_SOURCES_DIST) $(virpcitest_SOURCES) \ $(virportallocatortest_SOURCES) \ @@ -1461,18 +1536,18 @@ am__set_TESTS_bases = \ bases=`echo $$bases` RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck -@WITH_LIBVIRTD_TRUE@am__EXEEXT_27 = test_conf.sh cpuset \ +@WITH_LIBVIRTD_TRUE@am__EXEEXT_28 = test_conf.sh cpuset \ @WITH_LIBVIRTD_TRUE@ define-dev-segfault int-overflow \ @WITH_LIBVIRTD_TRUE@ libvirtd-fail libvirtd-pool read-bufsiz \ @WITH_LIBVIRTD_TRUE@ read-non-seekable start \ @WITH_LIBVIRTD_TRUE@ virsh-uriprecedence vcpupin virsh-all \ @WITH_LIBVIRTD_TRUE@ virsh-optparse virsh-schedinfo \ @WITH_LIBVIRTD_TRUE@ virsh-synopsis virsh-undefine -am__EXEEXT_28 = capabilityschematest interfaceschematest \ +am__EXEEXT_29 = capabilityschematest interfaceschematest \ networkschematest storagepoolschematest storagevolschematest \ domainschematest nodedevschematest nwfilterschematest \ - domainsnapshotschematest secretschematest $(am__EXEEXT_27) \ - $(am__append_29) + domainsnapshotschematest secretschematest $(am__EXEEXT_28) \ + $(am__append_30) TEST_SUITE_LOG = test-suite.log TEST_EXTENSIONS = @EXEEXT@ .test LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver @@ -1590,6 +1665,7 @@ GLIB_CFLAGS = @GLIB_CFLAGS@ GLIB_LIBS = @GLIB_LIBS@ GLUSTERFS_CFLAGS = @GLUSTERFS_CFLAGS@ GLUSTERFS_LIBS = @GLUSTERFS_LIBS@ +GLUSTER_CLI = @GLUSTER_CLI@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GNULIB_ACCEPT = @GNULIB_ACCEPT@ @@ -2951,6 +3027,9 @@ AM_CFLAGS = \ $(COVERAGE_CFLAGS) \ $(WARN_CFLAGS) +AM_LDFLAGS = \ + -export-dynamic + PROBES_O = $(am__append_2) GNULIB_LIBS = \ ../gnulib/lib/libgnu.la @@ -2962,16 +3041,17 @@ LDADDS = \ $(GNULIB_LIBS) \ ../src/libvirt.la -EXTRA_DIST = bhyvexml2argvdata capabilityschemadata \ - capabilityschematest commanddata confdata cputestdata \ - domainconfdata domainschemadata domainschematest \ +EXTRA_DIST = bhyvexml2argvdata bhyvexml2xmloutdata \ + capabilityschemadata capabilityschematest commanddata confdata \ + cputestdata domainconfdata domainschemadata domainschematest \ domainsnapshotschematest domainsnapshotxml2xmlin \ domainsnapshotxml2xmlout fchostdata interfaceschemadata \ lxcconf2xmldata lxcxml2xmldata lxcxml2xmloutdata \ networkschematest networkxml2xmlin networkxml2xmlout \ networkxml2confdata networkxml2xmlupdatein \ - networkxml2xmlupdateout nodedevschemadata nodedevschematest \ - nodeinfodata nwfilterschematest nwfilterxml2xmlin \ + networkxml2xmlupdateout networkxml2firewalldata \ + nodedevschemadata nodedevschematest nodeinfodata \ + nwfilterschematest nwfilterxml2firewalldata nwfilterxml2xmlin \ nwfilterxml2xmlout oomtrace.pl qemucapabilitiesdata \ qemucaps2xmldata qemuhelpdata qemuhotplugtestdata \ qemumonitorjsondata qemuxml2argvdata qemuxml2xmloutdata \ @@ -2984,36 +3064,37 @@ EXTRA_DIST = bhyvexml2argvdata capabilityschemadata \ sysinfodata test-lib.sh virsh-uriprecedence virfiledata \ virpcitestdata virscsidata virusbtestdata vmx2xmldata \ xencapsdata xmconfigdata xml2sexprdata xml2vmxdata \ - vmwareverdata .valgrind.supp $(am__append_28) $(am__append_30) \ - $(test_scripts) $(am__append_35) $(am__append_39) \ - $(am__append_41) $(am__append_42) openvzutilstest.conf \ - $(am__append_43) $(am__append_44) $(am__append_45) \ + vmwareverdata .valgrind.supp virmock.h $(am__append_29) \ + $(am__append_31) $(test_scripts) $(am__append_36) \ + $(am__append_40) $(am__append_42) $(am__append_43) \ + openvzutilstest.conf $(am__append_44) $(am__append_45) \ $(am__append_46) $(am__append_47) $(am__append_48) \ - $(am__append_49) $(am__append_50) $(am__append_55) \ - $(am__append_56) $(am__append_57) securityselinuxtest.c \ - securityselinuxlabeltest.c securityselinuxhelper.c \ - $(am__append_60) $(am__append_61) + $(am__append_49) $(am__append_50) $(am__append_51) \ + $(am__append_56) $(am__append_57) $(am__append_58) \ + securityselinuxtest.c securityselinuxlabeltest.c \ + securityselinuxhelper.c $(am__append_61) $(am__append_62) test_helpers = commandhelper ssh test_conf test_programs = virshtest sockettest nodeinfotest virbuftest \ commandtest seclabeltest virhashtest viratomictest utiltest \ shunloadtest virtimetest viruritest virkeyfiletest \ - virauthconfigtest virbitmaptest vircgrouptest vircryptotest \ - virpcitest virendiantest virfiletest viridentitytest \ - viriscsitest virkeycodetest virlockspacetest virlogtest \ - virstringtest virportallocatortest sysinfotest virstoragetest \ - virnetdevbandwidthtest virkmodtest vircapstest domainconftest \ - virhostdevtest $(NULL) $(am__append_3) $(am__append_4) \ - $(am__append_5) $(am__append_6) $(am__append_7) \ - $(am__append_8) $(am__append_9) $(am__append_10) \ - $(am__append_11) $(am__append_12) $(am__append_13) \ - $(am__append_14) $(am__append_15) $(am__append_16) \ - $(am__append_17) $(am__append_18) $(am__append_19) \ - $(am__append_20) networkxml2xmltest networkxml2xmlupdatetest \ - $(am__append_21) $(am__append_22) nwfilterxml2xmltest \ - $(am__append_23) $(am__append_24) storagevolxml2xmltest \ + viralloctest virauthconfigtest virbitmaptest vircgrouptest \ + vircryptotest virpcitest virendiantest virfiletest \ + virfirewalltest viriscsitest virkeycodetest virlockspacetest \ + virlogtest virstringtest virportallocatortest sysinfotest \ + virstoragetest virnetdevbandwidthtest virkmodtest vircapstest \ + domainconftest virhostdevtest $(NULL) $(am__append_3) \ + $(am__append_4) $(am__append_5) $(am__append_6) \ + $(am__append_7) $(am__append_8) $(am__append_9) \ + $(am__append_10) $(am__append_11) $(am__append_12) \ + $(am__append_13) $(am__append_14) $(am__append_15) \ + $(am__append_16) $(am__append_17) $(am__append_18) \ + $(am__append_19) $(am__append_20) networkxml2xmltest \ + networkxml2xmlupdatetest $(NULL) $(am__append_21) \ + $(am__append_22) nwfilterxml2xmltest $(am__append_23) \ + $(am__append_24) $(am__append_25) storagevolxml2xmltest \ storagepoolxml2xmltest nodedevxml2xmltest interfacexml2xmltest \ - cputest metadatatest secretxml2xmltest $(am__append_25) \ - $(am__append_27) objecteventtest + cputest metadatatest secretxml2xmltest $(am__append_26) \ + $(am__append_28) objecteventtest # This is a fake SSH we use from virnetsockettest ssh_SOURCES = ssh.c @@ -3021,16 +3102,16 @@ ssh_LDADD = $(COVERAGE_LDFLAGS) test_scripts = capabilityschematest interfaceschematest \ networkschematest storagepoolschematest storagevolschematest \ domainschematest nodedevschematest nwfilterschematest \ - domainsnapshotschematest secretschematest $(am__append_26) \ - $(am__append_29) + domainsnapshotschematest secretschematest $(am__append_27) \ + $(am__append_30) test_libraries = libshunload.la libvirportallocatormock.la \ virnetserverclientmock.la vircgroupmock.la virpcimock.la \ - $(NULL) $(am__append_31) $(am__append_32) $(am__append_33) \ - $(am__append_34) + $(NULL) $(am__append_32) $(am__append_33) $(am__append_34) \ + $(am__append_35) @WITH_TESTS_TRUE@noinst_LTLIBRARIES = $(test_libraries) \ -@WITH_TESTS_TRUE@ $(am__append_58) +@WITH_TESTS_TRUE@ $(am__append_59) @WITH_TESTS_FALSE@check_LTLIBRARIES = $(test_libraries) \ -@WITH_TESTS_FALSE@ $(am__append_59) +@WITH_TESTS_FALSE@ $(am__append_60) # NB, automake < 1.10 does not provide the real # abs_top_{src/build}dir or builddir variables, so don't rely @@ -3099,8 +3180,8 @@ QEMUMONITORTESTUTILS_SOURCES = \ @WITH_QEMU_TRUE@libqemumonitortestutils_la_SOURCES = $(QEMUMONITORTESTUTILS_SOURCES) @WITH_QEMU_TRUE@qemu_LDADDS = ../src/libvirt_driver_qemu_impl.la \ -@WITH_QEMU_TRUE@ $(am__append_36) $(am__append_37) \ -@WITH_QEMU_TRUE@ $(am__append_38) $(LDADDS) +@WITH_QEMU_TRUE@ $(am__append_37) $(am__append_38) \ +@WITH_QEMU_TRUE@ $(am__append_39) $(LDADDS) @WITH_QEMU_TRUE@qemuxml2argvtest_SOURCES = \ @WITH_QEMU_TRUE@ qemuxml2argvtest.c testutilsqemu.c testutilsqemu.h \ @WITH_QEMU_TRUE@ testutils.c testutils.h @@ -3172,7 +3253,7 @@ QEMUMONITORTESTUTILS_SOURCES = \ @WITH_QEMU_TRUE@domainsnapshotxml2xmltest_LDADD = $(qemu_LDADDS) @WITH_LXC_TRUE@lxc_LDADDS = ../src/libvirt_driver_lxc_impl.la \ -@WITH_LXC_TRUE@ $(am__append_40) $(LDADDS) +@WITH_LXC_TRUE@ $(am__append_41) $(LDADDS) @WITH_LXC_TRUE@lxcxml2xmltest_SOURCES = \ @WITH_LXC_TRUE@ lxcxml2xmltest.c testutilslxc.c testutilslxc.h \ @WITH_LXC_TRUE@ testutils.c testutils.h @@ -3222,6 +3303,11 @@ QEMUMONITORTESTUTILS_SOURCES = \ @WITH_BHYVE_TRUE@ testutils.c testutils.h @WITH_BHYVE_TRUE@bhyvexml2argvtest_LDADD = $(bhyve_LDADDS) +@WITH_BHYVE_TRUE@bhyvexml2xmltest_SOURCES = \ +@WITH_BHYVE_TRUE@ bhyvexml2xmltest.c \ +@WITH_BHYVE_TRUE@ testutils.c testutils.h + +@WITH_BHYVE_TRUE@bhyvexml2xmltest_LDADD = $(bhyve_LDADDS) networkxml2xmltest_SOURCES = \ networkxml2xmltest.c \ testutils.c testutils.h @@ -3237,6 +3323,11 @@ networkxml2xmlupdatetest_LDADD = $(LDADDS) @WITH_NETWORK_TRUE@ testutils.c testutils.h @WITH_NETWORK_TRUE@networkxml2conftest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS) +@WITH_NETWORK_TRUE@networkxml2firewalltest_SOURCES = \ +@WITH_NETWORK_TRUE@ networkxml2firewalltest.c \ +@WITH_NETWORK_TRUE@ testutils.c testutils.h + +@WITH_NETWORK_TRUE@networkxml2firewalltest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS) @WITH_STORAGE_SHEEPDOG_TRUE@storagebackendsheepdogtest_SOURCES = \ @WITH_STORAGE_SHEEPDOG_TRUE@ storagebackendsheepdogtest.c \ @WITH_STORAGE_SHEEPDOG_TRUE@ testutils.c testutils.h @@ -3249,6 +3340,18 @@ nwfilterxml2xmltest_SOURCES = \ testutils.c testutils.h nwfilterxml2xmltest_LDADD = $(LDADDS) +@WITH_NWFILTER_TRUE@nwfilterebiptablestest_SOURCES = \ +@WITH_NWFILTER_TRUE@ nwfilterebiptablestest.c \ +@WITH_NWFILTER_TRUE@ testutils.c testutils.h + +@WITH_NWFILTER_TRUE@nwfilterebiptablestest_LDADD = ../src/libvirt_driver_nwfilter_impl.la $(LDADDS) +@WITH_NWFILTER_TRUE@nwfilterxml2firewalltest_SOURCES = \ +@WITH_NWFILTER_TRUE@ nwfilterxml2firewalltest.c \ +@WITH_NWFILTER_TRUE@ testutils.c testutils.h + +@WITH_NWFILTER_TRUE@nwfilterxml2firewalltest_LDADD = \ +@WITH_NWFILTER_TRUE@ ../src/libvirt_driver_nwfilter_impl.la $(LDADDS) + secretxml2xmltest_SOURCES = \ secretxml2xmltest.c \ testutils.c testutils.h @@ -3259,6 +3362,7 @@ secretxml2xmltest_LDADD = $(LDADDS) @WITH_STORAGE_TRUE@ testutils.c testutils.h @WITH_STORAGE_TRUE@storagevolxml2argvtest_LDADD = \ +@WITH_STORAGE_TRUE@ $(LIBXML_LIBS) \ @WITH_STORAGE_TRUE@ ../src/libvirt_driver_storage_impl.la $(LDADDS) storagevolxml2xmltest_SOURCES = \ @@ -3355,15 +3459,15 @@ virnetserverclientmock_la_LDFLAGS = -module -avoid-version \ @WITH_GNUTLS_TRUE@virnettlscontexttest_SOURCES = \ @WITH_GNUTLS_TRUE@ virnettlscontexttest.c virnettlshelpers.h \ @WITH_GNUTLS_TRUE@ virnettlshelpers.c testutils.h testutils.c \ -@WITH_GNUTLS_TRUE@ $(am__append_51) +@WITH_GNUTLS_TRUE@ $(am__append_52) @WITH_GNUTLS_TRUE@virnettlscontexttest_LDADD = $(LDADDS) \ -@WITH_GNUTLS_TRUE@ $(GNUTLS_LIBS) $(am__append_52) +@WITH_GNUTLS_TRUE@ $(GNUTLS_LIBS) $(am__append_53) @WITH_GNUTLS_TRUE@virnettlssessiontest_SOURCES = \ @WITH_GNUTLS_TRUE@ virnettlssessiontest.c virnettlshelpers.h \ @WITH_GNUTLS_TRUE@ virnettlshelpers.c testutils.h testutils.c \ -@WITH_GNUTLS_TRUE@ $(am__append_53) +@WITH_GNUTLS_TRUE@ $(am__append_54) @WITH_GNUTLS_TRUE@virnettlssessiontest_LDADD = $(LDADDS) \ -@WITH_GNUTLS_TRUE@ $(GNUTLS_LIBS) $(am__append_54) +@WITH_GNUTLS_TRUE@ $(GNUTLS_LIBS) $(am__append_55) virtimetest_SOURCES = \ virtimetest.c testutils.h testutils.c @@ -3457,18 +3561,18 @@ virpcimock_la_LDFLAGS = -module -avoid-version \ @WITH_DBUS_TRUE@virdbustest_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) @WITH_DBUS_TRUE@virdbustest_LDADD = $(LDADDS) $(DBUS_LIBS) +@WITH_DBUS_TRUE@virmockdbus_la_SOURCES = \ +@WITH_DBUS_TRUE@ virmockdbus.c + +@WITH_DBUS_TRUE@virmockdbus_la_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) +@WITH_DBUS_TRUE@virmockdbus_la_LDFLAGS = -module -avoid-version \ +@WITH_DBUS_TRUE@ -rpath /evil/libtool/hack/to/force/shared/lib/creation + @WITH_DBUS_TRUE@virsystemdtest_SOURCES = \ @WITH_DBUS_TRUE@ virsystemdtest.c testutils.h testutils.c -@WITH_DBUS_TRUE@virsystemdtest_CFLAGS = $(AM_CFLAGS) +@WITH_DBUS_TRUE@virsystemdtest_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) @WITH_DBUS_TRUE@virsystemdtest_LDADD = $(LDADDS) -@WITH_DBUS_TRUE@virsystemdmock_la_SOURCES = \ -@WITH_DBUS_TRUE@ virsystemdmock.c - -@WITH_DBUS_TRUE@virsystemdmock_la_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) -@WITH_DBUS_TRUE@virsystemdmock_la_LDFLAGS = -module -avoid-version \ -@WITH_DBUS_TRUE@ -rpath /evil/libtool/hack/to/force/shared/lib/creation - viruritest_SOURCES = \ viruritest.c testutils.h testutils.c @@ -3477,6 +3581,10 @@ virkeyfiletest_SOURCES = \ virkeyfiletest.c testutils.h testutils.c virkeyfiletest_LDADD = $(LDADDS) +viralloctest_SOURCES = \ + viralloctest.c testutils.h testutils.c + +viralloctest_LDADD = $(LDADDS) virauthconfigtest_SOURCES = \ virauthconfigtest.c testutils.h testutils.c @@ -3530,6 +3638,11 @@ virfiletest_SOURCES = \ virfiletest.c testutils.h testutils.c virfiletest_LDADD = $(LDADDS) +virfirewalltest_SOURCES = \ + virfirewalltest.c testutils.h testutils.c + +virfirewalltest_LDADD = $(LDADDS) +virfirewalltest_CFLAGS = $(AM_CFLAGS) $(DBUS_CFLAGS) jsontest_SOURCES = \ jsontest.c testutils.h testutils.c @@ -3667,15 +3780,15 @@ qemuxml2argvmock.la: $(qemuxml2argvmock_la_OBJECTS) $(qemuxml2argvmock_la_DEPEND vircgroupmock.la: $(vircgroupmock_la_OBJECTS) $(vircgroupmock_la_DEPENDENCIES) $(EXTRA_vircgroupmock_la_DEPENDENCIES) $(AM_V_CCLD)$(vircgroupmock_la_LINK) $(am_vircgroupmock_la_rpath) $(vircgroupmock_la_OBJECTS) $(vircgroupmock_la_LIBADD) $(LIBS) +virmockdbus.la: $(virmockdbus_la_OBJECTS) $(virmockdbus_la_DEPENDENCIES) $(EXTRA_virmockdbus_la_DEPENDENCIES) + $(AM_V_CCLD)$(virmockdbus_la_LINK) $(am_virmockdbus_la_rpath) $(virmockdbus_la_OBJECTS) $(virmockdbus_la_LIBADD) $(LIBS) + virnetserverclientmock.la: $(virnetserverclientmock_la_OBJECTS) $(virnetserverclientmock_la_DEPENDENCIES) $(EXTRA_virnetserverclientmock_la_DEPENDENCIES) $(AM_V_CCLD)$(virnetserverclientmock_la_LINK) $(am_virnetserverclientmock_la_rpath) $(virnetserverclientmock_la_OBJECTS) $(virnetserverclientmock_la_LIBADD) $(LIBS) virpcimock.la: $(virpcimock_la_OBJECTS) $(virpcimock_la_DEPENDENCIES) $(EXTRA_virpcimock_la_DEPENDENCIES) $(AM_V_CCLD)$(virpcimock_la_LINK) $(am_virpcimock_la_rpath) $(virpcimock_la_OBJECTS) $(virpcimock_la_LIBADD) $(LIBS) -virsystemdmock.la: $(virsystemdmock_la_OBJECTS) $(virsystemdmock_la_DEPENDENCIES) $(EXTRA_virsystemdmock_la_DEPENDENCIES) - $(AM_V_CCLD)$(virsystemdmock_la_LINK) $(am_virsystemdmock_la_rpath) $(virsystemdmock_la_OBJECTS) $(virsystemdmock_la_LIBADD) $(LIBS) - virusbmock.la: $(virusbmock_la_OBJECTS) $(virusbmock_la_DEPENDENCIES) $(EXTRA_virusbmock_la_DEPENDENCIES) $(AM_V_CCLD)$(virusbmock_la_LINK) $(am_virusbmock_la_rpath) $(virusbmock_la_OBJECTS) $(virusbmock_la_LIBADD) $(LIBS) @@ -3701,6 +3814,10 @@ bhyvexml2argvtest$(EXEEXT): $(bhyvexml2argvtest_OBJECTS) $(bhyvexml2argvtest_DEP @rm -f bhyvexml2argvtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(bhyvexml2argvtest_OBJECTS) $(bhyvexml2argvtest_LDADD) $(LIBS) +bhyvexml2xmltest$(EXEEXT): $(bhyvexml2xmltest_OBJECTS) $(bhyvexml2xmltest_DEPENDENCIES) $(EXTRA_bhyvexml2xmltest_DEPENDENCIES) + @rm -f bhyvexml2xmltest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(bhyvexml2xmltest_OBJECTS) $(bhyvexml2xmltest_LDADD) $(LIBS) + commandhelper$(EXEEXT): $(commandhelper_OBJECTS) $(commandhelper_DEPENDENCIES) $(EXTRA_commandhelper_DEPENDENCIES) @rm -f commandhelper$(EXEEXT) $(AM_V_CCLD)$(commandhelper_LINK) $(commandhelper_OBJECTS) $(commandhelper_LDADD) $(LIBS) @@ -3765,6 +3882,10 @@ networkxml2conftest$(EXEEXT): $(networkxml2conftest_OBJECTS) $(networkxml2confte @rm -f networkxml2conftest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(networkxml2conftest_OBJECTS) $(networkxml2conftest_LDADD) $(LIBS) +networkxml2firewalltest$(EXEEXT): $(networkxml2firewalltest_OBJECTS) $(networkxml2firewalltest_DEPENDENCIES) $(EXTRA_networkxml2firewalltest_DEPENDENCIES) + @rm -f networkxml2firewalltest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(networkxml2firewalltest_OBJECTS) $(networkxml2firewalltest_LDADD) $(LIBS) + networkxml2xmltest$(EXEEXT): $(networkxml2xmltest_OBJECTS) $(networkxml2xmltest_DEPENDENCIES) $(EXTRA_networkxml2xmltest_DEPENDENCIES) @rm -f networkxml2xmltest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(networkxml2xmltest_OBJECTS) $(networkxml2xmltest_LDADD) $(LIBS) @@ -3781,6 +3902,14 @@ nodeinfotest$(EXEEXT): $(nodeinfotest_OBJECTS) $(nodeinfotest_DEPENDENCIES) $(EX @rm -f nodeinfotest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(nodeinfotest_OBJECTS) $(nodeinfotest_LDADD) $(LIBS) +nwfilterebiptablestest$(EXEEXT): $(nwfilterebiptablestest_OBJECTS) $(nwfilterebiptablestest_DEPENDENCIES) $(EXTRA_nwfilterebiptablestest_DEPENDENCIES) + @rm -f nwfilterebiptablestest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(nwfilterebiptablestest_OBJECTS) $(nwfilterebiptablestest_LDADD) $(LIBS) + +nwfilterxml2firewalltest$(EXEEXT): $(nwfilterxml2firewalltest_OBJECTS) $(nwfilterxml2firewalltest_DEPENDENCIES) $(EXTRA_nwfilterxml2firewalltest_DEPENDENCIES) + @rm -f nwfilterxml2firewalltest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(nwfilterxml2firewalltest_OBJECTS) $(nwfilterxml2firewalltest_LDADD) $(LIBS) + nwfilterxml2xmltest$(EXEEXT): $(nwfilterxml2xmltest_OBJECTS) $(nwfilterxml2xmltest_DEPENDENCIES) $(EXTRA_nwfilterxml2xmltest_DEPENDENCIES) @rm -f nwfilterxml2xmltest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(nwfilterxml2xmltest_OBJECTS) $(nwfilterxml2xmltest_LDADD) $(LIBS) @@ -3909,6 +4038,10 @@ utiltest$(EXEEXT): $(utiltest_OBJECTS) $(utiltest_DEPENDENCIES) $(EXTRA_utiltest @rm -f utiltest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(utiltest_OBJECTS) $(utiltest_LDADD) $(LIBS) +viralloctest$(EXEEXT): $(viralloctest_OBJECTS) $(viralloctest_DEPENDENCIES) $(EXTRA_viralloctest_DEPENDENCIES) + @rm -f viralloctest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(viralloctest_OBJECTS) $(viralloctest_LDADD) $(LIBS) + viratomictest$(EXEEXT): $(viratomictest_OBJECTS) $(viratomictest_DEPENDENCIES) $(EXTRA_viratomictest_DEPENDENCIES) @rm -f viratomictest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(viratomictest_OBJECTS) $(viratomictest_LDADD) $(LIBS) @@ -3953,6 +4086,10 @@ virfiletest$(EXEEXT): $(virfiletest_OBJECTS) $(virfiletest_DEPENDENCIES) $(EXTRA @rm -f virfiletest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(virfiletest_OBJECTS) $(virfiletest_LDADD) $(LIBS) +virfirewalltest$(EXEEXT): $(virfirewalltest_OBJECTS) $(virfirewalltest_DEPENDENCIES) $(EXTRA_virfirewalltest_DEPENDENCIES) + @rm -f virfirewalltest$(EXEEXT) + $(AM_V_CCLD)$(virfirewalltest_LINK) $(virfirewalltest_OBJECTS) $(virfirewalltest_LDADD) $(LIBS) + virhashtest$(EXEEXT): $(virhashtest_OBJECTS) $(virhashtest_DEPENDENCIES) $(EXTRA_virhashtest_DEPENDENCIES) @rm -f virhashtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(virhashtest_OBJECTS) $(virhashtest_LDADD) $(LIBS) @@ -4085,6 +4222,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bhyvexml2argvmock_la-bhyvexml2argvmock.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bhyvexml2argvtest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bhyvexml2xmltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/commandhelper.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/commandtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cputest.Po@am__quote@ @@ -4102,10 +4240,13 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lxcxml2xmltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/metadatatest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/networkxml2conftest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/networkxml2firewalltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/networkxml2xmltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/networkxml2xmlupdatetest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nodedevxml2xmltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nodeinfotest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nwfilterebiptablestest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nwfilterxml2firewalltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nwfilterxml2xmltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/objecteventtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openvzutilstest.Po@am__quote@ @@ -4146,6 +4287,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testutilsqemu.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testutilsxen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utiltest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/viralloctest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/viratomictest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virauthconfigtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virbitmaptest.Po@am__quote@ @@ -4159,6 +4301,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virdrivermoduletest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virendiantest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virfiletest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virfirewalltest-testutils.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virfirewalltest-virfirewalltest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virhashtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virhostdevtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/viridentitytest.Po@am__quote@ @@ -4168,6 +4312,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virkmodtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virlockspacetest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virlogtest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virmockdbus_la-virmockdbus.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virnetdevbandwidthtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virnetmessagetest-testutils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virnetmessagetest-virnetmessagetest.Po@am__quote@ @@ -4185,7 +4330,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virshtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virstoragetest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virstringtest.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virsystemdmock_la-virsystemdmock.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virsystemdtest-testutils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virsystemdtest-virsystemdtest.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virtimetest.Po@am__quote@ @@ -4251,6 +4395,13 @@ vircgroupmock_la-vircgroupmock.lo: vircgroupmock.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(vircgroupmock_la_CFLAGS) $(CFLAGS) -c -o vircgroupmock_la-vircgroupmock.lo `test -f 'vircgroupmock.c' || echo '$(srcdir)/'`vircgroupmock.c +virmockdbus_la-virmockdbus.lo: virmockdbus.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virmockdbus_la_CFLAGS) $(CFLAGS) -MT virmockdbus_la-virmockdbus.lo -MD -MP -MF $(DEPDIR)/virmockdbus_la-virmockdbus.Tpo -c -o virmockdbus_la-virmockdbus.lo `test -f 'virmockdbus.c' || echo '$(srcdir)/'`virmockdbus.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virmockdbus_la-virmockdbus.Tpo $(DEPDIR)/virmockdbus_la-virmockdbus.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='virmockdbus.c' object='virmockdbus_la-virmockdbus.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virmockdbus_la_CFLAGS) $(CFLAGS) -c -o virmockdbus_la-virmockdbus.lo `test -f 'virmockdbus.c' || echo '$(srcdir)/'`virmockdbus.c + virnetserverclientmock_la-virnetserverclientmock.lo: virnetserverclientmock.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virnetserverclientmock_la_CFLAGS) $(CFLAGS) -MT virnetserverclientmock_la-virnetserverclientmock.lo -MD -MP -MF $(DEPDIR)/virnetserverclientmock_la-virnetserverclientmock.Tpo -c -o virnetserverclientmock_la-virnetserverclientmock.lo `test -f 'virnetserverclientmock.c' || echo '$(srcdir)/'`virnetserverclientmock.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virnetserverclientmock_la-virnetserverclientmock.Tpo $(DEPDIR)/virnetserverclientmock_la-virnetserverclientmock.Plo @@ -4265,13 +4416,6 @@ virpcimock_la-virpcimock.lo: virpcimock.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virpcimock_la_CFLAGS) $(CFLAGS) -c -o virpcimock_la-virpcimock.lo `test -f 'virpcimock.c' || echo '$(srcdir)/'`virpcimock.c -virsystemdmock_la-virsystemdmock.lo: virsystemdmock.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virsystemdmock_la_CFLAGS) $(CFLAGS) -MT virsystemdmock_la-virsystemdmock.lo -MD -MP -MF $(DEPDIR)/virsystemdmock_la-virsystemdmock.Tpo -c -o virsystemdmock_la-virsystemdmock.lo `test -f 'virsystemdmock.c' || echo '$(srcdir)/'`virsystemdmock.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virsystemdmock_la-virsystemdmock.Tpo $(DEPDIR)/virsystemdmock_la-virsystemdmock.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='virsystemdmock.c' object='virsystemdmock_la-virsystemdmock.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virsystemdmock_la_CFLAGS) $(CFLAGS) -c -o virsystemdmock_la-virsystemdmock.lo `test -f 'virsystemdmock.c' || echo '$(srcdir)/'`virsystemdmock.c - virusbmock_la-virusbmock.lo: virusbmock.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virusbmock_la_CFLAGS) $(CFLAGS) -MT virusbmock_la-virusbmock.lo -MD -MP -MF $(DEPDIR)/virusbmock_la-virusbmock.Tpo -c -o virusbmock_la-virusbmock.lo `test -f 'virusbmock.c' || echo '$(srcdir)/'`virusbmock.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virusbmock_la-virusbmock.Tpo $(DEPDIR)/virusbmock_la-virusbmock.Plo @@ -4307,6 +4451,34 @@ virdbustest-testutils.obj: testutils.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virdbustest_CFLAGS) $(CFLAGS) -c -o virdbustest-testutils.obj `if test -f 'testutils.c'; then $(CYGPATH_W) 'testutils.c'; else $(CYGPATH_W) '$(srcdir)/testutils.c'; fi` +virfirewalltest-virfirewalltest.o: virfirewalltest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -MT virfirewalltest-virfirewalltest.o -MD -MP -MF $(DEPDIR)/virfirewalltest-virfirewalltest.Tpo -c -o virfirewalltest-virfirewalltest.o `test -f 'virfirewalltest.c' || echo '$(srcdir)/'`virfirewalltest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virfirewalltest-virfirewalltest.Tpo $(DEPDIR)/virfirewalltest-virfirewalltest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='virfirewalltest.c' object='virfirewalltest-virfirewalltest.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -c -o virfirewalltest-virfirewalltest.o `test -f 'virfirewalltest.c' || echo '$(srcdir)/'`virfirewalltest.c + +virfirewalltest-virfirewalltest.obj: virfirewalltest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -MT virfirewalltest-virfirewalltest.obj -MD -MP -MF $(DEPDIR)/virfirewalltest-virfirewalltest.Tpo -c -o virfirewalltest-virfirewalltest.obj `if test -f 'virfirewalltest.c'; then $(CYGPATH_W) 'virfirewalltest.c'; else $(CYGPATH_W) '$(srcdir)/virfirewalltest.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virfirewalltest-virfirewalltest.Tpo $(DEPDIR)/virfirewalltest-virfirewalltest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='virfirewalltest.c' object='virfirewalltest-virfirewalltest.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -c -o virfirewalltest-virfirewalltest.obj `if test -f 'virfirewalltest.c'; then $(CYGPATH_W) 'virfirewalltest.c'; else $(CYGPATH_W) '$(srcdir)/virfirewalltest.c'; fi` + +virfirewalltest-testutils.o: testutils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -MT virfirewalltest-testutils.o -MD -MP -MF $(DEPDIR)/virfirewalltest-testutils.Tpo -c -o virfirewalltest-testutils.o `test -f 'testutils.c' || echo '$(srcdir)/'`testutils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virfirewalltest-testutils.Tpo $(DEPDIR)/virfirewalltest-testutils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='testutils.c' object='virfirewalltest-testutils.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -c -o virfirewalltest-testutils.o `test -f 'testutils.c' || echo '$(srcdir)/'`testutils.c + +virfirewalltest-testutils.obj: testutils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -MT virfirewalltest-testutils.obj -MD -MP -MF $(DEPDIR)/virfirewalltest-testutils.Tpo -c -o virfirewalltest-testutils.obj `if test -f 'testutils.c'; then $(CYGPATH_W) 'testutils.c'; else $(CYGPATH_W) '$(srcdir)/testutils.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virfirewalltest-testutils.Tpo $(DEPDIR)/virfirewalltest-testutils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='testutils.c' object='virfirewalltest-testutils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virfirewalltest_CFLAGS) $(CFLAGS) -c -o virfirewalltest-testutils.obj `if test -f 'testutils.c'; then $(CYGPATH_W) 'testutils.c'; else $(CYGPATH_W) '$(srcdir)/testutils.c'; fi` + virnetmessagetest-virnetmessagetest.o: virnetmessagetest.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(virnetmessagetest_CFLAGS) $(CFLAGS) -MT virnetmessagetest-virnetmessagetest.o -MD -MP -MF $(DEPDIR)/virnetmessagetest-virnetmessagetest.Tpo -c -o virnetmessagetest-virnetmessagetest.o `test -f 'virnetmessagetest.c' || echo '$(srcdir)/'`virnetmessagetest.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/virnetmessagetest-virnetmessagetest.Tpo $(DEPDIR)/virnetmessagetest-virnetmessagetest.Po @@ -4681,6 +4853,13 @@ virkeyfiletest.log: virkeyfiletest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +viralloctest.log: viralloctest$(EXEEXT) + @p='viralloctest$(EXEEXT)'; \ + b='viralloctest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) virauthconfigtest.log: virauthconfigtest$(EXEEXT) @p='virauthconfigtest$(EXEEXT)'; \ b='virauthconfigtest'; \ @@ -4730,9 +4909,9 @@ virfiletest.log: virfiletest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -viridentitytest.log: viridentitytest$(EXEEXT) - @p='viridentitytest$(EXEEXT)'; \ - b='viridentitytest'; \ +virfirewalltest.log: virfirewalltest$(EXEEXT) + @p='virfirewalltest$(EXEEXT)'; \ + b='virfirewalltest'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ @@ -4898,6 +5077,13 @@ securityselinuxtest.log: securityselinuxtest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +viridentitytest.log: viridentitytest$(EXEEXT) + @p='viridentitytest$(EXEEXT)'; \ + b='viridentitytest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) securityselinuxlabeltest.log: securityselinuxlabeltest$(EXEEXT) @p='securityselinuxlabeltest$(EXEEXT)'; \ b='securityselinuxlabeltest'; \ @@ -5094,6 +5280,13 @@ bhyvexml2argvtest.log: bhyvexml2argvtest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +bhyvexml2xmltest.log: bhyvexml2xmltest$(EXEEXT) + @p='bhyvexml2xmltest$(EXEEXT)'; \ + b='bhyvexml2xmltest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) objectlocking.log: objectlocking$(EXEEXT) @p='objectlocking$(EXEEXT)'; \ b='objectlocking'; \ @@ -5129,6 +5322,13 @@ networkxml2conftest.log: networkxml2conftest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +networkxml2firewalltest.log: networkxml2firewalltest$(EXEEXT) + @p='networkxml2firewalltest$(EXEEXT)'; \ + b='networkxml2firewalltest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) storagebackendsheepdogtest.log: storagebackendsheepdogtest$(EXEEXT) @p='storagebackendsheepdogtest$(EXEEXT)'; \ b='storagebackendsheepdogtest'; \ @@ -5143,6 +5343,20 @@ nwfilterxml2xmltest.log: nwfilterxml2xmltest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +nwfilterebiptablestest.log: nwfilterebiptablestest$(EXEEXT) + @p='nwfilterebiptablestest$(EXEEXT)'; \ + b='nwfilterebiptablestest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +nwfilterxml2firewalltest.log: nwfilterxml2firewalltest$(EXEEXT) + @p='nwfilterxml2firewalltest$(EXEEXT)'; \ + b='nwfilterxml2firewalltest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) storagevolxml2argvtest.log: storagevolxml2argvtest$(EXEEXT) @p='storagevolxml2argvtest$(EXEEXT)'; \ b='storagevolxml2argvtest'; \ diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-console.args b/tests/bhyvexml2argvdata/bhyvexml2argv-console.args new file mode 100644 index 000000000..1e09fb410 --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-console.args @@ -0,0 +1,4 @@ +/usr/sbin/bhyve -c 1 -m 214 -H -P -s 0:0,hostbridge \ +-s 1:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \ +-s 2:0,ahci-hd,/tmp/freebsd.img \ +-s 31,lpc -l com1,/dev/nmdm0A bhyve diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-console.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-console.xml new file mode 100644 index 000000000..64073f081 --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-console.xml @@ -0,0 +1,23 @@ +<domain type='bhyve'> + <name>bhyve</name> + <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid> + <memory>219136</memory> + <vcpu>1</vcpu> + <os> + <type>hvm</type> + </os> + <devices> + <disk type='file'> + <driver name='file' type='raw'/> + <source file='/tmp/freebsd.img'/> + <target dev='hda' bus='sata'/> + </disk> + <interface type='bridge'> + <model type='virtio'/> + <source bridge="virbr0"/> + </interface> + <console type='nmdm'> + <source master='/dev/nmdm0A' slave='/dev/nmdm0B'/> + </console> + </devices> +</domain> diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-metadata.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-metadata.xml new file mode 100644 index 000000000..6436301a9 --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-metadata.xml @@ -0,0 +1,26 @@ +<domain type='bhyve'> + <name>bhyve</name> + <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid> + <memory>219136</memory> + <vcpu>1</vcpu> + <os> + <type>hvm</type> + </os> + <devices> + <disk type='file'> + <driver name='file' type='raw'/> + <source file='/tmp/freebsd.img'/> + <target dev='hda' bus='sata'/> + </disk> + <interface type='bridge'> + <mac address='52:54:00:ad:55:51'/> + <model type='virtio'/> + <source bridge="virbr0"/> + </interface> + </devices> + <!-- intentional mis-indentation --> + <metadata> + <app1:foo xmlns:app1="http://foo.org/">fooish</app1:foo> + <app2:bar xmlns:app2="http://bar.com/" maman="baz">barish</app2:bar> + </metadata> +</domain> diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-serial.args b/tests/bhyvexml2argvdata/bhyvexml2argv-serial.args new file mode 100644 index 000000000..1e09fb410 --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-serial.args @@ -0,0 +1,4 @@ +/usr/sbin/bhyve -c 1 -m 214 -H -P -s 0:0,hostbridge \ +-s 1:0,virtio-net,faketapdev,mac=52:54:00:00:00:00 \ +-s 2:0,ahci-hd,/tmp/freebsd.img \ +-s 31,lpc -l com1,/dev/nmdm0A bhyve diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-serial.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-serial.xml new file mode 100644 index 000000000..bfecbb91e --- /dev/null +++ b/tests/bhyvexml2argvdata/bhyvexml2argv-serial.xml @@ -0,0 +1,23 @@ +<domain type='bhyve'> + <name>bhyve</name> + <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid> + <memory>219136</memory> + <vcpu>1</vcpu> + <os> + <type>hvm</type> + </os> + <devices> + <disk type='file'> + <driver name='file' type='raw'/> + <source file='/tmp/freebsd.img'/> + <target dev='hda' bus='sata'/> + </disk> + <interface type='bridge'> + <model type='virtio'/> + <source bridge="virbr0"/> + </interface> + <serial type='nmdm'> + <source master='/dev/nmdm0A' slave='/dev/nmdm0B'/> + </serial> + </devices> +</domain> diff --git a/tests/bhyvexml2argvtest.c b/tests/bhyvexml2argvtest.c index cb33fbfac..aedfb0115 100644 --- a/tests/bhyvexml2argvtest.c +++ b/tests/bhyvexml2argvtest.c @@ -6,6 +6,7 @@ # include "datatypes.h" +# include "bhyve/bhyve_capabilities.h" # include "bhyve/bhyve_utils.h" # include "bhyve/bhyve_command.h" @@ -13,33 +14,6 @@ static bhyveConn driver; -static virCapsPtr -testBhyveBuildCapabilities(void) -{ - virCapsPtr caps; - virCapsGuestPtr guest; - - if ((caps = virCapabilitiesNew(virArchFromHost(), - 0, 0)) == NULL) - return NULL; - - if ((guest = virCapabilitiesAddGuest(caps, "hvm", - VIR_ARCH_X86_64, - "bhyve", - NULL, 0, NULL)) == NULL) - goto error; - - if (virCapabilitiesAddGuestDomain(guest, - "bhyve", NULL, NULL, 0, NULL) == NULL) - goto error; - - return caps; - - error: - virObjectUnref(caps); - return NULL; -} - static int testCompareXMLToArgvFiles(const char *xml, const char *cmdline) { @@ -114,7 +88,7 @@ mymain(void) { int ret = 0; - if ((driver.caps = testBhyveBuildCapabilities()) == NULL) + if ((driver.caps = virBhyveCapsBuild()) == NULL) return EXIT_FAILURE; if ((driver.xmlopt = virDomainXMLOptionNew(NULL, NULL, NULL)) == NULL) @@ -132,6 +106,8 @@ mymain(void) DO_TEST("acpiapic"); DO_TEST("disk-virtio"); DO_TEST("macaddr"); + DO_TEST("serial"); + DO_TEST("console"); virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); diff --git a/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-metadata.xml b/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-metadata.xml new file mode 100644 index 000000000..77e18d48c --- /dev/null +++ b/tests/bhyvexml2xmloutdata/bhyvexml2xmlout-metadata.xml @@ -0,0 +1,33 @@ +<domain type='bhyve'> + <name>bhyve</name> + <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid> + <metadata> + <app1:foo xmlns:app1="http://foo.org/">fooish</app1:foo> + <app2:bar xmlns:app2="http://bar.com/" maman="baz">barish</app2:bar> + </metadata> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <disk type='file' device='disk'> + <driver name='file' type='raw'/> + <source file='/tmp/freebsd.img'/> + <target dev='hda' bus='sata'/> + <address type='drive' controller='0' bus='0' target='0' unit='0'/> + </disk> + <controller type='sata' index='0'/> + <interface type='bridge'> + <mac address='52:54:00:ad:55:51'/> + <source bridge='virbr0'/> + <model type='virtio'/> + </interface> + </devices> +</domain> diff --git a/tests/bhyvexml2xmltest.c b/tests/bhyvexml2xmltest.c new file mode 100644 index 000000000..81cba0f96 --- /dev/null +++ b/tests/bhyvexml2xmltest.c @@ -0,0 +1,120 @@ +#include <config.h> + +#include "testutils.h" + +#ifdef WITH_BHYVE + +# include "bhyve/bhyve_capabilities.h" +# include "bhyve/bhyve_utils.h" + +# define VIR_FROM_THIS VIR_FROM_NONE + +static bhyveConn driver; + +static int +testCompareXMLToXMLFiles(const char *inxml, const char *outxml) +{ + char *inXmlData = NULL; + char *outXmlData = NULL; + char *actual = NULL; + virDomainDefPtr def = NULL; + int ret = -1; + + if (virtTestLoadFile(inxml, &inXmlData) < 0) + goto fail; + + if (virtTestLoadFile(outxml, &outXmlData) < 0) + goto fail; + + if (!(def = virDomainDefParseString(inXmlData, driver.caps, driver.xmlopt, + 1 << VIR_DOMAIN_VIRT_BHYVE, + VIR_DOMAIN_XML_INACTIVE))) + goto fail; + + if (!(actual = virDomainDefFormat(def, VIR_DOMAIN_XML_INACTIVE))) + goto fail; + + if (STRNEQ(outXmlData, actual)) { + virtTestDifference(stderr, outXmlData, actual); + goto fail; + } + + ret = 0; + + fail: + VIR_FREE(inXmlData); + VIR_FREE(outXmlData); + VIR_FREE(actual); + virDomainDefFree(def); + return ret; +} + +struct testInfo { + const char *name; + bool different; +}; + +static int +testCompareXMLToXMLHelper(const void *data) +{ + const struct testInfo *info = data; + char *xml_in = NULL; + char *xml_out = NULL; + int ret = -1; + + if (virAsprintf(&xml_in, "%s/bhyvexml2argvdata/bhyvexml2argv-%s.xml", + abs_srcdir, info->name) < 0 || + virAsprintf(&xml_out, "%s/bhyvexml2xmloutdata/bhyvexml2xmlout-%s.xml", + abs_srcdir, info->name) < 0) + goto cleanup; + + ret = testCompareXMLToXMLFiles(xml_in, + info->different ? xml_out : xml_in); + + cleanup: + VIR_FREE(xml_in); + VIR_FREE(xml_out); + return ret; +} + +static int +mymain(void) +{ + int ret = 0; + + if ((driver.caps = virBhyveCapsBuild()) == NULL) + return EXIT_FAILURE; + + if ((driver.xmlopt = virDomainXMLOptionNew(NULL, NULL, NULL)) == NULL) + return EXIT_FAILURE; + +# define DO_TEST_FULL(name, is_different) \ + do { \ + const struct testInfo info = {name, is_different}; \ + if (virtTestRun("BHYVE XML-2-XML " name, \ + testCompareXMLToXMLHelper, &info) < 0) \ + ret = -1; \ + } while (0) + +# define DO_TEST_DIFFERENT(name) \ + DO_TEST_FULL(name, true) + + DO_TEST_DIFFERENT("metadata"); + + virObjectUnref(driver.caps); + virObjectUnref(driver.xmlopt); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIRT_TEST_MAIN(mymain) + +#else + +int +main(void) +{ + return EXIT_AM_SKIP; +} + +#endif /* WITH_BHYVE */ diff --git a/tests/cputest.c b/tests/cputest.c index 8903f8276..3766c2f2d 100644 --- a/tests/cputest.c +++ b/tests/cputest.c @@ -40,8 +40,6 @@ #include "cpu/cpu_map.h" #include "virstring.h" -static const char *abs_top_srcdir; - #define VIR_FROM_THIS VIR_FROM_CPU enum cpuTestBoolWithError { @@ -504,17 +502,6 @@ static int mymain(void) { int ret = 0; - char *map = NULL; - - abs_top_srcdir = getenv("abs_top_srcdir"); - if (!abs_top_srcdir) - abs_top_srcdir = abs_srcdir "/.."; - - if (virAsprintf(&map, "%s/src/cpu/cpu_map.xml", abs_top_srcdir) < 0 || - cpuMapOverride(map) < 0) { - VIR_FREE(map); - return EXIT_FAILURE; - } #define DO_TEST(arch, api, name, host, cpu, \ models, nmodels, preferred, flags, result) \ @@ -657,7 +644,6 @@ mymain(void) DO_TEST_GUESTDATA("ppc64", "host", "guest", ppc_models, NULL, 0); DO_TEST_GUESTDATA("ppc64", "host", "guest-nofallback", ppc_models, "POWER7_v2.1", -1); - VIR_FREE(map); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } diff --git a/tests/domainschemadata/backing-chains.xml b/tests/domainschemadata/backing-chains.xml new file mode 100644 index 000000000..84df1dbd3 --- /dev/null +++ b/tests/domainschemadata/backing-chains.xml @@ -0,0 +1,94 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='gluster' name='Volume2/Image'> + <host transport='unix' socket='/path/to/sock'/> + </source> + <backingStore type='file' index='1'> + <format type='qcow2'/> + <source file='/tmp/missing-backing-store.qcow'/> + </backingStore> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='nbd' name='bar'> + <host transport='unix' socket='/var/run/nbdsock'/> + </source> + <backingStore type='block' index='1'> + <format type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <backingStore type='file' index='2'> + <format type='qcow2'/> + <source file='/tmp/image2.qcow'/> + <backingStore type='file' index='3'> + <format type='qcow2'/> + <source file='/tmp/image3.qcow'/> + <backingStore type='file' index='4'> + <format type='qcow2'/> + <source file='/tmp/image4.qcow'/> + <backingStore type='file' index='5'> + <source file='/tmp/image5.qcow'/> + <format type='qcow2'/> + <backingStore type='file' index='6'> + <format type='raw'/> + <source file='/tmp/Fedora-17-x86_64-Live-KDE.iso'/> + <backingStore/> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + <target dev='vdb' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <backingStore/> + <source protocol='gluster' name='Volume1/Image'> + <host name='example.org' port='6000'/> + </source> + <target dev='vdc' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <auth username='myname'> + <secret type='ceph' usage='mycluster_myname'/> + </auth> + <source protocol='rbd' name='pool/image'> + <host name='mon1.example.org' port='6321'/> + <host name='mon2.example.org' port='6322'/> + <host name='mon3.example.org' port='6322'/> + </source> + <backingStore type='file' index='1'> + <source file='/tmp/image.qcow'/> + <backingStore/> + <format type='qcow2'/> + </backingStore> + <target dev='vdd' bus='virtio'/> + </disk> + <disk type='block' device='disk'> + <driver name='qemu' type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest11'/> + <target dev='vde' bus='virtio'/> + </disk> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/domainsnapshotxml2xmlin/disk-invalid.xml b/tests/domainsnapshotxml2xmlin/disk-invalid.xml new file mode 100644 index 000000000..6d2bea4b9 --- /dev/null +++ b/tests/domainsnapshotxml2xmlin/disk-invalid.xml @@ -0,0 +1,10 @@ +<domainsnapshot> + <name>asdf</name> + <description>adsf</description> + <disks> + <disk name='vda' snapshot='external'> + <source file='/tmp/foo' startupPolicy='optional'/> + <driver/> + </disk> + </disks> +</domainsnapshot> diff --git a/tests/domainsnapshotxml2xmlin/disk-network-seclabel-invalid.xml b/tests/domainsnapshotxml2xmlin/disk-network-seclabel-invalid.xml new file mode 100644 index 000000000..de0de1086 --- /dev/null +++ b/tests/domainsnapshotxml2xmlin/disk-network-seclabel-invalid.xml @@ -0,0 +1,12 @@ +<domainsnapshot> + <name>my snap name</name> + <description>!@#$%^</description> + <disks> + <disk name='hdg' snapshot='external' type='network'> + <source protocol='gluster' name='volume/path'> + <host name='host' port='1234'/> + <seclabel model='dac' relabel='no'/> + </source> + </disk> + </disks> +</domainsnapshot> diff --git a/tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml b/tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml new file mode 100644 index 000000000..528c646a1 --- /dev/null +++ b/tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml @@ -0,0 +1,11 @@ +<domainsnapshot> + <name>my snap name</name> + <description>!@#$%^</description> + <disks> + <disk name='hde' snapshot='external' type='file'> + <source file='/path/to/new2'> + <seclabel model='dac' relabel='no'/> + </source> + </disk> + </disks> +</domainsnapshot> diff --git a/tests/fdstreamtest.c b/tests/fdstreamtest.c index d52b77b3b..56ba5d912 100644 --- a/tests/fdstreamtest.c +++ b/tests/fdstreamtest.c @@ -321,9 +321,6 @@ mymain(void) { char scratchdir[] = SCRATCHDIRTEMPLATE; int ret = 0; - const char *iohelper = abs_builddir "/../src/libvirt_iohelper"; - - virFDStreamSetIOHelper(iohelper); if (!mkdtemp(scratchdir)) { virFilePrintf(stderr, "Cannot create fakesysfsdir"); diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml index 628798dd3..36b8e52f2 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml @@ -18,7 +18,7 @@ <weight>300</weight> </device> </blkiotune> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml index 1b8fb0ca1..932ab6168 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' cpuset='1-2,5-7' current='0'>1</vcpu> + <vcpu placement='static' cpuset='1-2,5-7'>1</vcpu> <numatune> <memory mode='strict' nodeset='1-4'/> </numatune> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml index a511dcfee..1bab1c65a 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <cputune> <shares>1024</shares> <period>500000</period> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml index 576c90348..050ccd6f7 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml index aa0683a5c..996c0f749 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml index 026435674..b7c919e7a 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml @@ -8,7 +8,7 @@ <soft_limit unit='KiB'>131072</soft_limit> <swap_hard_limit unit='KiB'>2097152</swap_hard_limit> </memtune> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml index eebcb4ed5..6d9e16de4 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml index 511e3dd7a..101324ad1 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml index 35a2a9623..5fe1b03b3 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml index 6ec0f17ad..b3c3659c1 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type arch='i686'>exe</type> <init>/sbin/init</init> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml index 7d6d51b5c..45348ed15 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml @@ -3,7 +3,7 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>65536</memory> <currentMemory unit='KiB'>0</currentMemory> - <vcpu placement='static' current='0'>1</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type>exe</type> <init>/sbin/init</init> diff --git a/tests/networkxml2firewalldata/nat-default-linux.args b/tests/networkxml2firewalldata/nat-default-linux.args new file mode 100644 index 000000000..b92a84528 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-default-linux.args @@ -0,0 +1,30 @@ +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \ +--destination-port 68 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --source 192.168.122.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \ +--destination 192.168.122.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +iptables --table mangle --insert POSTROUTING --out-interface virbr0 \ +--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill diff --git a/tests/networkxml2firewalldata/nat-default.xml b/tests/networkxml2firewalldata/nat-default.xml new file mode 100644 index 000000000..d7241d0c1 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-default.xml @@ -0,0 +1,10 @@ +<network> + <name>default</name> + <bridge name="virbr0"/> + <forward/> + <ip address="192.168.122.1" netmask="255.255.255.0"> + <dhcp> + <range start="192.168.122.2" end="192.168.122.254"/> + </dhcp> + </ip> +</network> diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.args b/tests/networkxml2firewalldata/nat-ipv6-linux.args new file mode 100644 index 000000000..2fae0db54 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-ipv6-linux.args @@ -0,0 +1,44 @@ +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \ +--destination-port 68 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +ip6tables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 547 --jump ACCEPT +iptables --table filter --insert FORWARD --source 192.168.122.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \ +--destination 192.168.122.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \ +--in-interface virbr0 --jump ACCEPT +ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \ +--out-interface virbr0 --jump ACCEPT +iptables --table mangle --insert POSTROUTING --out-interface virbr0 \ +--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill diff --git a/tests/networkxml2firewalldata/nat-ipv6.xml b/tests/networkxml2firewalldata/nat-ipv6.xml new file mode 100644 index 000000000..337e71de2 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-ipv6.xml @@ -0,0 +1,15 @@ +<network> + <name>default</name> + <bridge name="virbr0"/> + <forward/> + <ip address="192.168.122.1" netmask="255.255.255.0"> + <dhcp> + <range start="192.168.122.2" end="192.168.122.254"/> + </dhcp> + </ip> + <ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" > + <dhcp> + <range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff" /> + </dhcp> + </ip> +</network> diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.args b/tests/networkxml2firewalldata/nat-many-ips-linux.args new file mode 100644 index 000000000..8e8923dad --- /dev/null +++ b/tests/networkxml2firewalldata/nat-many-ips-linux.args @@ -0,0 +1,58 @@ +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \ +--destination-port 68 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --source 192.168.122.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \ +--destination 192.168.122.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +iptables --table filter --insert FORWARD --source 192.168.128.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.128.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 '!' \ +--destination 192.168.128.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \ +-p udp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \ +-p tcp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +iptables --table filter --insert FORWARD --source 192.168.150.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.150.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 '!' \ +--destination 192.168.150.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \ +-p udp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \ +-p tcp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +iptables --table mangle --insert POSTROUTING --out-interface virbr0 \ +--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill diff --git a/tests/networkxml2firewalldata/nat-many-ips.xml b/tests/networkxml2firewalldata/nat-many-ips.xml new file mode 100644 index 000000000..0c8dcff30 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-many-ips.xml @@ -0,0 +1,12 @@ +<network> + <name>default</name> + <bridge name="virbr0"/> + <forward/> + <ip address="192.168.122.1" netmask="255.255.255.0"> + <dhcp> + <range start="192.168.122.2" end="192.168.122.254"/> + </dhcp> + </ip> + <ip address="192.168.128.1" netmask="255.255.255.0"/> + <ip address="192.168.150.1" netmask="255.255.255.0"/> +</network> diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.args b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args new file mode 100644 index 000000000..e6635f0ad --- /dev/null +++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args @@ -0,0 +1,42 @@ +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \ +--destination-port 68 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +ip6tables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 547 --jump ACCEPT +iptables --table filter --insert FORWARD --source 192.168.122.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \ +--destination 192.168.122.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \ +--in-interface virbr0 --jump ACCEPT +ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \ +--out-interface virbr0 --jump ACCEPT diff --git a/tests/networkxml2firewalldata/nat-no-dhcp.xml b/tests/networkxml2firewalldata/nat-no-dhcp.xml new file mode 100644 index 000000000..0bccd1da4 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-no-dhcp.xml @@ -0,0 +1,7 @@ +<network> + <name>default</name> + <bridge name="virbr0"/> + <forward/> + <ip address="192.168.122.1" netmask="255.255.255.0"/> + <ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"/> +</network> diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.args b/tests/networkxml2firewalldata/nat-tftp-linux.args new file mode 100644 index 000000000..2eac1e066 --- /dev/null +++ b/tests/networkxml2firewalldata/nat-tftp-linux.args @@ -0,0 +1,32 @@ +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \ +--destination-port 68 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 69 --jump ACCEPT +iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --source 192.168.122.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \ +--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \ +--destination 192.168.122.0/24 --jump MASQUERADE +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535 +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 255.255.255.255/32 --jump RETURN +iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \ +--destination 224.0.0.0/24 --jump RETURN +iptables --table mangle --insert POSTROUTING --out-interface virbr0 \ +--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill diff --git a/tests/networkxml2firewalldata/nat-tftp.xml b/tests/networkxml2firewalldata/nat-tftp.xml new file mode 100644 index 000000000..17e8e0a4a --- /dev/null +++ b/tests/networkxml2firewalldata/nat-tftp.xml @@ -0,0 +1,11 @@ +<network> + <name>default</name> + <bridge name="virbr0"/> + <forward/> + <ip address="192.168.122.1" netmask="255.255.255.0"> + <tftp root='/some/dir'/> + <dhcp> + <range start="192.168.122.2" end="192.168.122.254"/> + </dhcp> + </ip> +</network> diff --git a/tests/networkxml2firewalldata/route-default-linux.args b/tests/networkxml2firewalldata/route-default-linux.args new file mode 100644 index 000000000..2ebef08fe --- /dev/null +++ b/tests/networkxml2firewalldata/route-default-linux.args @@ -0,0 +1,20 @@ +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 67 --jump ACCEPT +iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \ +--destination-port 68 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \ +--destination-port 53 --jump ACCEPT +iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT +iptables --table filter --insert FORWARD --in-interface virbr0 \ +--out-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --source 192.168.122.0/24 \ +--in-interface virbr0 --jump ACCEPT +iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \ +--out-interface virbr0 --jump ACCEPT +iptables --table mangle --insert POSTROUTING --out-interface virbr0 \ +--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill diff --git a/tests/networkxml2firewalldata/route-default.xml b/tests/networkxml2firewalldata/route-default.xml new file mode 100644 index 000000000..3bc7bb98f --- /dev/null +++ b/tests/networkxml2firewalldata/route-default.xml @@ -0,0 +1,10 @@ +<network> + <name>default</name> + <bridge name="virbr0"/> + <forward mode='route'/> + <ip address="192.168.122.1" netmask="255.255.255.0"> + <dhcp> + <range start="192.168.122.2" end="192.168.122.254"/> + </dhcp> + </ip> +</network> diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c new file mode 100644 index 000000000..9255e0149 --- /dev/null +++ b/tests/networkxml2firewalltest.c @@ -0,0 +1,163 @@ +/* + * networkxml2firewalltest.c: Test iptables rule generation + * + * Copyright (C) 2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#include <config.h> + +#if defined (__linux__) + +# include "testutils.h" +# include "network/bridge_driver_platform.h" +# include "virbuffer.h" + +# define __VIR_FIREWALL_PRIV_H_ALLOW__ +# include "virfirewallpriv.h" + +# define __VIR_COMMAND_PRIV_H_ALLOW__ +# include "vircommandpriv.h" + +# define VIR_FROM_THIS VIR_FROM_NONE + +static const char *abs_top_srcdir; + +# ifdef __linux__ +# define RULESTYPE "linux" +# else +# error "test case not ported to this platform" +# endif + +static int testCompareXMLToArgvFiles(const char *xml, + const char *cmdline) +{ + char *expectargv = NULL; + int len; + char *actualargv = NULL; + virBuffer buf = VIR_BUFFER_INITIALIZER; + virNetworkDefPtr def = NULL; + int ret = -1; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (!(def = virNetworkDefParseFile(xml))) + goto cleanup; + + if (networkAddFirewallRules(def) < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actualargv = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actualargv); + virCommandSetDryRun(NULL, NULL, NULL); + + len = virtTestLoadFile(cmdline, &expectargv); + if (len < 0) + goto cleanup; + + if (STRNEQ(expectargv, actualargv)) { + virtTestDifference(stderr, expectargv, actualargv); + goto cleanup; + } + + ret = 0; + + cleanup: + virBufferFreeAndReset(&buf); + VIR_FREE(expectargv); + VIR_FREE(actualargv); + virNetworkDefFree(def); + return ret; +} + +struct testInfo { + const char *name; +}; + + +static int +testCompareXMLToIPTablesHelper(const void *data) +{ + int result = -1; + const struct testInfo *info = data; + char *xml = NULL; + char *args = NULL; + + if (virAsprintf(&xml, "%s/networkxml2firewalldata/%s.xml", + abs_srcdir, info->name) < 0 || + virAsprintf(&args, "%s/networkxml2firewalldata/%s-%s.args", + abs_srcdir, info->name, RULESTYPE) < 0) + goto cleanup; + + result = testCompareXMLToArgvFiles(xml, args); + + cleanup: + VIR_FREE(xml); + VIR_FREE(args); + return result; +} + + +static int +mymain(void) +{ + int ret = 0; + + abs_top_srcdir = getenv("abs_top_srcdir"); + if (!abs_top_srcdir) + abs_top_srcdir = abs_srcdir "/.."; + +# define DO_TEST(name) \ + do { \ + static struct testInfo info = { \ + name, \ + }; \ + if (virtTestRun("Network XML-2-iptables " name, \ + testCompareXMLToIPTablesHelper, &info) < 0) \ + ret = -1; \ + } while (0) + + if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + ret = -1; + goto cleanup; + } + + DO_TEST("nat-default"); + DO_TEST("nat-tftp"); + DO_TEST("nat-many-ips"); + DO_TEST("nat-no-dhcp"); + DO_TEST("nat-ipv6"); + DO_TEST("route-default"); + DO_TEST("route-default"); + + cleanup: + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIRT_TEST_MAIN(mymain) + +#else /* ! defined (__linux__) */ + +int main(void) +{ + return EXIT_AM_SKIP; +} + +#endif /* ! defined (__linux__) */ diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c new file mode 100644 index 000000000..df939d5fe --- /dev/null +++ b/tests/nwfilterebiptablestest.c @@ -0,0 +1,561 @@ +/* + * nwfilterebiptablestest.c: Test {eb,ip,ip6}tables rule generation + * + * Copyright (C) 2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#include <config.h> + +#include "testutils.h" +#include "nwfilter/nwfilter_ebiptables_driver.h" +#include "virbuffer.h" + +#define __VIR_FIREWALL_PRIV_H_ALLOW__ +#include "virfirewallpriv.h" + +#define __VIR_COMMAND_PRIV_H_ALLOW__ +#include "vircommandpriv.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +static int +testNWFilterEBIPTablesAllTeardown(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "iptables -F FO-vnet0\n" + "iptables -X FO-vnet0\n" + "iptables -F FI-vnet0\n" + "iptables -X FI-vnet0\n" + "iptables -F HI-vnet0\n" + "iptables -X HI-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "ip6tables -F FO-vnet0\n" + "ip6tables -X FO-vnet0\n" + "ip6tables -F FI-vnet0\n" + "ip6tables -X FI-vnet0\n" + "ip6tables -F HI-vnet0\n" + "ip6tables -X HI-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-I-vnet0\n" + "ebtables -t nat -L libvirt-O-vnet0\n" + "ebtables -t nat -F libvirt-I-vnet0\n" + "ebtables -t nat -X libvirt-I-vnet0\n" + "ebtables -t nat -F libvirt-O-vnet0\n" + "ebtables -t nat -X libvirt-O-vnet0\n"; + char *actual = NULL; + int ret = -1; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.allTeardown("vnet0") < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + +static int +testNWFilterEBIPTablesTearOldRules(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "iptables -F FO-vnet0\n" + "iptables -X FO-vnet0\n" + "iptables -F FI-vnet0\n" + "iptables -X FI-vnet0\n" + "iptables -F HI-vnet0\n" + "iptables -X HI-vnet0\n" + "iptables -E FP-vnet0 FO-vnet0\n" + "iptables -E FJ-vnet0 FI-vnet0\n" + "iptables -E HJ-vnet0 HI-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "ip6tables -F FO-vnet0\n" + "ip6tables -X FO-vnet0\n" + "ip6tables -F FI-vnet0\n" + "ip6tables -X FI-vnet0\n" + "ip6tables -F HI-vnet0\n" + "ip6tables -X HI-vnet0\n" + "ip6tables -E FP-vnet0 FO-vnet0\n" + "ip6tables -E FJ-vnet0 FI-vnet0\n" + "ip6tables -E HJ-vnet0 HI-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-I-vnet0\n" + "ebtables -t nat -L libvirt-O-vnet0\n" + "ebtables -t nat -F libvirt-I-vnet0\n" + "ebtables -t nat -X libvirt-I-vnet0\n" + "ebtables -t nat -F libvirt-O-vnet0\n" + "ebtables -t nat -X libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-J-vnet0\n" + "ebtables -t nat -L libvirt-P-vnet0\n" + "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n" + "ebtables -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n"; + char *actual = NULL; + int ret = -1; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.tearOldRules("vnet0") < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + +static int +testNWFilterEBIPTablesRemoveBasicRules(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-I-vnet0\n" + "ebtables -t nat -L libvirt-O-vnet0\n" + "ebtables -t nat -F libvirt-I-vnet0\n" + "ebtables -t nat -X libvirt-I-vnet0\n" + "ebtables -t nat -F libvirt-O-vnet0\n" + "ebtables -t nat -X libvirt-O-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" + "ebtables -t nat -L libvirt-J-vnet0\n" + "ebtables -t nat -L libvirt-P-vnet0\n" + "ebtables -t nat -F libvirt-J-vnet0\n" + "ebtables -t nat -X libvirt-J-vnet0\n" + "ebtables -t nat -F libvirt-P-vnet0\n" + "ebtables -t nat -X libvirt-P-vnet0\n"; + char *actual = NULL; + int ret = -1; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.removeBasicRules("vnet0") < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + +static int +testNWFilterEBIPTablesTearNewRules(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" + "iptables -F FP-vnet0\n" + "iptables -X FP-vnet0\n" + "iptables -F FJ-vnet0\n" + "iptables -X FJ-vnet0\n" + "iptables -F HJ-vnet0\n" + "iptables -X HJ-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" + "ip6tables -F FP-vnet0\n" + "ip6tables -X FP-vnet0\n" + "ip6tables -F FJ-vnet0\n" + "ip6tables -X FJ-vnet0\n" + "ip6tables -F HJ-vnet0\n" + "ip6tables -X HJ-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" + "ebtables -t nat -L libvirt-J-vnet0\n" + "ebtables -t nat -L libvirt-P-vnet0\n" + "ebtables -t nat -F libvirt-J-vnet0\n" + "ebtables -t nat -X libvirt-J-vnet0\n" + "ebtables -t nat -F libvirt-P-vnet0\n" + "ebtables -t nat -X libvirt-P-vnet0\n"; + char *actual = NULL; + int ret = -1; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.tearNewRules("vnet0") < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + +static int +testNWFilterEBIPTablesApplyBasicRules(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "iptables -F FO-vnet0\n" + "iptables -X FO-vnet0\n" + "iptables -F FI-vnet0\n" + "iptables -X FI-vnet0\n" + "iptables -F HI-vnet0\n" + "iptables -X HI-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "ip6tables -F FO-vnet0\n" + "ip6tables -X FO-vnet0\n" + "ip6tables -F FI-vnet0\n" + "ip6tables -X FI-vnet0\n" + "ip6tables -F HI-vnet0\n" + "ip6tables -X HI-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-I-vnet0\n" + "ebtables -t nat -L libvirt-O-vnet0\n" + "ebtables -t nat -F libvirt-I-vnet0\n" + "ebtables -t nat -X libvirt-I-vnet0\n" + "ebtables -t nat -F libvirt-O-vnet0\n" + "ebtables -t nat -X libvirt-O-vnet0\n" + "ebtables -t nat -N libvirt-J-vnet0\n" + "ebtables -t nat -A libvirt-J-vnet0 -s '!' 10:20:30:40:50:60 -j DROP\n" + "ebtables -t nat -A libvirt-J-vnet0 -p IPv4 -j ACCEPT\n" + "ebtables -t nat -A libvirt-J-vnet0 -p ARP -j ACCEPT\n" + "ebtables -t nat -A libvirt-J-vnet0 -j DROP\n" + "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n"; + char *actual = NULL; + int ret = -1; + virMacAddr mac = { .addr = { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60 } }; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.applyBasicRules("vnet0", &mac) < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + +static int +testNWFilterEBIPTablesApplyDHCPOnlyRules(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "iptables -F FO-vnet0\n" + "iptables -X FO-vnet0\n" + "iptables -F FI-vnet0\n" + "iptables -X FI-vnet0\n" + "iptables -F HI-vnet0\n" + "iptables -X HI-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "ip6tables -F FO-vnet0\n" + "ip6tables -X FO-vnet0\n" + "ip6tables -F FI-vnet0\n" + "ip6tables -X FI-vnet0\n" + "ip6tables -F HI-vnet0\n" + "ip6tables -X HI-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-I-vnet0\n" + "ebtables -t nat -L libvirt-O-vnet0\n" + "ebtables -t nat -F libvirt-I-vnet0\n" + "ebtables -t nat -X libvirt-I-vnet0\n" + "ebtables -t nat -F libvirt-O-vnet0\n" + "ebtables -t nat -X libvirt-O-vnet0\n" + "ebtables -t nat -N libvirt-J-vnet0\n" + "ebtables -t nat -N libvirt-P-vnet0\n" + "ebtables -t nat -A libvirt-J-vnet0 -s 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-sport 68 --ip-dport 67 -j ACCEPT\n" + "ebtables -t nat -A libvirt-J-vnet0 -j DROP\n" + "ebtables -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 192.168.122.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n" + "ebtables -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 192.168.122.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n" + "ebtables -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 10.0.0.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n" + "ebtables -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 10.0.0.1 --ip-sport 67 --ip-dport 68 -j ACCEPT\n" + "ebtables -t nat -A libvirt-P-vnet0 -d 10:20:30:40:50:60 -p ipv4 --ip-protocol udp --ip-src 10.0.0.2 --ip-sport 67 --ip-dport 68 -j ACCEPT\n" + "ebtables -t nat -A libvirt-P-vnet0 -d ff:ff:ff:ff:ff:ff -p ipv4 --ip-protocol udp --ip-src 10.0.0.2 --ip-sport 67 --ip-dport 68 -j ACCEPT\n" + "ebtables -t nat -A libvirt-P-vnet0 -j DROP\n" + "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" + "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n" + "ebtables -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n"; + char *actual = NULL; + int ret = -1; + virMacAddr mac = { .addr = { 0x10, 0x20, 0x30, 0x40, 0x50, 0x60 } }; + const char *servers[] = { "192.168.122.1", "10.0.0.1", "10.0.0.2" }; + virNWFilterVarValue val = { + .valType = NWFILTER_VALUE_TYPE_ARRAY, + .u = { + .array = { + .values = (char **)servers, + .nValues = 3, + } + } + }; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.applyDHCPOnlyRules("vnet0", &mac, &val, false) < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + + +static int +testNWFilterEBIPTablesApplyDropAllRules(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + const char *expected = + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "iptables -F FO-vnet0\n" + "iptables -X FO-vnet0\n" + "iptables -F FI-vnet0\n" + "iptables -X FI-vnet0\n" + "iptables -F HI-vnet0\n" + "iptables -X HI-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FO-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FI-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HI-vnet0\n" + "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "ip6tables -F FO-vnet0\n" + "ip6tables -X FO-vnet0\n" + "ip6tables -F FI-vnet0\n" + "ip6tables -X FI-vnet0\n" + "ip6tables -F HI-vnet0\n" + "ip6tables -X HI-vnet0\n" + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-I-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-O-vnet0\n" + "ebtables -t nat -L libvirt-I-vnet0\n" + "ebtables -t nat -L libvirt-O-vnet0\n" + "ebtables -t nat -F libvirt-I-vnet0\n" + "ebtables -t nat -X libvirt-I-vnet0\n" + "ebtables -t nat -F libvirt-O-vnet0\n" + "ebtables -t nat -X libvirt-O-vnet0\n" + "ebtables -t nat -N libvirt-J-vnet0\n" + "ebtables -t nat -N libvirt-P-vnet0\n" + "ebtables -t nat -A libvirt-J-vnet0 -j DROP\n" + "ebtables -t nat -A libvirt-P-vnet0 -j DROP\n" + "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" + "ebtables -t nat -E libvirt-J-vnet0 libvirt-I-vnet0\n" + "ebtables -t nat -E libvirt-P-vnet0 libvirt-O-vnet0\n"; + char *actual = NULL; + int ret = -1; + + virCommandSetDryRun(&buf, NULL, NULL); + + if (ebiptables_driver.applyDropAllRules("vnet0") < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actual = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actual); + + if (STRNEQ_NULLABLE(actual, expected)) { + virtTestDifference(stderr, actual, expected); + goto cleanup; + } + + ret = 0; + cleanup: + virCommandSetDryRun(NULL, NULL, NULL); + virBufferFreeAndReset(&buf); + VIR_FREE(actual); + return ret; +} + + +static int +mymain(void) +{ + int ret = 0; + + if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + ret = -1; + goto cleanup; + } + + if (virtTestRun("ebiptablesAllTeardown", + testNWFilterEBIPTablesAllTeardown, + NULL) < 0) + ret = -1; + + if (virtTestRun("ebiptablesTearOldRules", + testNWFilterEBIPTablesTearOldRules, + NULL) < 0) + ret = -1; + + if (virtTestRun("ebiptablesRemoveBasicRules", + testNWFilterEBIPTablesRemoveBasicRules, + NULL) < 0) + ret = -1; + + if (virtTestRun("ebiptablesTearNewRules", + testNWFilterEBIPTablesTearNewRules, + NULL) < 0) + ret = -1; + + if (virtTestRun("ebiptablesApplyBasicRules", + testNWFilterEBIPTablesApplyBasicRules, + NULL) < 0) + ret = -1; + + if (virtTestRun("ebiptablesApplyDHCPOnlyRules", + testNWFilterEBIPTablesApplyDHCPOnlyRules, + NULL) < 0) + ret = -1; + + if (virtTestRun("ebiptablesApplyDropAllRules", + testNWFilterEBIPTablesApplyDropAllRules, + NULL) < 0) + ret = -1; + + cleanup: + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIRT_TEST_MAIN(mymain) diff --git a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args new file mode 100644 index 000000000..ba2c3027c --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args @@ -0,0 +1,20 @@ +ip6tables -A FJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p ah --destination f:e:d::c:b:a/127 \ +--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p ah --destination a:b:c::/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p ah --destination ::10.1.2.3/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ah-ipv6.xml b/tests/nwfilterxml2firewalldata/ah-ipv6.xml new file mode 100644 index 000000000..95ebbc9e0 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ah-ipv6.xml @@ -0,0 +1,19 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ah-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <ah-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <ah-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/ah-linux.args b/tests/nwfilterxml2firewalldata/ah-linux.args new file mode 100644 index 000000000..807b01067 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ah-linux.args @@ -0,0 +1,18 @@ +iptables -A FJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p ah --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p ah -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p ah --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ah.xml b/tests/nwfilterxml2firewalldata/ah.xml new file mode 100644 index 000000000..287c10b04 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ah.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ah srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <ah srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <ah srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args new file mode 100644 index 000000000..68155eadf --- /dev/null +++ b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args @@ -0,0 +1,20 @@ +ip6tables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p all --destination f:e:d::c:b:a/127 \ +--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p all --destination a:b:c::/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p all --destination a:b:c::/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p all --destination ::10.1.2.3/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p all --destination ::10.1.2.3/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/all-ipv6.xml b/tests/nwfilterxml2firewalldata/all-ipv6.xml new file mode 100644 index 000000000..5cf351943 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/all-ipv6.xml @@ -0,0 +1,19 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <all-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <all-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <all-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/all-linux.args b/tests/nwfilterxml2firewalldata/all-linux.args new file mode 100644 index 000000000..048cc3dd0 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/all-linux.args @@ -0,0 +1,18 @@ +iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/all.xml b/tests/nwfilterxml2firewalldata/all.xml new file mode 100644 index 000000000..a66923c0e --- /dev/null +++ b/tests/nwfilterxml2firewalldata/all.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <all srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/arp-linux.args b/tests/nwfilterxml2firewalldata/arp-linux.args new file mode 100644 index 000000000..d46adc20f --- /dev/null +++ b/tests/nwfilterxml2firewalldata/arp-linux.args @@ -0,0 +1,11 @@ +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x806 --arp-htype 12 --arp-opcode 1 \ +--arp-ptype 0x22 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \ +-j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 --arp-htype 255 --arp-opcode 1 --arp-ptype 0xff -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 --arp-htype 256 --arp-opcode 11 --arp-ptype 0x100 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 --arp-htype 65535 --arp-opcode 65535 --arp-ptype 0xffff -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p 0x806 --arp-gratuitous -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/arp.xml b/tests/nwfilterxml2firewalldata/arp.xml new file mode 100644 index 000000000..d0abf946a --- /dev/null +++ b/tests/nwfilterxml2firewalldata/arp.xml @@ -0,0 +1,32 @@ +<filter name='tck-testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + hwtype='12' + protocoltype='34' + opcode='Request' + arpsrcmacaddr='1:2:3:4:5:6' + arpdstmacaddr='a:b:c:d:e:f'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='1' hwtype='255' protocoltype='255'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='11' hwtype='256' protocoltype='256'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='65535' hwtype='65535' protocoltype='65535' /> + </rule> + + <rule action='accept' direction='in'> + <arp gratuitous='true'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/comment-linux.args b/tests/nwfilterxml2firewalldata/comment-linux.args new file mode 100644 index 000000000..8ce3cb92f --- /dev/null +++ b/tests/nwfilterxml2firewalldata/comment-linux.args @@ -0,0 +1,49 @@ +ebtables -t nat -A libvirt-P-vnet0 -p 0x1234 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p ipv4 --ip-source 10.1.2.3/32 \ +--ip-destination 10.1.2.3/32 --ip-protocol 17 --ip-source-port 291:564 \ +--ip-destination-port 13398:17767 --ip-tos 0x32 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 -p ipv6 --ip6-source ::10.1.2.3/22 \ +--ip6-destination ::10.1.2.3/113 --ip6-protocol 6 --ip6-source-port 273:400 \ +--ip6-destination-port 13107:65535 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x806 --arp-htype 18 --arp-opcode 1 \ +--arp-ptype 0x56 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \ +-j ACCEPT +iptables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \ +--state NEW,ESTABLISHED -m comment --comment 'udp rule' -j RETURN +iptables -A FP-vnet0 -p udp --source 10.1.2.3/32 -m dscp --dscp 34 \ +--dport 291:400 --sport 564:1092 -m state --state ESTABLISHED -m comment \ +--comment 'udp rule' -j ACCEPT +iptables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \ +--state NEW,ESTABLISHED -m comment --comment 'udp rule' -j RETURN +ip6tables -A FJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \ +--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -m comment \ +--comment 'tcp/ipv6 rule' -j RETURN +ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 57 --sport 32:33 --dport 256:4369 -m state \ +--state NEW,ESTABLISHED -m comment --comment 'tcp/ipv6 rule' -j ACCEPT +ip6tables -A HJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \ +--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -m comment \ +--comment 'tcp/ipv6 rule' -j RETURN +ip6tables -A FJ-vnet0 -p udp -m state --state ESTABLISHED -m comment \ +--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' -j RETURN +ip6tables -A FP-vnet0 -p udp -m state --state NEW,ESTABLISHED -m comment \ +--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' -j ACCEPT +ip6tables -A HJ-vnet0 -p udp -m state --state ESTABLISHED -m comment \ +--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' -j RETURN +ip6tables -A FJ-vnet0 -p sctp -m state --state ESTABLISHED -m comment \ +--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' -j RETURN +ip6tables -A FP-vnet0 -p sctp -m state --state NEW,ESTABLISHED -m comment \ +--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' -j ACCEPT +ip6tables -A HJ-vnet0 -p sctp -m state --state ESTABLISHED -m comment \ +--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' -j RETURN +ip6tables -A FJ-vnet0 -p ah -m state --state ESTABLISHED -m comment \ +--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' -j RETURN +ip6tables -A FP-vnet0 -p ah -m state --state NEW,ESTABLISHED -m comment \ +--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' -j ACCEPT +ip6tables -A HJ-vnet0 -p ah -m state --state ESTABLISHED -m comment \ +--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' -j RETURN diff --git a/tests/nwfilterxml2firewalldata/comment.xml b/tests/nwfilterxml2firewalldata/comment.xml new file mode 100644 index 000000000..a154a17c1 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/comment.xml @@ -0,0 +1,71 @@ +<filter name='tck-testcase'> + <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid> + + <rule action='accept' direction='in'> + <mac protocolid='0x1234' comment='mac rule'/> + </rule> + + <rule action='accept' direction='out'> + <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + srcipaddr='10.1.2.3' srcipmask='255.255.255.255' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + protocol='udp' + srcportstart='0x123' srcportend='0x234' + dstportstart='0x3456' dstportend='0x4567' + dscp='0x32' comment='ip rule'/> + </rule> + + <rule action='accept' direction='out'> + <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80' + srcipaddr='::10.1.2.3' srcipmask='22' + dstipaddr='::10.1.2.3' + dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000' + protocol='tcp' + srcportstart='0x111' srcportend='400' + dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + hwtype='0x12' + protocoltype='0x56' + opcode='Request' + arpsrcmacaddr='1:2:3:4:5:6' + arpdstmacaddr='a:b:c:d:e:f' + comment='arp rule'/> + </rule> + + <rule action='accept' direction='out'> + <udp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='0x22' + srcportstart='0x123' srcportend='400' + dstportstart='0x234' dstportend='0x444' + comment='udp rule'/> + </rule> + + <rule action='accept' direction='in'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='0x39' + srcportstart='0x20' srcportend='0x21' + dstportstart='0x100' dstportend='0x1111' + comment='tcp/ipv6 rule'/> + </rule> + + <rule action='accept' direction='in'> + <udp-ipv6 comment='`ls`;${COLUMNS};$(ls);"test";&'3 spaces''/> + </rule> + + <rule action='accept' direction='in'> + <sctp-ipv6 comment='comment with lone ', `, ", `, \, $x, and two spaces'/> + </rule> + + <rule action='accept' direction='in'> + <ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}'/> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/conntrack-linux.args b/tests/nwfilterxml2firewalldata/conntrack-linux.args new file mode 100644 index 000000000..7f3fddd3a --- /dev/null +++ b/tests/nwfilterxml2firewalldata/conntrack-linux.args @@ -0,0 +1,7 @@ +iptables -A FJ-vnet0 -p icmp -m connlimit --connlimit-above 1 -j DROP +iptables -A HJ-vnet0 -p icmp -m connlimit --connlimit-above 1 -j DROP +iptables -A FJ-vnet0 -p tcp -m connlimit --connlimit-above 2 -j DROP +iptables -A HJ-vnet0 -p tcp -m connlimit --connlimit-above 2 -j DROP +iptables -A FJ-vnet0 -p all -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p all -m state --state NEW,ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/conntrack.xml b/tests/nwfilterxml2firewalldata/conntrack.xml new file mode 100644 index 000000000..0682b2522 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/conntrack.xml @@ -0,0 +1,12 @@ +<filter name='tck-testcase' chain='root'> + <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid> + <rule action='drop' direction='out' priority='500'> + <icmp connlimit-above='1'/> + </rule> + <rule action='drop' direction='out' priority='500'> + <tcp connlimit-above='2'/> + </rule> + <rule action='accept' direction='out' priority='500'> + <all/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args new file mode 100644 index 000000000..abe8a92f5 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args @@ -0,0 +1,20 @@ +ip6tables -A FJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p esp --destination f:e:d::c:b:a/127 \ +--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p esp --destination a:b:c::/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p esp --destination a:b:c::/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p esp --destination ::10.1.2.3/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p esp --destination ::10.1.2.3/128 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/esp-ipv6.xml b/tests/nwfilterxml2firewalldata/esp-ipv6.xml new file mode 100644 index 000000000..295d0f9b3 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/esp-ipv6.xml @@ -0,0 +1,19 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <esp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <esp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <esp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/esp-linux.args b/tests/nwfilterxml2firewalldata/esp-linux.args new file mode 100644 index 000000000..eee656085 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/esp-linux.args @@ -0,0 +1,18 @@ +iptables -A FJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p esp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p esp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p esp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/esp.xml b/tests/nwfilterxml2firewalldata/esp.xml new file mode 100644 index 000000000..1f75df106 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/esp.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <esp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <esp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <esp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/example-1-linux.args b/tests/nwfilterxml2firewalldata/example-1-linux.args new file mode 100644 index 000000000..2a7bd35d1 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/example-1-linux.args @@ -0,0 +1,13 @@ +iptables -A FJ-vnet0 -p tcp --sport 22 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED \ +-j ACCEPT +iptables -A HJ-vnet0 -p tcp --sport 22 -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p icmp -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p icmp -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p all -j DROP +iptables -A FP-vnet0 -p all -j DROP +iptables -A HJ-vnet0 -p all -j DROP diff --git a/tests/nwfilterxml2firewalldata/example-1.xml b/tests/nwfilterxml2firewalldata/example-1.xml new file mode 100644 index 000000000..ad15a9839 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/example-1.xml @@ -0,0 +1,24 @@ +<filter name='tck-testcase'> + <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid> + + <!-- allow incoming ssh connections --> + <rule action='accept' direction='in' priority='100'> + <tcp dstportstart='22'/> + </rule> + + <!-- allow incoming ICMP (ping) packets --> + <rule action='accept' direction='in' priority='200'> + <icmp/> + </rule> + + <!-- allow all outgoing traffic --> + <rule action='accept' direction='in' priority='300'> + <all/> + </rule> + + <!-- drop all other traffic --> + <rule action='drop' direction='inout' priority='1000'> + <all/> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/example-2-linux.args b/tests/nwfilterxml2firewalldata/example-2-linux.args new file mode 100644 index 000000000..6bd08148f --- /dev/null +++ b/tests/nwfilterxml2firewalldata/example-2-linux.args @@ -0,0 +1,20 @@ +iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED,RELATED -m comment \ +--comment 'out: existing and related (ftp) connections' -j RETURN +iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED,RELATED -m comment \ +--comment 'out: existing and related (ftp) connections' -j RETURN +iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -m comment \ +--comment 'in: existing connections' -j ACCEPT +iptables -A FP-vnet0 -p tcp --dport 21:22 -m state --state NEW -m comment \ +--comment 'in: ftp and ssh' -j ACCEPT +iptables -A FP-vnet0 -p icmp -m state --state NEW -m comment \ +--comment 'in: icmp' -j ACCEPT +iptables -A FJ-vnet0 -p udp --dport 53 -m state --state NEW -m comment \ +--comment 'out: DNS lookups' -j RETURN +iptables -A HJ-vnet0 -p udp --dport 53 -m state --state NEW -m comment \ +--comment 'out: DNS lookups' -j RETURN +iptables -A FJ-vnet0 -p all -m comment \ +--comment 'inout: drop all non-accepted traffic' -j DROP +iptables -A FP-vnet0 -p all -m comment \ +--comment 'inout: drop all non-accepted traffic' -j DROP +iptables -A HJ-vnet0 -p all -m comment \ +--comment 'inout: drop all non-accepted traffic' -j DROP diff --git a/tests/nwfilterxml2firewalldata/example-2.xml b/tests/nwfilterxml2firewalldata/example-2.xml new file mode 100644 index 000000000..7bda4e6f5 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/example-2.xml @@ -0,0 +1,37 @@ +<filter name='tck-testcase'> + <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid> + + <!-- VM outgoing: allow all established and related connections --> + <rule action='accept' direction='out' priority='100'> + <all state='ESTABLISHED,RELATED' + comment='out: existing and related (ftp) connections'/> + </rule> + + <!-- VM incoming: allow all established connections --> + <rule action='accept' direction='in' priority='100'> + <all state='ESTABLISHED' + comment='in: existing connections'/> + </rule> + + <!-- allow incoming ssh and ftp traffic --> + <rule action='accept' direction='in' priority='200'> + <tcp dstportstart='21' dstportend='22' state='NEW' + comment='in: ftp and ssh'/> + </rule> + + <!-- allow incoming ICMP (ping) packets --> + <rule action='accept' direction='in' priority='300'> + <icmp state='NEW' comment='in: icmp'/> + </rule> + + <!-- allow outgong DNS lookups --> + <rule action='accept' direction='out' priority='300'> + <udp dstportstart='53' state='NEW' comment='out: DNS lookups'/> + </rule> + + <!-- drop all other traffic --> + <rule action='drop' direction='inout' priority='1000'> + <all comment='inout: drop all non-accepted traffic'/> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/hex-data-linux.args b/tests/nwfilterxml2firewalldata/hex-data-linux.args new file mode 100644 index 000000000..4d95acfc2 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/hex-data-linux.args @@ -0,0 +1,28 @@ +ebtables -t nat -A libvirt-P-vnet0 -p 0x1234 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p ipv4 --ip-source 10.1.2.3/32 \ +--ip-destination 10.1.2.3/32 --ip-protocol 17 --ip-source-port 291:564 \ +--ip-destination-port 13398:17767 --ip-tos 0x32 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 -p ipv6 --ip6-source ::10.1.2.3/22 \ +--ip6-destination ::10.1.2.3/113 --ip6-protocol 6 --ip6-source-port 273:400 \ +--ip6-destination-port 13107:65535 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x806 --arp-htype 18 --arp-opcode 1 \ +--arp-ptype 0x56 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \ +-j ACCEPT +iptables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \ +--state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --source 10.1.2.3/32 -m dscp --dscp 34 \ +--dport 291:400 --sport 564:1092 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 34 --sport 291:400 --dport 564:1092 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \ +--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 57 --sport 32:33 --dport 256:4369 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 57 \ +--dport 32:33 --sport 256:4369 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/hex-data.xml b/tests/nwfilterxml2firewalldata/hex-data.xml new file mode 100644 index 000000000..45df45129 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/hex-data.xml @@ -0,0 +1,56 @@ +<filter name='tck-testcase'> + <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid> + + <rule action='accept' direction='in'> + <mac protocolid='0x1234'/> + </rule> + + <rule action='accept' direction='out'> + <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + srcipaddr='10.1.2.3' srcipmask='255.255.255.255' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + protocol='udp' + srcportstart='0x123' srcportend='0x234' + dstportstart='0x3456' dstportend='0x4567' + dscp='0x32'/> + </rule> + + <rule action='accept' direction='out'> + <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80' + srcipaddr='::10.1.2.3' srcipmask='22' + dstipaddr='::10.1.2.3' + dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000' + protocol='tcp' + srcportstart='0x111' srcportend='400' + dstportstart='0x3333' dstportend='65535'/> + </rule> + + <rule action='accept' direction='out'> + <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + hwtype='0x12' + protocoltype='0x56' + opcode='Request' + arpsrcmacaddr='1:2:3:4:5:6' + arpdstmacaddr='a:b:c:d:e:f'/> + </rule> + + <rule action='accept' direction='out'> + <udp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='0x22' + srcportstart='0x123' srcportend='400' + dstportstart='0x234' dstportend='0x444'/> + </rule> + + <rule action='accept' direction='in'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='0x39' + srcportstart='0x20' srcportend='0x21' + dstportstart='0x100' dstportend='0x1111'/> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args new file mode 100644 index 000000000..fd693e6e6 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args @@ -0,0 +1,9 @@ +iptables -A FP-vnet0 -p icmp --icmp-type 0 -m state --state NEW,ESTABLISHED \ +-j ACCEPT +iptables -A FJ-vnet0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED \ +-j RETURN +iptables -A HJ-vnet0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED \ +-j RETURN +iptables -A FJ-vnet0 -p icmp -j DROP +iptables -A FP-vnet0 -p icmp -j DROP +iptables -A HJ-vnet0 -p icmp -j DROP diff --git a/tests/nwfilterxml2firewalldata/icmp-direction.xml b/tests/nwfilterxml2firewalldata/icmp-direction.xml new file mode 100644 index 000000000..e2184e83b --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-direction.xml @@ -0,0 +1,15 @@ +<filter name='tck-testcase'> + <uuid>f4b3f745-d23d-2ee6-218a-d5671611229b</uuid> + <!-- allow incoming ICMP Echo Reply --> + <rule action='accept' direction='in' priority='500'> + <icmp type='0'/> + </rule> + <!-- allow outgoing ICMP Echo Request --> + <rule action='accept' direction='out' priority='500'> + <icmp type='8'/> + </rule> + <!-- drop all other ICMP traffic --> + <rule action='drop' direction='inout' priority='600'> + <icmp/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args new file mode 100644 index 000000000..7686a8b1e --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args @@ -0,0 +1,9 @@ +iptables -A FP-vnet0 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED \ +-j ACCEPT +iptables -A FJ-vnet0 -p icmp --icmp-type 0 -m state --state NEW,ESTABLISHED \ +-j RETURN +iptables -A HJ-vnet0 -p icmp --icmp-type 0 -m state --state NEW,ESTABLISHED \ +-j RETURN +iptables -A FJ-vnet0 -p icmp -j DROP +iptables -A FP-vnet0 -p icmp -j DROP +iptables -A HJ-vnet0 -p icmp -j DROP diff --git a/tests/nwfilterxml2firewalldata/icmp-direction2.xml b/tests/nwfilterxml2firewalldata/icmp-direction2.xml new file mode 100644 index 000000000..a55298567 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-direction2.xml @@ -0,0 +1,15 @@ +<filter name='tck-testcase'> + <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid> + <!-- allow incoming ICMP Echo Request --> + <rule action='accept' direction='in' priority='500'> + <icmp type='8'/> + </rule> + <!-- allow outgoing ICMP Echo Reply --> + <rule action='accept' direction='out' priority='500'> + <icmp type='0'/> + </rule> + <!-- drop all other ICMP traffic --> + <rule action='drop' direction='inout' priority='600'> + <icmp/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args new file mode 100644 index 000000000..37d1717b9 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args @@ -0,0 +1,6 @@ +iptables -A FJ-vnet0 -p icmp -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p icmp -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p icmp -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p all -j DROP +iptables -A FP-vnet0 -p all -j DROP +iptables -A HJ-vnet0 -p all -j DROP diff --git a/tests/nwfilterxml2firewalldata/icmp-direction3.xml b/tests/nwfilterxml2firewalldata/icmp-direction3.xml new file mode 100644 index 000000000..c592903ae --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-direction3.xml @@ -0,0 +1,10 @@ +<filter name='tck-testcase'> + <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid> + <rule action='accept' direction='out' priority='500'> + <icmp/> + </rule> + <!-- drop all other traffic --> + <rule action='drop' direction='inout' priority='600'> + <all/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/icmp-linux.args b/tests/nwfilterxml2firewalldata/icmp-linux.args new file mode 100644 index 000000000..6ebf541d1 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp-linux.args @@ -0,0 +1,9 @@ +iptables -A FJ-vnet0 -p icmp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 --icmp-type 12/11 -m state \ +--state NEW,ESTABLISHED -j RETURN +iptables -A HJ-vnet0 -p icmp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 --icmp-type 12/11 -m state \ +--state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p icmp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 --icmp-type 255/255 -m state \ +--state NEW,ESTABLISHED -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/icmp.xml b/tests/nwfilterxml2firewalldata/icmp.xml new file mode 100644 index 000000000..fff5d425f --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmp.xml @@ -0,0 +1,13 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <icmp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2' type='12' code='11'/> + </rule> + <rule action='accept' direction='in'> + <icmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33' type='255' code='255'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/icmpv6-linux.args b/tests/nwfilterxml2firewalldata/icmpv6-linux.args new file mode 100644 index 000000000..9359442d9 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmpv6-linux.args @@ -0,0 +1,12 @@ +ip6tables -A FJ-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 \ +--icmpv6-type 12/11 -m state --state NEW,ESTABLISHED -j RETURN +ip6tables -A HJ-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 \ +--icmpv6-type 12/11 -m state --state NEW,ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 --icmpv6-type 255/255 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A FP-vnet0 -p icmpv6 -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 33 --icmpv6-type 255/255 -m state \ +--state NEW,ESTABLISHED -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/icmpv6.xml b/tests/nwfilterxml2firewalldata/icmpv6.xml new file mode 100644 index 000000000..9d248266f --- /dev/null +++ b/tests/nwfilterxml2firewalldata/icmpv6.xml @@ -0,0 +1,19 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <icmpv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2' type='12' code='11'/> + </rule> + <rule action='accept' direction='in'> + <icmpv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33' type='255' code='255'/> + </rule> + <rule action='accept' direction='in'> + <icmpv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='33' type='255' code='255'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/igmp-linux.args b/tests/nwfilterxml2firewalldata/igmp-linux.args new file mode 100644 index 000000000..b562d516b --- /dev/null +++ b/tests/nwfilterxml2firewalldata/igmp-linux.args @@ -0,0 +1,18 @@ +iptables -A FJ-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p igmp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p igmp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p igmp --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/igmp.xml b/tests/nwfilterxml2firewalldata/igmp.xml new file mode 100644 index 000000000..0f4dcd452 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/igmp.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <igmp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <igmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <igmp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/ip-linux.args b/tests/nwfilterxml2firewalldata/ip-linux.args new file mode 100644 index 000000000..ceae1e6ba --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ip-linux.args @@ -0,0 +1,8 @@ +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p ipv4 --ip-source 10.1.2.3/32 \ +--ip-destination 10.1.2.3/32 --ip-protocol 17 --ip-source-port 20:22 \ +--ip-destination-port 100:101 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv4 --ip-source 10.1.2.3/17 \ +--ip-destination 10.1.2.3/24 --ip-protocol 17 --ip-tos 0x3f -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv4 --ip-source 10.1.2.3/31 \ +--ip-destination 10.1.2.3/25 --ip-protocol 255 --ip-tos 0x3f -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/ip.xml b/tests/nwfilterxml2firewalldata/ip.xml new file mode 100644 index 000000000..da362a1fe --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ip.xml @@ -0,0 +1,28 @@ +<filter name='tck-testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ip srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + srcipaddr='10.1.2.3' srcipmask='255.255.255.255' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + protocol='udp' + srcportstart='20' srcportend='22' + dstportstart='100' dstportend='101' + /> + </rule> + + <rule action='accept' direction='out'> + <ip srcipaddr='10.1.2.3' srcipmask='255.255.128.0' + dstipaddr='10.1.2.3' dstipmask='255.255.255.0' + protocol='17' dscp='63' + /> + </rule> + + <rule action='accept' direction='in'> + <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.254' + dstipaddr='10.1.2.3' dstipmask='255.255.255.128' + protocol='255' dscp='63' + /> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/ipset-linux.args b/tests/nwfilterxml2firewalldata/ipset-linux.args new file mode 100644 index 000000000..9ec202de3 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ipset-linux.args @@ -0,0 +1,36 @@ +iptables -A FJ-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \ +--match-set tck_test src,dst -j RETURN +iptables -A FP-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src -j ACCEPT +iptables -A HJ-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \ +--match-set tck_test src,dst -j RETURN +iptables -A FP-vnet0 -p all -m set --match-set tck_test src,dst -m comment \ +--comment in+NONE -j ACCEPT +iptables -A FJ-vnet0 -p all -m set --match-set tck_test src,dst -m comment \ +--comment out+NONE -j RETURN +iptables -A HJ-vnet0 -p all -m set --match-set tck_test src,dst -m comment \ +--comment out+NONE -j RETURN +iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src,dst -j RETURN +iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \ +--match-set tck_test src,dst,src -j ACCEPT +iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src,dst -j RETURN +iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src,dst -j RETURN +iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \ +--match-set tck_test src,dst,src -j ACCEPT +iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src,dst -j RETURN +iptables -A FJ-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src -j RETURN +iptables -A FP-vnet0 -p all -m state --state NEW,ESTABLISHED -m set \ +--match-set tck_test src,dst -j ACCEPT +iptables -A HJ-vnet0 -p all -m state --state ESTABLISHED -m set \ +--match-set tck_test dst,src -j RETURN +iptables -A FJ-vnet0 -p all -m set --match-set tck_test dst,src -m comment \ +--comment inout -j RETURN +iptables -A FP-vnet0 -p all -m set --match-set tck_test src,dst -m comment \ +--comment inout -j ACCEPT +iptables -A HJ-vnet0 -p all -m set --match-set tck_test dst,src -m comment \ +--comment inout -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ipset.xml b/tests/nwfilterxml2firewalldata/ipset.xml new file mode 100644 index 000000000..cc8ccc405 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ipset.xml @@ -0,0 +1,25 @@ +<!-- #ipset help && iptables -t match-set -h && ipset list tck_test || ipset create tck_test hash:ip# --> +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <all ipset='tck_test' ipsetflags='src,dst' /> + </rule> + <rule action='accept' direction='in'> + <all state='NONE' ipset='tck_test' ipsetflags='src,dst' comment='in+NONE'/> + </rule> + <rule action='accept' direction='out'> + <all state='NONE' ipset='tck_test' ipsetflags='src,dst' comment='out+NONE'/> + </rule> + <rule action='accept' direction='in'> + <all ipset='tck_test' ipsetflags='SRC,DST,SRC' /> + </rule> + <rule action='accept' direction='in'> + <all ipset='tck_test' ipsetflags='SRC,dSt,SRC' /> + </rule> + <rule action='accept' direction='in'> + <all ipset='$IPSETNAME' ipsetflags='src,dst' /> + </rule> + <rule action='accept' direction='inout'> + <all ipset='$IPSETNAME' ipsetflags='src,dst' comment='inout'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args b/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args new file mode 100644 index 000000000..dc1bbdb16 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args @@ -0,0 +1,2 @@ +iptables -A FP-vnet0 -p all -m mac '!' --mac-source 12:34:56:78:9a:bc -j DROP +iptables -A FP-vnet0 -p all -m mac '!' --mac-source aa:aa:aa:aa:aa:aa -j DROP diff --git a/tests/nwfilterxml2firewalldata/ipt-no-macspoof.xml b/tests/nwfilterxml2firewalldata/ipt-no-macspoof.xml new file mode 100644 index 000000000..2e8f2ceee --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ipt-no-macspoof.xml @@ -0,0 +1,14 @@ +<filter name='tck-testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='drop' direction='inout'> + <!-- should use $MAC for MAC address, but tests would depend on VM's + MAC address --> + <all match='no' srcmacaddr='12:34:56:78:9a:bc'/> + </rule> + + <rule action='drop' direction='in'> + <!-- not accepting incoming traffic from a certain MAC address --> + <all match='no' srcmacaddr='aa:aa:aa:aa:aa:aa'/> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/ipv6-linux.args b/tests/nwfilterxml2firewalldata/ipv6-linux.args new file mode 100644 index 000000000..a42566ca7 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ipv6-linux.args @@ -0,0 +1,20 @@ +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:fe \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:80 -p ipv6 --ip6-source ::10.1.2.3/22 \ +--ip6-destination ::10.1.2.3/113 --ip6-protocol 17 --ip6-source-port 20:22 \ +--ip6-destination-port 100:101 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 6 --ip6-destination-port 20:22 \ +--ip6-source-port 100:101 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 6 --ip6-source-port 20:22 \ +--ip6-destination-port 100:101 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 6 --ip6-destination-port 255:256 \ +--ip6-source-port 65535:65535 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 6 --ip6-source-port 255:256 \ +--ip6-destination-port 65535:65535 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 18 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 18 -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/ipv6.xml b/tests/nwfilterxml2firewalldata/ipv6.xml new file mode 100644 index 000000000..9f67bea73 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ipv6.xml @@ -0,0 +1,43 @@ +<filter name='tck-testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80' + srcipaddr='::10.1.2.3' srcipmask='22' + dstipaddr='::10.1.2.3' + dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000' + protocol='udp' + srcportstart='20' srcportend='22' + dstportstart='100' dstportend='101' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='6' + srcportstart='20' srcportend='22' + dstportstart='100' dstportend='101' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='6' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='18' + /> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/iter1-linux.args b/tests/nwfilterxml2firewalldata/iter1-linux.args new file mode 100644 index 000000000..f6d96edba --- /dev/null +++ b/tests/nwfilterxml2firewalldata/iter1-linux.args @@ -0,0 +1,18 @@ +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 2 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 2 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 2 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter1.xml b/tests/nwfilterxml2firewalldata/iter1.xml new file mode 100644 index 000000000..c2090e62e --- /dev/null +++ b/tests/nwfilterxml2firewalldata/iter1.xml @@ -0,0 +1,6 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcipaddr='$A' srcportstart='$B' dscp='2'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/iter2-linux.args b/tests/nwfilterxml2firewalldata/iter2-linux.args new file mode 100644 index 000000000..a799cd538 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/iter2-linux.args @@ -0,0 +1,342 @@ +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 1 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 1 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 1 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 1 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 1 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 1 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 1 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 1.1.1.1 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 1.1.1.1 -m dscp --dscp 2 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 1.1.1.1 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 -m dscp --dscp 2 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 3.3.3.3 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 3.3.3.3 -m dscp --dscp 2 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 3.3.3.3 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 1.1.1.1 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 1.1.1.1 -m dscp --dscp 2 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 1.1.1.1 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 -m dscp --dscp 2 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 3.3.3.3 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 3.3.3.3 -m dscp --dscp 2 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 3.3.3.3 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 1.1.1.1 -m dscp --dscp 3 \ +--dport 80 --sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 -m dscp --dscp 3 \ +--dport 80 --sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 3.3.3.3 -m dscp --dscp 3 \ +--dport 80 --sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 1.1.1.1 -m dscp --dscp 3 \ +--dport 90 --sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 -m dscp --dscp 3 \ +--dport 90 --sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 3.3.3.3 -m dscp --dscp 3 \ +--dport 90 --sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 1.1.1.1 -m dscp --dscp 3 \ +--dport 80 --sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 -m dscp --dscp 3 \ +--dport 80 --sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 3.3.3.3 -m dscp --dscp 3 \ +--dport 80 --sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 1.1.1.1 -m dscp --dscp 3 \ +--dport 80 --sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 1.1.1.1 -m dscp --dscp 3 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 -m dscp --dscp 3 \ +--dport 80 --sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 3.3.3.3 -m dscp --dscp 3 \ +--dport 80 --sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 3.3.3.3 -m dscp --dscp 3 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 80 \ +--sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 80 \ +--sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 80 \ +--sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 90 \ +--sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 90 \ +--sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 90 \ +--sport 1080 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1080 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 80 \ +--sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 80 \ +--sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 80 \ +--sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 90 \ +--sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 90 \ +--sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 90 \ +--sport 1090 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1090 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 80 \ +--sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 80 \ +--sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 80 \ +--sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 90 \ +--sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 90 \ +--sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 90 \ +--sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 80 \ +--sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 80 \ +--sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 80 \ +--sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 80 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 4 --dport 90 \ +--sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 4 --sport 90 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 2.2.2.2 -m dscp --dscp 4 --dport 90 \ +--sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 2.2.2.2 -m dscp --dscp 4 --sport 90 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 3.3.3.3 -m dscp --dscp 4 --dport 90 \ +--sport 1110 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 3.3.3.3 -m dscp --dscp 4 --sport 90 \ +--dport 1110 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 1.1.1.1 --destination 1.1.1.1 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 1.1.1.1 --source 1.1.1.1 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 1.1.1.1 --destination 1.1.1.1 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 --destination 1.1.1.1 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 --source 1.1.1.1 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 --destination 1.1.1.1 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 3.3.3.3 --destination 1.1.1.1 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 3.3.3.3 --source 1.1.1.1 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 3.3.3.3 --destination 1.1.1.1 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 1.1.1.1 --destination 2.2.2.2 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 1.1.1.1 --source 2.2.2.2 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 1.1.1.1 --destination 2.2.2.2 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 --destination 2.2.2.2 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 --source 2.2.2.2 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 --destination 2.2.2.2 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 3.3.3.3 --destination 2.2.2.2 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 3.3.3.3 --source 2.2.2.2 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 3.3.3.3 --destination 2.2.2.2 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 1.1.1.1 --destination 3.3.3.3 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 1.1.1.1 --source 3.3.3.3 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 1.1.1.1 --destination 3.3.3.3 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 --destination 3.3.3.3 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 --source 3.3.3.3 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 --destination 3.3.3.3 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 3.3.3.3 --destination 3.3.3.3 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 3.3.3.3 --source 3.3.3.3 -m dscp \ +--dscp 5 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 3.3.3.3 --destination 3.3.3.3 -m dscp \ +--dscp 5 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 1.1.1.1 --destination 1.1.1.1 -m dscp \ +--dscp 6 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 1.1.1.1 --source 1.1.1.1 -m dscp \ +--dscp 6 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 1.1.1.1 --destination 1.1.1.1 -m dscp \ +--dscp 6 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 --destination 2.2.2.2 -m dscp \ +--dscp 6 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 --source 2.2.2.2 -m dscp \ +--dscp 6 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 --destination 2.2.2.2 -m dscp \ +--dscp 6 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 3.3.3.3 --destination 3.3.3.3 -m dscp \ +--dscp 6 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 3.3.3.3 --source 3.3.3.3 -m dscp \ +--dscp 6 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 3.3.3.3 --destination 3.3.3.3 -m dscp \ +--dscp 6 -m state --state NEW,ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter2.xml b/tests/nwfilterxml2firewalldata/iter2.xml new file mode 100644 index 000000000..3a3174ada --- /dev/null +++ b/tests/nwfilterxml2firewalldata/iter2.xml @@ -0,0 +1,23 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcipaddr='$A' srcportstart='$B[@0]' dscp='1'/> + </rule> + <rule action='accept' direction='out'> + <udp srcipaddr='$A[@1]' srcportstart='$B[@2]' dscp='2'/> + </rule> + <rule action='accept' direction='out'> + <sctp srcipaddr='$A[@1]' srcportstart='$B[@2]' dstportstart='$C[@2]' + dscp='3'/> + </rule> + <rule action='accept' direction='out'> + <tcp srcipaddr='$A[@1]' srcportstart='$B[@2]' dstportstart='$C[@3]' + dscp='4'/> + </rule> + <rule action='accept' direction='out'> + <udp srcipaddr='$A[@1]' dstipaddr='$A[@2]' dscp='5'/> + </rule> + <rule action='accept' direction='out'> + <sctp srcipaddr='$A' dstipaddr='$A' dscp='6'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/iter3-linux.args b/tests/nwfilterxml2firewalldata/iter3-linux.args new file mode 100644 index 000000000..575da7963 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/iter3-linux.args @@ -0,0 +1,30 @@ +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 1 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --destination 1.1.1.1 -m dscp --dscp 1 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp --source 1.1.1.1 -m dscp --dscp 1 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 -m dscp --dscp 2 --dport 80 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 80 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --destination 2.2.2.2 -m dscp --dscp 2 --dport 90 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --source 2.2.2.2 -m dscp --dscp 2 --sport 90 \ +-m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --destination 2.2.2.2 -m dscp --dscp 3 \ +--dport 80 --sport 1100 -m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --source 2.2.2.2 -m dscp --dscp 3 --sport 80 \ +--dport 1100 -m state --state NEW,ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter3.xml b/tests/nwfilterxml2firewalldata/iter3.xml new file mode 100644 index 000000000..47f509659 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/iter3.xml @@ -0,0 +1,13 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcipaddr='$A[ 0]' srcportstart='$B[ @0 ] ' dscp='1'/> + </rule> + <rule action='accept' direction='out'> + <udp srcipaddr='$A[1 ]' srcportstart='$B[ @2 ]' dscp='2'/> + </rule> + <rule action='accept' direction='out'> + <sctp srcipaddr='$A[ 1 ] ' srcportstart='$B[2 ] ' dstportstart='$C[ 2 ]' + dscp='3'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/mac-linux.args b/tests/nwfilterxml2firewalldata/mac-linux.args new file mode 100644 index 000000000..a71107c0e --- /dev/null +++ b/tests/nwfilterxml2firewalldata/mac-linux.args @@ -0,0 +1,8 @@ +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \ +-p 0x800 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \ +-p 0x600 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \ +-p 0xffff -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/mac.xml b/tests/nwfilterxml2firewalldata/mac.xml new file mode 100644 index 000000000..2aec93578 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/mac.xml @@ -0,0 +1,19 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='ipv4'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='1536'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='65535'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/rarp-linux.args b/tests/nwfilterxml2firewalldata/rarp-linux.args new file mode 100644 index 000000000..89b0e8abd --- /dev/null +++ b/tests/nwfilterxml2firewalldata/rarp-linux.args @@ -0,0 +1,12 @@ +ebtables -t nat -N libvirt-J-vnet0 +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8035 --arp-htype 12 --arp-opcode 1 \ +--arp-ptype 0x22 --arp-mac-src 01:02:03:04:05:06 --arp-mac-dst 0a:0b:0c:0d:0e:0f \ +-j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x8035 --arp-htype 255 --arp-opcode 1 --arp-ptype 0xff -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x8035 --arp-htype 256 --arp-opcode 11 --arp-ptype 0x100 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x8035 --arp-htype 65535 --arp-opcode 65535 --arp-ptype 0xffff -j ACCEPT +ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0 diff --git a/tests/nwfilterxml2firewalldata/rarp.xml b/tests/nwfilterxml2firewalldata/rarp.xml new file mode 100644 index 000000000..77c1127ef --- /dev/null +++ b/tests/nwfilterxml2firewalldata/rarp.xml @@ -0,0 +1,28 @@ +<filter name='tck-testcase'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='rarp' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + hwtype='12' + protocoltype='34' + opcode='Request' + arpsrcmacaddr='1:2:3:4:5:6' + arpdstmacaddr='a:b:c:d:e:f'/> + </rule> + + <rule action='accept' direction='out'> + <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='1' hwtype='255' protocoltype='255'/> + </rule> + + <rule action='accept' direction='out'> + <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='11' hwtype='256' protocoltype='256'/> + </rule> + + <rule action='accept' direction='out'> + <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + opcode='65535' hwtype='65535' protocoltype='65535' /> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/ref-rule.xml b/tests/nwfilterxml2firewalldata/ref-rule.xml new file mode 100644 index 000000000..5cb2fadee --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ref-rule.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase'> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter='clean-traffic'/> + <rule action='accept' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='accept' direction='out'> + <tcp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='out'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/ref.xml b/tests/nwfilterxml2firewalldata/ref.xml new file mode 100644 index 000000000..beb46d2e1 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/ref.xml @@ -0,0 +1,4 @@ +<filter name='tck-testcase'> + <uuid>83011800-f663-96d6-8841-fd836b4318c6</uuid> + <filterref filter='clean-traffic'/> +</filter> diff --git a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args new file mode 100644 index 000000000..7e10419a7 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args @@ -0,0 +1,22 @@ +ip6tables -A FJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \ +-j RETURN +ip6tables -A FP-vnet0 -p sctp --source a:b:c::d:e:f/128 -m dscp --dscp 2 \ +-m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \ +-j RETURN +ip6tables -A FJ-vnet0 -p sctp --destination a:b:c::/128 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p sctp --destination a:b:c::/128 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p sctp --destination ::10.1.2.3/128 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p sctp --destination ::10.1.2.3/128 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/sctp-ipv6.xml b/tests/nwfilterxml2firewalldata/sctp-ipv6.xml new file mode 100644 index 000000000..d1a57b8f9 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/sctp-ipv6.xml @@ -0,0 +1,22 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/sctp-linux.args b/tests/nwfilterxml2firewalldata/sctp-linux.args new file mode 100644 index 000000000..a7a209659 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/sctp-linux.args @@ -0,0 +1,20 @@ +iptables -A FJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/32 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p sctp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/32 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p sctp --destination 10.1.2.3/32 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/sctp.xml b/tests/nwfilterxml2firewalldata/sctp.xml new file mode 100644 index 000000000..c3c100055 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/sctp.xml @@ -0,0 +1,22 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <sctp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <sctp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <sctp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/stp-linux.args b/tests/nwfilterxml2firewalldata/stp-linux.args new file mode 100644 index 000000000..0132ef613 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/stp-linux.args @@ -0,0 +1,18 @@ +ebtables -t nat -F J-vnet0-stp-xyz +ebtables -t nat -X J-vnet0-stp-xyz +ebtables -t nat -N J-vnet0-stp-xyz +ebtables -t nat -A libvirt-J-vnet0 -d 01:80:c2:00:00:00 -j J-vnet0-stp-xyz +ebtables -t nat -F P-vnet0-stp-xyz +ebtables -t nat -X P-vnet0-stp-xyz +ebtables -t nat -N P-vnet0-stp-xyz +ebtables -t nat -A libvirt-P-vnet0 -d 01:80:c2:00:00:00 -j P-vnet0-stp-xyz +ebtables -t nat -A P-vnet0-stp-xyz -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d 01:80:c2:00:00:00 --stp-type 18 --stp-flags 68 -j CONTINUE +ebtables -t nat -A J-vnet0-stp-xyz -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d 01:80:c2:00:00:00 --stp-root-pri 4660:9029 \ +--stp-root-addr 06:05:04:03:02:01/ff:ff:ff:ff:ff:ff \ +--stp-root-cost 287454020:573785173 -j RETURN +ebtables -t nat -A P-vnet0-stp-xyz -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d 01:80:c2:00:00:00 --stp-sender-prio 4660 --stp-sender-addr 06:05:04:03:02:01 \ +--stp-port 123:234 --stp-msg-age 5544:5555 --stp-max-age 7777:8888 \ +--stp-hello-time 12345:12346 --stp-forward-delay 54321:65432 -j DROP diff --git a/tests/nwfilterxml2firewalldata/stp.xml b/tests/nwfilterxml2firewalldata/stp.xml new file mode 100644 index 000000000..6b5a6257f --- /dev/null +++ b/tests/nwfilterxml2firewalldata/stp.xml @@ -0,0 +1,26 @@ +<filter name='tck-testcase' chain='stp-xyz'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='continue' direction='in'> + <stp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + type='0x12' flags='0x44'/> + </rule> + + <rule action='return' direction='out'> + <stp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + root-priority='0x1234' root-priority-hi='0x2345' + root-address="6:5:4:3:2:1" root-address-mask='ff:ff:ff:ff:ff:ff' + root-cost='0x11223344' root-cost-hi='0x22334455' /> + </rule> + + <rule action='reject' direction='in'> + <stp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + sender-priority='0x1234' + sender-address="6:5:4:3:2:1" + port='123' port-hi='234' + age='5544' age-hi='5555' + max-age='7777' max-age-hi='8888' + hello-time='12345' hello-time-hi='12346' + forward-delay='54321' forward-delay-hi='65432'/> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalldata/target-linux.args b/tests/nwfilterxml2firewalldata/target-linux.args new file mode 100644 index 000000000..f51cf5d94 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/target-linux.args @@ -0,0 +1,75 @@ +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 -j DROP +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-p 0x806 -j DROP +ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \ +-p 0x800 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \ +-p 0x800 -j DROP +ebtables -t nat -A libvirt-P-vnet0 -d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \ +-p 0x800 -j DROP +iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -m comment \ +--comment 'accept rule -- dir out' -j RETURN +iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -m comment --comment 'accept rule -- dir out' -j ACCEPT +iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -m comment \ +--comment 'accept rule -- dir out' -j RETURN +iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \ +--comment 'drop rule -- dir out' -j DROP +iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 -m comment \ +--comment 'drop rule -- dir out' -j DROP +iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \ +--comment 'drop rule -- dir out' -j DROP +iptables -A FJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \ +--comment 'reject rule -- dir out' -j REJECT +iptables -A FP-vnet0 -p all --source 10.1.2.3/32 -m dscp --dscp 2 \ +-m comment --comment 'reject rule -- dir out' -j REJECT +iptables -A HJ-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m comment \ +--comment 'reject rule -- dir out' -j REJECT +iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -m comment --comment 'accept rule -- dir in' -j RETURN +iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -m comment \ +--comment 'accept rule -- dir in' -j ACCEPT +iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m state --state ESTABLISHED -m comment --comment 'accept rule -- dir in' -j RETURN +iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m comment --comment 'drop rule -- dir in' -j DROP +iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m comment --comment 'drop rule -- dir in' \ +-j DROP +iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m comment --comment 'drop rule -- dir in' -j DROP +iptables -A FJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m comment --comment 'reject rule -- dir in' -j REJECT +iptables -A FP-vnet0 -p all -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m comment --comment 'reject rule -- dir in' \ +-j REJECT +iptables -A HJ-vnet0 -p all --destination 10.1.2.3/22 -m dscp --dscp 33 \ +-m comment --comment 'reject rule -- dir in' -j REJECT +iptables -A FJ-vnet0 -p all -m comment --comment 'accept rule -- dir inout' \ +-j RETURN +iptables -A FP-vnet0 -p all -m comment --comment 'accept rule -- dir inout' \ +-j ACCEPT +iptables -A HJ-vnet0 -p all -m comment --comment 'accept rule -- dir inout' \ +-j RETURN +iptables -A FJ-vnet0 -p all -m comment --comment 'drop rule -- dir inout' \ +-j DROP +iptables -A FP-vnet0 -p all -m comment --comment 'drop rule -- dir inout' \ +-j DROP +iptables -A HJ-vnet0 -p all -m comment --comment 'drop rule -- dir inout' \ +-j DROP +iptables -A FJ-vnet0 -p all -m comment --comment 'reject rule -- dir inout' \ +-j REJECT +iptables -A FP-vnet0 -p all -m comment --comment 'reject rule -- dir inout' \ +-j REJECT +iptables -A HJ-vnet0 -p all -m comment --comment 'reject rule -- dir inout' \ +-j REJECT diff --git a/tests/nwfilterxml2firewalldata/target.xml b/tests/nwfilterxml2firewalldata/target.xml new file mode 100644 index 000000000..aa7465bd4 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/target.xml @@ -0,0 +1,66 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <all srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2' comment='accept rule -- dir out'/> + </rule> + <rule action='drop' direction='out'> + <all srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2' comment='drop rule -- dir out'/> + </rule> + <rule action='reject' direction='out'> + <all srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2' comment='reject rule -- dir out'/> + </rule> + <rule action='accept' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33' comment='accept rule -- dir in'/> + </rule> + <rule action='drop' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33' comment='drop rule -- dir in'/> + </rule> + <rule action='reject' direction='in'> + <all srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33' comment='reject rule -- dir in'/> + </rule> + <rule action='accept' direction='inout'> + <all comment='accept rule -- dir inout'/> + </rule> + <rule action='drop' direction='in'> + <all comment='drop rule -- dir inout'/> + </rule> + <rule action='reject' direction='in'> + <all comment='reject rule -- dir inout'/> + </rule> + <rule action='accept' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='drop' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='reject' direction='out'> + <mac srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + protocolid='arp'/> + </rule> + <rule action='accept' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='ipv4'/> + </rule> + <rule action='drop' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='ipv4'/> + </rule> + <rule action='reject' direction='in'> + <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + protocolid='ipv4'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/target2-linux.args b/tests/nwfilterxml2firewalldata/target2-linux.args new file mode 100644 index 000000000..196d7bebc --- /dev/null +++ b/tests/nwfilterxml2firewalldata/target2-linux.args @@ -0,0 +1,13 @@ +iptables -A FP-vnet0 -p tcp --dport 22 -j ACCEPT +iptables -A FJ-vnet0 -p tcp --sport 22 -j RETURN +iptables -A HJ-vnet0 -p tcp --sport 22 -j RETURN +iptables -A FJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED \ +-j ACCEPT +iptables -A HJ-vnet0 -p tcp --sport 80 -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp -j REJECT +iptables -A FP-vnet0 -p tcp -j REJECT +iptables -A HJ-vnet0 -p tcp -j REJECT +iptables -A FJ-vnet0 -p all -j DROP +iptables -A FP-vnet0 -p all -j DROP +iptables -A HJ-vnet0 -p all -j DROP diff --git a/tests/nwfilterxml2firewalldata/target2.xml b/tests/nwfilterxml2firewalldata/target2.xml new file mode 100644 index 000000000..c913bf52c --- /dev/null +++ b/tests/nwfilterxml2firewalldata/target2.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='in'> + <tcp dstportstart='22' state='NONE'/> + </rule> + <rule action='accept' direction='out'> + <tcp srcportstart='22' state='NONE'/> + </rule> + <rule action='accept' direction='in'> + <tcp dstportstart='80'/> + </rule> + <rule action='reject' direction='inout'> + <tcp/> + </rule> + <rule action='drop' direction='inout'> + <all/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args new file mode 100644 index 000000000..a55f54641 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args @@ -0,0 +1,22 @@ +ip6tables -A FJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \ +-j RETURN +ip6tables -A FP-vnet0 -p tcp --source a:b:c::d:e:f/128 -m dscp --dscp 2 \ +-m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \ +-j RETURN +ip6tables -A FJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p tcp --destination a:b:c::/128 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p tcp --destination ::10.1.2.3/128 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p tcp --destination ::10.1.2.3/128 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/tcp-ipv6.xml b/tests/nwfilterxml2firewalldata/tcp-ipv6.xml new file mode 100644 index 000000000..d4f24f44d --- /dev/null +++ b/tests/nwfilterxml2firewalldata/tcp-ipv6.xml @@ -0,0 +1,22 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/tcp-linux.args b/tests/nwfilterxml2firewalldata/tcp-linux.args new file mode 100644 index 000000000..1b5f5b2af --- /dev/null +++ b/tests/nwfilterxml2firewalldata/tcp-linux.args @@ -0,0 +1,22 @@ +iptables -A FJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p tcp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -j RETURN +iptables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/32 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -j ACCEPT +iptables -A HJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -j RETURN +iptables -A FJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -j RETURN +iptables -A FP-vnet0 -p tcp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/32 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -j ACCEPT +iptables -A HJ-vnet0 -p tcp --destination 10.1.2.3/32 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -j RETURN +iptables -A FP-vnet0 -p tcp --tcp-flags SYN ALL -j ACCEPT +iptables -A FP-vnet0 -p tcp --tcp-flags SYN SYN,ACK -j ACCEPT +iptables -A FP-vnet0 -p tcp --tcp-flags RST NONE -j ACCEPT +iptables -A FP-vnet0 -p tcp --tcp-flags PSH NONE -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/tcp.xml b/tests/nwfilterxml2firewalldata/tcp.xml new file mode 100644 index 000000000..14ebd35d3 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/tcp.xml @@ -0,0 +1,34 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <tcp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in' statematch='false'> + <tcp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in' statematch='0'> + <tcp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/ALL'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/SYN,ACK'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='RST/NONE'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='PSH/'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args new file mode 100644 index 000000000..1eb0ceaa4 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args @@ -0,0 +1,22 @@ +ip6tables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \ +-j RETURN +ip6tables -A FP-vnet0 -p udp --source a:b:c::d:e:f/128 -m dscp --dscp 2 \ +-m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED \ +-j RETURN +ip6tables -A FJ-vnet0 -p udp --destination ::a:b:c/128 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--source ::a:b:c/128 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p udp --destination ::a:b:c/128 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p udp --destination ::10.1.2.3/128 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 \ +-m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p udp --destination ::10.1.2.3/128 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udp-ipv6.xml b/tests/nwfilterxml2firewalldata/udp-ipv6.xml new file mode 100644 index 000000000..fd4f135a4 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udp-ipv6.xml @@ -0,0 +1,22 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::a:b:c' srcipmask='128' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <udp-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/udp-linux.args b/tests/nwfilterxml2firewalldata/udp-linux.args new file mode 100644 index 000000000..78240e952 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udp-linux.args @@ -0,0 +1,20 @@ +iptables -A FJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp --source 10.1.2.3/32 -m dscp --dscp 2 -m state \ +--state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/32 -m dscp --dscp 33 --sport 20:21 --dport 100:1111 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 33 \ +--dport 20:21 --sport 100:1111 -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udp -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/32 -m dscp --dscp 63 --sport 255:256 --dport 65535:65535 -m state \ +--state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udp --destination 10.1.2.3/32 -m dscp --dscp 63 \ +--dport 255:256 --sport 65535:65535 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udp.xml b/tests/nwfilterxml2firewalldata/udp.xml new file mode 100644 index 000000000..359dfa25b --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udp.xml @@ -0,0 +1,22 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udp srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='33' + srcportstart='20' srcportend='21' + dstportstart='100' dstportend='1111'/> + </rule> + <rule action='accept' direction='in'> + <udp srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='32' + dscp='63' + srcportstart='255' srcportend='256' + dstportstart='65535' dstportend='65535'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args new file mode 100644 index 000000000..47a691590 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args @@ -0,0 +1,20 @@ +ip6tables -A FJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p udplite --destination f:e:d::c:b:a/127 \ +--source a:b:c::d:e:f/128 -m dscp --dscp 2 -m state --state ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--source f:e:d::c:b:a/127 --destination a:b:c::d:e:f/128 -m dscp --dscp 2 -m state \ +--state NEW,ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p udplite --destination a:b:c::/128 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--source a:b:c::/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p udplite --destination a:b:c::/128 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN +ip6tables -A FJ-vnet0 -p udplite --destination ::10.1.2.3/128 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN +ip6tables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--source ::10.1.2.3/128 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +ip6tables -A HJ-vnet0 -p udplite --destination ::10.1.2.3/128 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udplite-ipv6.xml b/tests/nwfilterxml2firewalldata/udplite-ipv6.xml new file mode 100644 index 000000000..5b941a246 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udplite-ipv6.xml @@ -0,0 +1,19 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' + dstipaddr='a:b:c::d:e:f' dstipmask='128' + srcipaddr='f:e:d::c:b:a' srcipmask='127' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='a:b:c::' srcipmask='128' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/udplite-linux.args b/tests/nwfilterxml2firewalldata/udplite-linux.args new file mode 100644 index 000000000..a49443e7d --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udplite-linux.args @@ -0,0 +1,18 @@ +iptables -A FJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udplite --source 10.1.2.3/32 -m dscp --dscp 2 \ +-m state --state ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--destination 10.1.2.3/32 -m dscp --dscp 2 -m state --state NEW,ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN +iptables -A FJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN +iptables -A FP-vnet0 -p udplite -m mac --mac-source 01:02:03:04:05:06 \ +--source 10.1.2.3/22 -m dscp --dscp 33 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A HJ-vnet0 -p udplite --destination 10.1.2.3/22 -m dscp \ +--dscp 33 -m state --state ESTABLISHED -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udplite.xml b/tests/nwfilterxml2firewalldata/udplite.xml new file mode 100644 index 000000000..91262fdd3 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/udplite.xml @@ -0,0 +1,18 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='accept' direction='out'> + <udplite srcmacaddr='1:2:3:4:5:6' + dstipaddr='10.1.2.3' dstipmask='255.255.255.255' + dscp='2'/> + </rule> + <rule action='accept' direction='in'> + <udplite srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> + <rule action='accept' direction='in'> + <udplite srcmacaddr='1:2:3:4:5:6' + srcipaddr='10.1.2.3' srcipmask='22' + dscp='33'/> + </rule> +</filter> diff --git a/tests/nwfilterxml2firewalldata/vlan-linux.args b/tests/nwfilterxml2firewalldata/vlan-linux.args new file mode 100644 index 000000000..f53fd69fc --- /dev/null +++ b/tests/nwfilterxml2firewalldata/vlan-linux.args @@ -0,0 +1,14 @@ +ebtables -t nat -A libvirt-J-vnet0 -d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-s aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 291 -j CONTINUE +ebtables -t nat -A libvirt-P-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 291 -j CONTINUE +ebtables -t nat -A libvirt-J-vnet0 -d 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-s aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 1234 -j RETURN +ebtables -t nat -A libvirt-P-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 1234 -j RETURN +ebtables -t nat -A libvirt-P-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-id 291 -j DROP +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-encap 2054 -j DROP +ebtables -t nat -A libvirt-J-vnet0 -s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \ +-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff -p 0x8100 --vlan-encap 4660 -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/vlan.xml b/tests/nwfilterxml2firewalldata/vlan.xml new file mode 100644 index 000000000..a5e7b38d2 --- /dev/null +++ b/tests/nwfilterxml2firewalldata/vlan.xml @@ -0,0 +1,38 @@ +<filter name='tck-testcase' chain='root'> + <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> + <rule action='continue' direction='inout'> + <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + vlanid='0x123' + /> + </rule> + + <rule action='return' direction='inout'> + <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + vlanid='1234' + /> + </rule> + + <rule action='reject' direction='in'> + <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + vlanid='0x123' + /> + </rule> + + <rule action='drop' direction='out'> + <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + encap-protocol='arp' + /> + </rule> + + <rule action='accept' direction='out'> + <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' + dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' + encap-protocol='0x1234' + /> + </rule> + +</filter> diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c new file mode 100644 index 000000000..01527f471 --- /dev/null +++ b/tests/nwfilterxml2firewalltest.c @@ -0,0 +1,535 @@ +/* + * nwfilterxml2firewalltest.c: Test iptables rule generation + * + * Copyright (C) 2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#include <config.h> + +#if defined (__linux__) + +# include "testutils.h" +# include "nwfilter/nwfilter_ebiptables_driver.h" +# include "virbuffer.h" + +# define __VIR_FIREWALL_PRIV_H_ALLOW__ +# include "virfirewallpriv.h" + +# define __VIR_COMMAND_PRIV_H_ALLOW__ +# include "vircommandpriv.h" + +# define VIR_FROM_THIS VIR_FROM_NONE + +static const char *abs_top_srcdir; + +# ifdef __linux__ +# define RULESTYPE "linux" +# else +# error "test case not ported to this platform" +# endif + +typedef struct _virNWFilterInst virNWFilterInst; +typedef virNWFilterInst *virNWFilterInstPtr; +struct _virNWFilterInst { + virNWFilterDefPtr *filters; + size_t nfilters; + virNWFilterRuleInstPtr *rules; + size_t nrules; +}; + +/* + * Some sets of rules that will be common to all test files, + * so we don't bother including them in the test data files + * as that would just bloat them + */ + +static const char *commonRules[] = { + /* Dropping ebtables rules */ + "ebtables -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vnet0\n" + "ebtables -t nat -L libvirt-J-vnet0\n" + "ebtables -t nat -L libvirt-P-vnet0\n" + "ebtables -t nat -F libvirt-J-vnet0\n" + "ebtables -t nat -X libvirt-J-vnet0\n" + "ebtables -t nat -F libvirt-P-vnet0\n" + "ebtables -t nat -X libvirt-P-vnet0\n", + + /* Creating ebtables chains */ + "ebtables -t nat -N libvirt-J-vnet0\n" + "ebtables -t nat -N libvirt-P-vnet0\n", + + /* Dropping iptables rules */ + "iptables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" + "iptables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" + "iptables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" + "iptables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" + "iptables -F FP-vnet0\n" + "iptables -X FP-vnet0\n" + "iptables -F FJ-vnet0\n" + "iptables -X FJ-vnet0\n" + "iptables -F HJ-vnet0\n" + "iptables -X HJ-vnet0\n", + + /* Creating iptables chains */ + "iptables -N libvirt-in\n" + "iptables -N libvirt-out\n" + "iptables -N libvirt-in-post\n" + "iptables -N libvirt-host-in\n" + "iptables -D FORWARD -j libvirt-in\n" + "iptables -D FORWARD -j libvirt-out\n" + "iptables -D FORWARD -j libvirt-in-post\n" + "iptables -D INPUT -j libvirt-host-in\n" + "iptables -I FORWARD 1 -j libvirt-in\n" + "iptables -I FORWARD 2 -j libvirt-out\n" + "iptables -I FORWARD 3 -j libvirt-in-post\n" + "iptables -I INPUT 1 -j libvirt-host-in\n" + "iptables -N FP-vnet0\n" + "iptables -N FJ-vnet0\n" + "iptables -N HJ-vnet0\n" + "iptables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" + "iptables -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" + "iptables -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" + "iptables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "iptables -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n", + + /* Dropping ip6tables rules */ + "ip6tables -D libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" + "ip6tables -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0\n" + "ip6tables -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" + "ip6tables -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" + "ip6tables -F FP-vnet0\n" + "ip6tables -X FP-vnet0\n" + "ip6tables -F FJ-vnet0\n" + "ip6tables -X FJ-vnet0\n" + "ip6tables -F HJ-vnet0\n" + "ip6tables -X HJ-vnet0\n", + + /* Creating ip6tables chains */ + "ip6tables -N libvirt-in\n" + "ip6tables -N libvirt-out\n" + "ip6tables -N libvirt-in-post\n" + "ip6tables -N libvirt-host-in\n" + "ip6tables -D FORWARD -j libvirt-in\n" + "ip6tables -D FORWARD -j libvirt-out\n" + "ip6tables -D FORWARD -j libvirt-in-post\n" + "ip6tables -D INPUT -j libvirt-host-in\n" + "ip6tables -I FORWARD 1 -j libvirt-in\n" + "ip6tables -I FORWARD 2 -j libvirt-out\n" + "ip6tables -I FORWARD 3 -j libvirt-in-post\n" + "ip6tables -I INPUT 1 -j libvirt-host-in\n" + "ip6tables -N FP-vnet0\n" + "ip6tables -N FJ-vnet0\n" + "ip6tables -N HJ-vnet0\n" + "ip6tables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet0 -g FP-vnet0\n" + "ip6tables -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" + "ip6tables -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vnet0\n" + "ip6tables -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n" + "ip6tables -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEPT\n", + + /* Inserting ebtables rules */ + "ebtables -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet0\n" + "ebtables -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vnet0\n", +}; + + +static virNWFilterHashTablePtr +virNWFilterCreateVarsFrom(virNWFilterHashTablePtr vars1, + virNWFilterHashTablePtr vars2) +{ + virNWFilterHashTablePtr res = virNWFilterHashTableCreate(0); + if (!res) + return NULL; + + if (virNWFilterHashTablePutAll(vars1, res) < 0) + goto err_exit; + + if (virNWFilterHashTablePutAll(vars2, res) < 0) + goto err_exit; + + return res; + + err_exit: + virNWFilterHashTableFree(res); + return NULL; +} + + +static void +virNWFilterRuleInstFree(virNWFilterRuleInstPtr inst) +{ + if (!inst) + return; + + virNWFilterHashTableFree(inst->vars); + VIR_FREE(inst); +} + + +static void +virNWFilterInstReset(virNWFilterInstPtr inst) +{ + size_t i; + + for (i = 0; i < inst->nfilters; i++) + virNWFilterDefFree(inst->filters[i]); + VIR_FREE(inst->filters); + inst->nfilters = 0; + + for (i = 0; i < inst->nrules; i++) + virNWFilterRuleInstFree(inst->rules[i]); + VIR_FREE(inst->rules); + inst->nrules = 0; +} + + +static int +virNWFilterDefToInst(const char *xml, + virNWFilterHashTablePtr vars, + virNWFilterInstPtr inst); + +static int +virNWFilterRuleDefToRuleInst(virNWFilterDefPtr def, + virNWFilterRuleDefPtr rule, + virNWFilterHashTablePtr vars, + virNWFilterInstPtr inst) +{ + virNWFilterRuleInstPtr ruleinst; + int ret = -1; + + if (VIR_ALLOC(ruleinst) < 0) + goto cleanup; + + ruleinst->chainSuffix = def->chainsuffix; + ruleinst->chainPriority = def->chainPriority; + ruleinst->def = rule; + ruleinst->priority = rule->priority; + if (!(ruleinst->vars = virNWFilterHashTableCreate(0))) + goto cleanup; + if (virNWFilterHashTablePutAll(vars, ruleinst->vars) < 0) + goto cleanup; + + if (VIR_APPEND_ELEMENT(inst->rules, + inst->nrules, + ruleinst) < 0) + goto cleanup; + ruleinst = NULL; + + ret = 0; + cleanup: + virNWFilterRuleInstFree(ruleinst); + return ret; +} + + +static int +virNWFilterIncludeDefToRuleInst(virNWFilterIncludeDefPtr inc, + virNWFilterHashTablePtr vars, + virNWFilterInstPtr inst) +{ + virNWFilterHashTablePtr tmpvars = NULL; + int ret = -1; + char *xml; + + if (virAsprintf(&xml, "%s/nwfilterxml2firewalldata/%s.xml", + abs_srcdir, inc->filterref) < 0) + return -1; + + /* create a temporary hashmap for depth-first tree traversal */ + if (!(tmpvars = virNWFilterCreateVarsFrom(inc->params, + vars))) + goto cleanup; + + if (virNWFilterDefToInst(xml, + tmpvars, + inst) < 0) + goto cleanup; + + ret = 0; + cleanup: + if (ret < 0) + virNWFilterInstReset(inst); + virNWFilterHashTableFree(tmpvars); + VIR_FREE(xml); + return ret; +} + +static int +virNWFilterDefToInst(const char *xml, + virNWFilterHashTablePtr vars, + virNWFilterInstPtr inst) +{ + size_t i; + int ret = -1; + virNWFilterDefPtr def = virNWFilterDefParseFile(xml); + + if (!def) + return -1; + + if (VIR_APPEND_ELEMENT_COPY(inst->filters, + inst->nfilters, + def) < 0) { + virNWFilterDefFree(def); + goto cleanup; + } + + for (i = 0; i < def->nentries; i++) { + if (def->filterEntries[i]->rule) { + if (virNWFilterRuleDefToRuleInst(def, + def->filterEntries[i]->rule, + vars, + inst) < 0) + goto cleanup; + } else if (def->filterEntries[i]->include) { + if (virNWFilterIncludeDefToRuleInst(def->filterEntries[i]->include, + vars, + inst) < 0) + goto cleanup; + } + } + + ret = 0; + cleanup: + if (ret < 0) + virNWFilterInstReset(inst); + return ret; +} + + +static void testRemoveCommonRules(char *rules) +{ + size_t i; + char *offset = rules; + + for (i = 0; i < ARRAY_CARDINALITY(commonRules); i++) { + char *tmp = strstr(offset, commonRules[i]); + size_t len = strlen(commonRules[i]); + if (tmp) { + memmove(tmp, tmp + len, (strlen(tmp) + 1) - len); + offset = tmp; + } + } +} + + +static int testSetOneParameter(virNWFilterHashTablePtr vars, + const char *name, + const char *value) +{ + int ret = -1; + virNWFilterVarValuePtr val; + + if ((val = virHashLookup(vars->hashTable, name)) == NULL) { + val = virNWFilterVarValueCreateSimpleCopyValue(value); + if (!val) + goto cleanup; + if (virNWFilterHashTablePut(vars, name, val) < 0) { + virNWFilterVarValueFree(val); + goto cleanup; + } + } else { + if (virNWFilterVarValueAddValueCopy(val, value) < 0) + goto cleanup; + } + ret = 0; + cleanup: + return ret; +} + +static int testSetDefaultParameters(virNWFilterHashTablePtr vars) +{ + if (testSetOneParameter(vars, "IPSETNAME", "tck_test") < 0 || + testSetOneParameter(vars, "A", "1.1.1.1") || + testSetOneParameter(vars, "A", "2.2.2.2") || + testSetOneParameter(vars, "A", "3.3.3.3") || + testSetOneParameter(vars, "A", "3.3.3.3") || + testSetOneParameter(vars, "B", "80") || + testSetOneParameter(vars, "B", "90") || + testSetOneParameter(vars, "B", "80") || + testSetOneParameter(vars, "B", "80") || + testSetOneParameter(vars, "C", "1080") || + testSetOneParameter(vars, "C", "1090") || + testSetOneParameter(vars, "C", "1100") || + testSetOneParameter(vars, "C", "1110")) + return -1; + return 0; +} + +static int testCompareXMLToArgvFiles(const char *xml, + const char *cmdline) +{ + char *expectargv = NULL; + int len; + char *actualargv = NULL; + virBuffer buf = VIR_BUFFER_INITIALIZER; + virNWFilterHashTablePtr vars = virNWFilterHashTableCreate(0); + virNWFilterInst inst; + int ret = -1; + + memset(&inst, 0, sizeof(inst)); + + virCommandSetDryRun(&buf, NULL, NULL); + + if (!vars) + goto cleanup; + + if (testSetDefaultParameters(vars) < 0) + goto cleanup; + + if (virNWFilterDefToInst(xml, + vars, + &inst) < 0) + goto cleanup; + + if (ebiptables_driver.applyNewRules("vnet0", inst.rules, inst.nrules) < 0) + goto cleanup; + + if (virBufferError(&buf)) + goto cleanup; + + actualargv = virBufferContentAndReset(&buf); + virtTestClearCommandPath(actualargv); + virCommandSetDryRun(NULL, NULL, NULL); + + testRemoveCommonRules(actualargv); + + len = virtTestLoadFile(cmdline, &expectargv); + if (len < 0) + goto cleanup; + + if (STRNEQ(expectargv, actualargv)) { + virtTestDifference(stderr, expectargv, actualargv); + goto cleanup; + } + + ret = 0; + + cleanup: + virBufferFreeAndReset(&buf); + VIR_FREE(expectargv); + VIR_FREE(actualargv); + virNWFilterInstReset(&inst); + virNWFilterHashTableFree(vars); + return ret; +} + +struct testInfo { + const char *name; +}; + + +static int +testCompareXMLToIPTablesHelper(const void *data) +{ + int result = -1; + const struct testInfo *info = data; + char *xml = NULL; + char *args = NULL; + + if (virAsprintf(&xml, "%s/nwfilterxml2firewalldata/%s.xml", + abs_srcdir, info->name) < 0 || + virAsprintf(&args, "%s/nwfilterxml2firewalldata/%s-%s.args", + abs_srcdir, info->name, RULESTYPE) < 0) + goto cleanup; + + result = testCompareXMLToArgvFiles(xml, args); + + cleanup: + VIR_FREE(xml); + VIR_FREE(args); + return result; +} + + +static int +mymain(void) +{ + int ret = 0; + + abs_top_srcdir = getenv("abs_top_srcdir"); + if (!abs_top_srcdir) + abs_top_srcdir = abs_srcdir "/.."; + +# define DO_TEST(name) \ + do { \ + static struct testInfo info = { \ + name, \ + }; \ + if (virtTestRun("NWFilter XML-2-firewall " name, \ + testCompareXMLToIPTablesHelper, &info) < 0) \ + ret = -1; \ + } while (0) + + if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + ret = -1; + goto cleanup; + } + + DO_TEST("ah"); + DO_TEST("ah-ipv6"); + DO_TEST("all"); + DO_TEST("all-ipv6"); + DO_TEST("arp"); + DO_TEST("comment"); + DO_TEST("conntrack"); + DO_TEST("esp"); + DO_TEST("esp-ipv6"); + DO_TEST("example-1"); + DO_TEST("example-2"); + DO_TEST("hex-data"); + DO_TEST("icmp-direction2"); + DO_TEST("icmp-direction3"); + DO_TEST("icmp-direction"); + DO_TEST("icmp"); + DO_TEST("icmpv6"); + DO_TEST("igmp"); + DO_TEST("ip"); + DO_TEST("ipset"); + DO_TEST("ipt-no-macspoof"); + DO_TEST("ipv6"); + DO_TEST("iter1"); + DO_TEST("iter2"); + DO_TEST("iter3"); + DO_TEST("mac"); + DO_TEST("rarp"); + DO_TEST("sctp"); + DO_TEST("sctp-ipv6"); + DO_TEST("stp"); + DO_TEST("target2"); + DO_TEST("target"); + DO_TEST("tcp"); + DO_TEST("tcp-ipv6"); + DO_TEST("udp"); + DO_TEST("udp-ipv6"); + DO_TEST("udplite"); + DO_TEST("udplite-ipv6"); + DO_TEST("vlan"); + + cleanup: + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIRT_TEST_MAIN(mymain) + +#else /* ! defined (__linux__) */ + +int main(void) +{ + return EXIT_AM_SKIP; +} + +#endif /* ! defined (__linux__) */ diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index 6d7e23e94..0fc9fcb47 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -95,7 +95,6 @@ static int testCompareXMLToArgvFiles(const char *xml, struct testInfo { const char *name; unsigned long long extraFlags; - const char *migrateFrom; }; static int @@ -128,22 +127,25 @@ mymain(void) int ret = 0; driver.config = virQEMUDriverConfigNew(false); + if (driver.config == NULL) + return EXIT_FAILURE; + if ((driver.caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; if (!(driver.xmlopt = virQEMUDriverCreateXMLConf(&driver))) return EXIT_FAILURE; -# define DO_TEST_FULL(name, extraFlags, migrateFrom) \ +# define DO_TEST_FULL(name, extraFlags) \ do { \ - const struct testInfo info = { name, extraFlags, migrateFrom }; \ + const struct testInfo info = { name, extraFlags }; \ if (virtTestRun("QEMU ARGV-2-XML " name, \ testCompareXMLToArgvHelper, &info) < 0) \ ret = -1; \ } while (0) # define DO_TEST(name) \ - DO_TEST_FULL(name, 0, NULL) + DO_TEST_FULL(name, 0) setenv("PATH", "/bin", 1); setenv("USER", "test", 1); @@ -261,12 +263,11 @@ mymain(void) DO_TEST("nosharepages"); - DO_TEST_FULL("restore-v1", 0, "stdio"); - DO_TEST_FULL("restore-v2", 0, "stdio"); - DO_TEST_FULL("restore-v2", 0, "exec:cat"); - DO_TEST_FULL("migrate", 0, "tcp:10.0.0.1:5000"); + DO_TEST("restore-v1"); + DO_TEST("restore-v2"); + DO_TEST("migrate"); - DO_TEST_FULL("qemu-ns-no-env", 1, NULL); + DO_TEST_FULL("qemu-ns-no-env", 1); virObjectUnref(driver.config); virObjectUnref(driver.caps); diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index f80d03eea..47d7481c2 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2013 Red Hat, Inc. + * Copyright (C) 2011-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1356,8 +1356,8 @@ testQemuMonitorJSONqemuMonitorJSONGetBlockInfo(const void *data) if (!test) return -1; - if (!(blockDevices = virHashCreate(32, (virHashDataFree) free)) || - !(expectedBlockDevices = virHashCreate(32, (virHashDataFree) (free)))) + if (!(blockDevices = virHashCreate(32, virHashValueFree)) || + !(expectedBlockDevices = virHashCreate(32, virHashValueFree))) goto cleanup; if (VIR_ALLOC(info) < 0) diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-backing-chains.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-backing-chains.xml new file mode 100644 index 000000000..b80b9d2bb --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-backing-chains.xml @@ -0,0 +1,94 @@ +<domain type='qemu' id='1'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='gluster' name='Volume2/Image'> + <host transport='unix' socket='/path/to/sock'/> + </source> + <backingStore type='file' index='1'> + <format type='qcow2'/> + <source file='/tmp/missing-backing-store.qcow'/> + </backingStore> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='nbd' name='bar'> + <host transport='unix' socket='/var/run/nbdsock'/> + </source> + <backingStore type='block' index='1'> + <format type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <backingStore type='file' index='2'> + <format type='qcow2'/> + <source file='/tmp/image2.qcow'/> + <backingStore type='file' index='3'> + <format type='qcow2'/> + <source file='/tmp/image3.qcow'/> + <backingStore type='file' index='4'> + <format type='qcow2'/> + <source file='/tmp/image4.qcow'/> + <backingStore type='file' index='5'> + <source file='/tmp/image5.qcow'/> + <format type='qcow2'/> + <backingStore type='file' index='6'> + <format type='raw'/> + <source file='/tmp/Fedora-17-x86_64-Live-KDE.iso'/> + <backingStore/> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + <target dev='vdb' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <backingStore/> + <source protocol='gluster' name='Volume1/Image'> + <host name='example.org' port='6000'/> + </source> + <target dev='vdc' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <auth username='myname'> + <secret type='ceph' usage='mycluster_myname'/> + </auth> + <source protocol='rbd' name='pool/image'> + <host name='mon1.example.org' port='6321'/> + <host name='mon2.example.org' port='6322'/> + <host name='mon3.example.org' port='6322'/> + </source> + <backingStore type='file' index='1'> + <source file='/tmp/image.qcow'/> + <backingStore/> + <format type='qcow2'/> + </backingStore> + <target dev='vdd' bus='virtio'/> + </disk> + <disk type='block' device='disk'> + <driver name='qemu' type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest11'/> + <target dev='vde' bus='virtio'/> + </disk> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.args new file mode 100644 index 000000000..f743b6bcd --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.args @@ -0,0 +1,5 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu -S -M \ +pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait \ +-no-acpi -boot c -usb -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,\ +format=raw,copy-on-read=on -net none -serial none -parallel none diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-numad-static-vcpu-no-numatune.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.xml index 71c1497aa..c15ca937b 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-numad-static-vcpu-no-numatune.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.xml @@ -3,14 +3,11 @@ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> <memory unit='KiB'>219136</memory> <currentMemory unit='KiB'>219136</currentMemory> - <vcpu placement='static'>2</vcpu> + <vcpu placement='static'>1</vcpu> <os> <type arch='i686' machine='pc'>hvm</type> <boot dev='hd'/> </os> - <cpu> - <topology sockets='2' cores='1' threads='1'/> - </cpu> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> @@ -18,12 +15,14 @@ <devices> <emulator>/usr/bin/qemu</emulator> <disk type='block' device='disk'> + <driver copy_on_read='on'/> <source dev='/dev/HostVG/QEMUGuest1'/> <target dev='hda' bus='ide'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> - <controller type='ide' index='0'/> <controller type='usb' index='0'/> + <controller type='ide' index='0'/> + <controller type='pci' index='0' model='pci-root'/> <memballoon model='virtio'/> </devices> </domain> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml index f01312f53..de2855a30 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml @@ -16,14 +16,16 @@ <on_crash>restart</on_crash> <devices> <emulator>/usr/bin/qemu</emulator> - <disk type='file' device='disk'> - <driver name='qemu' type='qcow2' discard='unmap'/> + <!-- For this disk, intentionally stress parser resilience to + atypical ordering --> + <disk device='disk'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> <source file='/var/lib/libvirt/images/f14.img'/> <target dev='vda' bus='virtio'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> + <driver discard='unmap' name='qemu' type='qcow2'/> </disk> <disk type='file' device='cdrom'> - <driver name='qemu' type='raw' discard='ignore'/> + <driver discard='ignore'/> <source file='/var/lib/libvirt/Fedora-14-x86_64-Live-KDE.iso'/> <target dev='hdc' bus='ide'/> <readonly/> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml index aa16a7e39..faa0b8c4a 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml @@ -16,23 +16,27 @@ <emulator>/usr/bin/qemu</emulator> <disk type='block' device='disk'> <source dev='/dev/HostVG/QEMUGuest1'/> + <backingStore/> <mirror file='/dev/HostVG/QEMUGuest1Copy' ready='yes'/> <target dev='hda' bus='ide'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='block' device='cdrom'> <source dev='/dev/HostVG/QEMUGuest2'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='1' target='0' unit='0'/> </disk> <disk type='file' device='disk'> <source file='/tmp/data.img'/> + <backingStore/> <mirror file='/tmp/copy.img' format='qcow2'/> <target dev='vda' bus='virtio'/> </disk> <disk type='file' device='disk'> <source file='/tmp/logs.img'/> + <backingStore/> <target dev='vdb' bus='virtio'/> </disk> <controller type='usb' index='0'/> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml index e96f76eae..95d5be290 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml @@ -14,15 +14,17 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu</emulator> - <disk type='volume' device='cdrom'> - <source pool='pool-disk' volume='block+cdrom'> + <!-- For this disk, intentionally stress parser resilience to + atypical ordering --> + <disk device='cdrom' type='volume'> + <address type='drive' controller='0' bus='0' target='0' unit='1'/> + <readonly/> + <target bus='ide' dev='hda'/> + <source volume='block+cdrom' pool='pool-disk'> <seclabel model='selinux' relabel='yes'> <label>system_u:system_r:public_content_t:s0</label> </seclabel> </source> - <target dev='hda' bus='ide'/> - <readonly/> - <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <disk type='volume' device='cdrom'> <driver name='qemu' type='raw'/> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-default.args b/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-default.args index 3a21b7683..eac7c56b9 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-default.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-default.args @@ -3,5 +3,5 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ -nographic -nodefconfig -nodefaults \ -chardev socket,id=charmonitor,path=/tmp/test-monitor,server,nowait \ -mon chardev=charmonitor,id=monitor,mode=readline -no-acpi -boot c \ --usb -chardev pty,id=charserial0 \ +-device pci-ohci,id=usb,bus=pci,addr=0x1 -chardev pty,id=charserial0 \ -device spapr-vty,chardev=charserial0,reg=0x30000000 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-labelskip.xml b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-labelskip.xml index a7434481d..7978f5bc1 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-labelskip.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-labelskip.xml @@ -18,6 +18,7 @@ <source dev='/dev/HostVG/QEMUGuest1'> <seclabel model='selinux' labelskip='yes'/> </source> + <backingStore/> <target dev='hda' bus='ide'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 56854dcda..a1ef2b800 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -483,7 +483,6 @@ static int mymain(void) { int ret = 0; - char *map = NULL; bool skipLegacyCPUs = false; abs_top_srcdir = getenv("abs_top_srcdir"); @@ -501,6 +500,9 @@ mymain(void) } driver.config = virQEMUDriverConfigNew(true); + if (driver.config == NULL) + return EXIT_FAILURE; + VIR_FREE(driver.config->spiceListen); VIR_FREE(driver.config->vncListen); @@ -527,11 +529,6 @@ mymain(void) driver.config->spiceTLS = 1; if (VIR_STRDUP_QUIET(driver.config->spicePassword, "123456") < 0) return EXIT_FAILURE; - if (virAsprintf(&map, "%s/src/cpu/cpu_map.xml", abs_top_srcdir) < 0 || - cpuMapOverride(map) < 0) { - VIR_FREE(map); - return EXIT_FAILURE; - } # define DO_TEST_FULL(name, migrateFrom, migrateFd, flags, ...) \ do { \ @@ -736,6 +733,9 @@ mymain(void) DO_TEST("disk-drive-cache-unsafe", QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_CACHE_V2, QEMU_CAPS_DRIVE_CACHE_UNSAFE, QEMU_CAPS_DRIVE_FORMAT); + DO_TEST("disk-drive-copy-on-read", + QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_CACHE_V2, + QEMU_CAPS_DRIVE_COPY_ON_READ, QEMU_CAPS_DRIVE_FORMAT); DO_TEST("disk-drive-network-nbd", QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT); DO_TEST("disk-drive-network-nbd-export", @@ -1358,7 +1358,6 @@ mymain(void) virObjectUnref(driver.config); virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); - VIR_FREE(map); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-active.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-active.xml new file mode 100644 index 000000000..482ee59dd --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-active.xml @@ -0,0 +1,96 @@ +<domain type='qemu' id='1'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='gluster' name='Volume2/Image'> + <host transport='unix' socket='/path/to/sock'/> + </source> + <backingStore type='file' index='1'> + <format type='qcow2'/> + <source file='/tmp/missing-backing-store.qcow'/> + <backingStore/> + </backingStore> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='nbd' name='bar'> + <host transport='unix' socket='/var/run/nbdsock'/> + </source> + <backingStore type='block' index='1'> + <format type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest1'/> + <backingStore type='file' index='2'> + <format type='qcow2'/> + <source file='/tmp/image2.qcow'/> + <backingStore type='file' index='3'> + <format type='qcow2'/> + <source file='/tmp/image3.qcow'/> + <backingStore type='file' index='4'> + <format type='qcow2'/> + <source file='/tmp/image4.qcow'/> + <backingStore type='file' index='5'> + <format type='qcow2'/> + <source file='/tmp/image5.qcow'/> + <backingStore type='file' index='6'> + <format type='raw'/> + <source file='/tmp/Fedora-17-x86_64-Live-KDE.iso'/> + <backingStore/> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + </backingStore> + <target dev='vdb' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='gluster' name='Volume1/Image'> + <host name='example.org' port='6000'/> + </source> + <backingStore/> + <target dev='vdc' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <auth username='myname'> + <secret type='ceph' usage='mycluster_myname'/> + </auth> + <source protocol='rbd' name='pool/image'> + <host name='mon1.example.org' port='6321'/> + <host name='mon2.example.org' port='6322'/> + <host name='mon3.example.org' port='6322'/> + </source> + <backingStore type='file' index='1'> + <format type='qcow2'/> + <source file='/tmp/image.qcow'/> + <backingStore/> + </backingStore> + <target dev='vdd' bus='virtio'/> + </disk> + <disk type='block' device='disk'> + <driver name='qemu' type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest11'/> + <backingStore/> + <target dev='vde' bus='virtio'/> + </disk> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-inactive.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-inactive.xml new file mode 100644 index 000000000..5b59aad4f --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-inactive.xml @@ -0,0 +1,59 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='gluster' name='Volume2/Image'> + <host transport='unix' socket='/path/to/sock'/> + </source> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='nbd' name='bar'> + <host transport='unix' socket='/var/run/nbdsock'/> + </source> + <target dev='vdb' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='gluster' name='Volume1/Image'> + <host name='example.org' port='6000'/> + </source> + <target dev='vdc' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <auth username='myname'> + <secret type='ceph' usage='mycluster_myname'/> + </auth> + <source protocol='rbd' name='pool/image'> + <host name='mon1.example.org' port='6321'/> + <host name='mon2.example.org' port='6322'/> + <host name='mon3.example.org' port='6322'/> + </source> + <target dev='vdd' bus='virtio'/> + </disk> + <disk type='block' device='disk'> + <driver name='qemu' type='qcow2'/> + <source dev='/dev/HostVG/QEMUGuest11'/> + <target dev='vde' bus='virtio'/> + </disk> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml new file mode 100644 index 000000000..f20b3b99e --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml @@ -0,0 +1,37 @@ +<domain type='qemu'> + <name>test</name> + <uuid>92d7a226-cfae-425b-a6d3-00bbf9ec5c9e</uuid> + <memory unit='KiB'>1048576</memory> + <currentMemory unit='KiB'>1048576</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc-0.13'>hvm</type> + <boot dev='cdrom'/> + <boot dev='hd'/> + <bootmenu enable='yes'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>restart</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='file' device='disk'> + <driver name='qemu' type='qcow2' discard='unmap'/> + <source file='/var/lib/libvirt/images/f14.img'/> + <target dev='vda' bus='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> + </disk> + <disk type='file' device='cdrom'> + <driver discard='ignore'/> + <source file='/var/lib/libvirt/Fedora-14-x86_64-Live-KDE.iso'/> + <target dev='hdc' bus='ide'/> + <readonly/> + <address type='drive' controller='0' bus='1' target='0' unit='0'/> + </disk> + <controller type='usb' index='0'/> + <controller type='ide' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-cdrom-empty.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool.xml index 2c5a81a0a..e96f76eae 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-cdrom-empty.xml +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool.xml @@ -1,8 +1,8 @@ <domain type='qemu'> <name>QEMUGuest1</name> <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> - <memory unit='KiB'>219100</memory> - <currentMemory unit='KiB'>219100</currentMemory> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='i686' machine='pc'>hvm</type> @@ -14,19 +14,31 @@ <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/qemu</emulator> - <disk type='block' device='disk'> - <source dev='/dev/HostVG/QEMUGuest1'/> + <disk type='volume' device='cdrom'> + <source pool='pool-disk' volume='block+cdrom'> + <seclabel model='selinux' relabel='yes'> + <label>system_u:system_r:public_content_t:s0</label> + </seclabel> + </source> <target dev='hda' bus='ide'/> - <address type='drive' controller='0' bus='0' target='0' unit='0'/> + <readonly/> + <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> - <disk type='file' device='cdrom'> + <disk type='volume' device='cdrom'> + <driver name='qemu' type='raw'/> <target dev='hdc' bus='ide'/> - <source startupPolicy='optional'/> <readonly/> <address type='drive' controller='0' bus='1' target='0' unit='0'/> </disk> + <disk type='file' device='disk'> + <source file='/tmp/idedisk.img'/> + <target dev='hdc' bus='ide'/> + <address type='drive' controller='0' bus='0' target='0' unit='2'/> + </disk> <controller type='usb' index='0'/> <controller type='ide' index='0'/> + <controller type='ide' index='1'/> + <controller type='pci' index='0' model='pci-root'/> <memballoon model='virtio'/> </devices> </domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index c8a1c1069..3ea03e645 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -81,31 +81,55 @@ testCompareXMLToXMLHelper(const void *data) const struct testInfo *info = data; char *xml_in = NULL; char *xml_out = NULL; + char *xml_out_active = NULL; + char *xml_out_inactive = NULL; int ret = -1; if (virAsprintf(&xml_in, "%s/qemuxml2argvdata/qemuxml2argv-%s.xml", abs_srcdir, info->name) < 0 || virAsprintf(&xml_out, "%s/qemuxml2xmloutdata/qemuxml2xmlout-%s.xml", + abs_srcdir, info->name) < 0 || + virAsprintf(&xml_out_active, + "%s/qemuxml2xmloutdata/qemuxml2xmlout-%s-active.xml", + abs_srcdir, info->name) < 0 || + virAsprintf(&xml_out_inactive, + "%s/qemuxml2xmloutdata/qemuxml2xmlout-%s-inactive.xml", abs_srcdir, info->name) < 0) goto cleanup; - if ((info->when & WHEN_INACTIVE) && - testCompareXMLToXMLFiles(xml_in, - info->different ? xml_out : xml_in, - false) < 0) - goto cleanup; + if ((info->when & WHEN_INACTIVE)) { + char *out; + if (!info->different) + out = xml_in; + else if (virFileExists(xml_out_inactive)) + out = xml_out_inactive; + else + out = xml_out; + + if (testCompareXMLToXMLFiles(xml_in, out, false) < 0) + goto cleanup; + } - if ((info->when & WHEN_ACTIVE) && - testCompareXMLToXMLFiles(xml_in, - info->different ? xml_out : xml_in, - true) < 0) - goto cleanup; + if ((info->when & WHEN_ACTIVE)) { + char *out; + if (!info->different) + out = xml_in; + else if (virFileExists(xml_out_active)) + out = xml_out_active; + else + out = xml_out; + + if (testCompareXMLToXMLFiles(xml_in, out, true) < 0) + goto cleanup; + } ret = 0; cleanup: VIR_FREE(xml_in); VIR_FREE(xml_out); + VIR_FREE(xml_out_active); + VIR_FREE(xml_out_inactive); return ret; } @@ -187,6 +211,7 @@ mymain(void) DO_TEST("disk-drive-cache-v1-wt"); DO_TEST("disk-drive-cache-v1-wb"); DO_TEST("disk-drive-cache-v1-none"); + DO_TEST("disk-drive-copy-on-read"); DO_TEST("disk-drive-network-nbd"); DO_TEST("disk-drive-network-nbd-export"); DO_TEST("disk-drive-network-nbd-ipv6"); @@ -282,10 +307,10 @@ mymain(void) DO_TEST("disk-scsi-lun-passthrough-sgio"); DO_TEST("disk-scsi-disk-vpd"); - DO_TEST("disk-source-pool"); + DO_TEST_DIFFERENT("disk-source-pool"); DO_TEST("disk-source-pool-mode"); - DO_TEST("disk-drive-discard"); + DO_TEST_DIFFERENT("disk-drive-discard"); DO_TEST("virtio-rng-random"); DO_TEST("virtio-rng-egd"); @@ -335,6 +360,8 @@ mymain(void) DO_TEST("panic"); + DO_TEST_DIFFERENT("disk-backing-chains"); + virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); diff --git a/tests/qemuxmlnstest.c b/tests/qemuxmlnstest.c index 30bb72351..e8f70d6a7 100644 --- a/tests/qemuxmlnstest.c +++ b/tests/qemuxmlnstest.c @@ -205,7 +205,6 @@ static int mymain(void) { int ret = 0; - char *map = NULL; bool json = false; abs_top_srcdir = getenv("abs_top_srcdir"); @@ -217,11 +216,6 @@ mymain(void) return EXIT_FAILURE; if (!(driver.xmlopt = virQEMUDriverCreateXMLConf(&driver))) return EXIT_FAILURE; - if (virAsprintf(&map, "%s/src/cpu/cpu_map.xml", abs_top_srcdir) < 0 || - cpuMapOverride(map) < 0) { - VIR_FREE(map); - return EXIT_FAILURE; - } # define DO_TEST_FULL(name, migrateFrom, migrateFd, expectError, ...) \ do { \ @@ -266,7 +260,6 @@ mymain(void) virObjectUnref(driver.config); virObjectUnref(driver.caps); virObjectUnref(driver.xmlopt); - VIR_FREE(map); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c index ce5e6a8ad..047356e31 100644 --- a/tests/securityselinuxlabeltest.c +++ b/tests/securityselinuxlabeltest.c @@ -169,8 +169,8 @@ testSELinuxLoadDef(const char *testname) goto cleanup; for (i = 0; i < def->ndisks; i++) { - if (def->disks[i]->src.type != VIR_DOMAIN_DISK_TYPE_FILE && - def->disks[i]->src.type != VIR_DOMAIN_DISK_TYPE_BLOCK) + if (def->disks[i]->src.type != VIR_STORAGE_TYPE_FILE && + def->disks[i]->src.type != VIR_STORAGE_TYPE_BLOCK) continue; if (testSELinuxMungePath(&def->disks[i]->src.path) < 0) diff --git a/tests/sexpr2xmldata/sexpr2xml-boot-grub.xml b/tests/sexpr2xmldata/sexpr2xml-boot-grub.xml index cc3fd48ed..1220407f3 100644 --- a/tests/sexpr2xmldata/sexpr2xml-boot-grub.xml +++ b/tests/sexpr2xmldata/sexpr2xml-boot-grub.xml @@ -17,6 +17,7 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/dev/MainVG/GuestVG'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-bridge-ipaddr.xml b/tests/sexpr2xmldata/sexpr2xml-bridge-ipaddr.xml index e17e1e5a5..9b5cc3a49 100644 --- a/tests/sexpr2xmldata/sexpr2xml-bridge-ipaddr.xml +++ b/tests/sexpr2xmldata/sexpr2xml-bridge-ipaddr.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <interface type='bridge'> diff --git a/tests/sexpr2xmldata/sexpr2xml-curmem.xml b/tests/sexpr2xmldata/sexpr2xml-curmem.xml index 2e68fc464..39d954a22 100644 --- a/tests/sexpr2xmldata/sexpr2xml-curmem.xml +++ b/tests/sexpr2xmldata/sexpr2xml-curmem.xml @@ -19,6 +19,7 @@ <disk type='file' device='disk'> <driver name='tap' type='raw'/> <source file='/xen/rhel5.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <interface type='bridge'> diff --git a/tests/sexpr2xmldata/sexpr2xml-disk-block-shareable.xml b/tests/sexpr2xmldata/sexpr2xml-disk-block-shareable.xml index 571b34906..40e890390 100644 --- a/tests/sexpr2xmldata/sexpr2xml-disk-block-shareable.xml +++ b/tests/sexpr2xmldata/sexpr2xml-disk-block-shareable.xml @@ -16,6 +16,7 @@ <disk type='file' device='disk'> <driver name='tap' type='raw'/> <source file='/var/lib/xen/images/rhel5pv.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> <shareable/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-disk-block.xml b/tests/sexpr2xmldata/sexpr2xml-disk-block.xml index 77165765a..51e3b3a9d 100644 --- a/tests/sexpr2xmldata/sexpr2xml-disk-block.xml +++ b/tests/sexpr2xmldata/sexpr2xml-disk-block.xml @@ -18,6 +18,7 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/dev/MainVG/GuestVG'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-qcow.xml b/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-qcow.xml index 38ae2fe80..315c68a64 100644 --- a/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-qcow.xml +++ b/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-qcow.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='tap' type='qcow'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-raw.xml b/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-raw.xml index df8e7ecb2..c56582da5 100644 --- a/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-raw.xml +++ b/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap-raw.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='tap' type='raw'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap2-raw.xml b/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap2-raw.xml index ea93195c8..7afc6b50c 100644 --- a/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap2-raw.xml +++ b/tests/sexpr2xmldata/sexpr2xml-disk-drv-blktap2-raw.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='tap2' type='raw'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-disk-file.xml b/tests/sexpr2xmldata/sexpr2xml-disk-file.xml index 749653947..36b8c1eb6 100644 --- a/tests/sexpr2xmldata/sexpr2xml-disk-file.xml +++ b/tests/sexpr2xmldata/sexpr2xml-disk-file.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-autoport.xml b/tests/sexpr2xmldata/sexpr2xml-fv-autoport.xml index 0f29f03f5..69fe9ef8b 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-autoport.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-autoport.xml @@ -21,11 +21,13 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/iscsi/winxp'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/net/heaped/export/netimage/windows/xp-sp2-vol.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-empty-kernel.xml b/tests/sexpr2xmldata/sexpr2xml-fv-empty-kernel.xml index b5bd19b81..3c3147d72 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-empty-kernel.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-empty-kernel.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-force-hpet.xml b/tests/sexpr2xmldata/sexpr2xml-fv-force-hpet.xml index ae056c849..716f16b4c 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-force-hpet.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-force-hpet.xml @@ -23,11 +23,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-force-nohpet.xml b/tests/sexpr2xmldata/sexpr2xml-fv-force-nohpet.xml index 27090be17..3dd648b89 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-force-nohpet.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-force-nohpet.xml @@ -23,11 +23,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-kernel.xml b/tests/sexpr2xmldata/sexpr2xml-fv-kernel.xml index 320835a5d..29c1335ba 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-kernel.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-kernel.xml @@ -19,6 +19,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <serial type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-legacy-vfb.xml b/tests/sexpr2xmldata/sexpr2xml-fv-legacy-vfb.xml index d28ba9880..9c596448a 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-legacy-vfb.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-legacy-vfb.xml @@ -26,6 +26,7 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/dev/zvol/dsk/export/s10u4-root'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <input type='mouse' bus='ps2'/> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-localtime.xml b/tests/sexpr2xmldata/sexpr2xml-fv-localtime.xml index b896e51a0..67b0b95ca 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-localtime.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-localtime.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-net-ioemu.xml b/tests/sexpr2xmldata/sexpr2xml-fv-net-ioemu.xml index 8dda7ffc7..86b32e925 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-net-ioemu.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-net-ioemu.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-net-netfront.xml b/tests/sexpr2xmldata/sexpr2xml-fv-net-netfront.xml index 788d319df..ed7da80d7 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-net-netfront.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-net-netfront.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-parallel-tcp.xml b/tests/sexpr2xmldata/sexpr2xml-fv-parallel-tcp.xml index a9450ec27..ed3fde64e 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-parallel-tcp.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-parallel-tcp.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2-ports.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2-ports.xml index f05db8d2a..7f5a729b5 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2-ports.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2-ports.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2nd-port.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2nd-port.xml index 10a331ea4..10f84dc88 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2nd-port.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-dev-2nd-port.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-file.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-file.xml index c1c717e18..a3fd2311d 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-file.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-file.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-null.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-null.xml index ea1914405..b3f77c97d 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-null.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-null.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-pipe.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-pipe.xml index 447d4a36f..e2171613e 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-pipe.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-pipe.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-pty.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-pty.xml index 328bc45a0..3ad22649c 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-pty.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-pty.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-stdio.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-stdio.xml index 5a9243321..001df567e 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-stdio.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-stdio.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp-telnet.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp-telnet.xml index 1f800bc82..c2496fde6 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp-telnet.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp-telnet.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp.xml index 23dabbdb8..6dc047ecd 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-tcp.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-udp.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-udp.xml index 29ba6e58a..7ccaeacf7 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-udp.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-udp.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-serial-unix.xml b/tests/sexpr2xmldata/sexpr2xml-fv-serial-unix.xml index 0379e0d9e..b5ad4134e 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-serial-unix.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-serial-unix.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-sound-all.xml b/tests/sexpr2xmldata/sexpr2xml-fv-sound-all.xml index 0785041e8..7183e792c 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-sound-all.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-sound-all.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-sound.xml b/tests/sexpr2xmldata/sexpr2xml-fv-sound.xml index 0785041e8..7183e792c 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-sound.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-sound.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-usbmouse.xml b/tests/sexpr2xmldata/sexpr2xml-fv-usbmouse.xml index b9c2aafc2..ae90e339e 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-usbmouse.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-usbmouse.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-usbtablet.xml b/tests/sexpr2xmldata/sexpr2xml-fv-usbtablet.xml index 44a08678a..f81c47a6e 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-usbtablet.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-usbtablet.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-utc.xml b/tests/sexpr2xmldata/sexpr2xml-fv-utc.xml index 584fbfbff..c783d930b 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-utc.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-utc.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv-v2.xml b/tests/sexpr2xmldata/sexpr2xml-fv-v2.xml index f91041217..bd3b107d2 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv-v2.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv-v2.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-fv.xml b/tests/sexpr2xmldata/sexpr2xml-fv.xml index 584fbfbff..c783d930b 100644 --- a/tests/sexpr2xmldata/sexpr2xml-fv.xml +++ b/tests/sexpr2xmldata/sexpr2xml-fv.xml @@ -21,11 +21,13 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/foo.img'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> <driver name='file'/> <source file='/root/boot.iso'/> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-net-bridged.xml b/tests/sexpr2xmldata/sexpr2xml-net-bridged.xml index da403bddb..ce7954dde 100644 --- a/tests/sexpr2xmldata/sexpr2xml-net-bridged.xml +++ b/tests/sexpr2xmldata/sexpr2xml-net-bridged.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <interface type='bridge'> diff --git a/tests/sexpr2xmldata/sexpr2xml-net-e1000.xml b/tests/sexpr2xmldata/sexpr2xml-net-e1000.xml index 1ce70671c..286209bee 100644 --- a/tests/sexpr2xmldata/sexpr2xml-net-e1000.xml +++ b/tests/sexpr2xmldata/sexpr2xml-net-e1000.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <interface type='bridge'> diff --git a/tests/sexpr2xmldata/sexpr2xml-net-routed.xml b/tests/sexpr2xmldata/sexpr2xml-net-routed.xml index 3a31f5f25..0ab3b6dd0 100644 --- a/tests/sexpr2xmldata/sexpr2xml-net-routed.xml +++ b/tests/sexpr2xmldata/sexpr2xml-net-routed.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <interface type='ethernet'> diff --git a/tests/sexpr2xmldata/sexpr2xml-no-source-cdrom.xml b/tests/sexpr2xmldata/sexpr2xml-no-source-cdrom.xml index 055b0d3d7..00d18ce52 100644 --- a/tests/sexpr2xmldata/sexpr2xml-no-source-cdrom.xml +++ b/tests/sexpr2xmldata/sexpr2xml-no-source-cdrom.xml @@ -23,9 +23,11 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/dev/sda8'/> + <backingStore/> <target dev='hda' bus='ide'/> </disk> <disk type='file' device='cdrom'> + <backingStore/> <target dev='hdc' bus='ide'/> <readonly/> </disk> diff --git a/tests/sexpr2xmldata/sexpr2xml-pci-devs.xml b/tests/sexpr2xmldata/sexpr2xml-pci-devs.xml index 146b77954..a404484b1 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pci-devs.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pci-devs.xml @@ -18,6 +18,7 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/dev/MainVG/GuestVG'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-bootloader-cmdline.xml b/tests/sexpr2xmldata/sexpr2xml-pv-bootloader-cmdline.xml index f0e34f72e..0e92d0e95 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-bootloader-cmdline.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-bootloader-cmdline.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-bootloader.xml b/tests/sexpr2xmldata/sexpr2xml-pv-bootloader.xml index 80efe82d4..bafe97fc8 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-bootloader.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-bootloader.xml @@ -17,6 +17,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-localtime.xml b/tests/sexpr2xmldata/sexpr2xml-pv-localtime.xml index 348049a0e..fc57fa938 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-localtime.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-localtime.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml b/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml index 6f7cffccb..a55f83e6f 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new-vncdisplay.xml b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new-vncdisplay.xml index e8c3cdab4..9ae7bff67 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new-vncdisplay.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new-vncdisplay.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new.xml b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new.xml index 365d3c9ff..c2eb798b5 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-new.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-orig.xml b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-orig.xml index 365d3c9ff..c2eb798b5 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-orig.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-orig.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml index 5333292ce..0fee41ced 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml @@ -17,6 +17,7 @@ <disk type='block' device='disk'> <driver name='phy'/> <source dev='/dev/vg_dom0test/test2vm'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <interface type='bridge'> diff --git a/tests/sexpr2xmldata/sexpr2xml-pv.xml b/tests/sexpr2xmldata/sexpr2xml-pv.xml index 749653947..36b8c1eb6 100644 --- a/tests/sexpr2xmldata/sexpr2xml-pv.xml +++ b/tests/sexpr2xmldata/sexpr2xml-pv.xml @@ -18,6 +18,7 @@ <disk type='file' device='disk'> <driver name='file'/> <source file='/root/some.img'/> + <backingStore/> <target dev='xvda' bus='xen'/> </disk> <console type='pty'> diff --git a/tests/storagebackendsheepdogtest.c b/tests/storagebackendsheepdogtest.c index e219acb5d..14fc76d7a 100644 --- a/tests/storagebackendsheepdogtest.c +++ b/tests/storagebackendsheepdogtest.c @@ -1,6 +1,7 @@ /* * storagebackendsheepdogtest.c: storage backend for Sheepdog handling * + * Copyright (C) 2014 Red Hat, Inc. * Copyright (C) 2012 Sebastian Wiedenroth * * This library is free software; you can redistribute it and/or @@ -114,8 +115,8 @@ test_vdi_list_parser(collie_test test, char *poolxml, char *volxml) goto cleanup; } - if (vol->capacity == test.expected_capacity && - vol->allocation == test.expected_allocation) + if (vol->target.capacity == test.expected_capacity && + vol->target.allocation == test.expected_allocation) ret = 0; cleanup: diff --git a/tests/testutils.c b/tests/testutils.c index 9767a782f..dbe4773f1 100644 --- a/tests/testutils.c +++ b/tests/testutils.c @@ -459,10 +459,20 @@ int virtTestDifference(FILE *stream, const char *expect, const char *actual) { - const char *expectStart = expect; - const char *expectEnd = expect + (strlen(expect)-1); - const char *actualStart = actual; - const char *actualEnd = actual + (strlen(actual)-1); + const char *expectStart; + const char *expectEnd; + const char *actualStart; + const char *actualEnd; + + if (!expect) + expect = ""; + if (!actual) + actual = ""; + + expectStart = expect; + expectEnd = expect + (strlen(expect)-1); + actualStart = actual; + actualEnd = actual + (strlen(actual)-1); if (!virTestGetDebug()) return 0; @@ -678,6 +688,8 @@ int virtTestMain(int argc, char *oomstr; #endif + virFileActivateDirOverride(argv[0]); + if (!virFileExists(abs_srcdir)) return EXIT_AM_HARDFAIL; @@ -843,6 +855,57 @@ int virtTestClearLineRegex(const char *pattern, } +/* + * @cmdset contains a list of command line args, eg + * + * "/usr/sbin/iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT + * /usr/sbin/iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT + * /usr/sbin/iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT + * /usr/sbin/iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT + * /usr/sbin/iptables --table filter --insert FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT" + * + * And we're munging it in-place to strip the path component + * of the command line, to produce + * + * "iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT + * iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT + * iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT + * iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT + * iptables --table filter --insert FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT" + */ +void virtTestClearCommandPath(char *cmdset) +{ + size_t offset = 0; + char *lineStart = cmdset; + char *lineEnd = strchr(lineStart, '\n'); + + while (lineStart) { + char *dirsep; + char *movestart; + size_t movelen; + dirsep = strchr(lineStart, ' '); + if (dirsep) { + while (dirsep > lineStart && *dirsep != '/') + dirsep--; + if (*dirsep == '/') + dirsep++; + movestart = dirsep; + } else { + movestart = lineStart; + } + movelen = lineEnd ? lineEnd - movestart : strlen(movestart); + + if (movelen) { + memmove(cmdset + offset, movestart, movelen + 1); + offset += movelen + 1; + } + lineStart = lineEnd ? lineEnd + 1 : NULL; + lineEnd = lineStart ? strchr(lineStart, '\n') : NULL; + } + cmdset[offset] = '\0'; +} + + virCapsPtr virTestGenericCapsInit(void) { virCapsPtr caps; diff --git a/tests/testutils.h b/tests/testutils.h index e89492bf6..ad28ea78c 100644 --- a/tests/testutils.h +++ b/tests/testutils.h @@ -59,6 +59,8 @@ int virtTestCaptureProgramOutput(const char *const argv[], char **buf, int maxle int virtTestClearLineRegex(const char *pattern, char *string); +void virtTestClearCommandPath(char *cmdset); + int virtTestDifference(FILE *stream, const char *expect, const char *actual); diff --git a/tests/viralloctest.c b/tests/viralloctest.c new file mode 100644 index 000000000..8c0826faa --- /dev/null +++ b/tests/viralloctest.c @@ -0,0 +1,407 @@ +/* + * viralloctest.c: Test memory allocation APIs + * + * Copyright (C) 2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#include <config.h> + +#include <viralloc.h> + +#include "testutils.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +typedef struct testDummyStruct { + int a; + int b; +} testDummyStruct; + +static int +testCheckNonNull(void *t) +{ + if (t == NULL) { + fprintf(stderr, "Allocation succeeded but pointer is NULL\n"); + return -1; + } + + return 0; +} + +static int +testAllocScalar(const void *opaque ATTRIBUTE_UNUSED) +{ + testDummyStruct *t; + int ret = -1; + + if (VIR_ALLOC(t) < 0) + return -1; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + if (t->a != 0 || + t->b != 0) { + fprintf(stderr, "Allocated ram was not zerod\n"); + goto cleanup; + } + + VIR_FREE(t); + + if (t != NULL) { + fprintf(stderr, "Pointer is still set after free\n"); + goto cleanup; + } + + ret = 0; + cleanup: + VIR_FREE(t); + return ret; +} + + +static int +testAllocArray(const void *opaque ATTRIBUTE_UNUSED) +{ + testDummyStruct *t; + size_t nt = 10, i; + int ret = -1; + + if (VIR_ALLOC_N(t, nt) < 0) + return -1; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + if (t[i].a != 0 || + t[i].b != 0) { + fprintf(stderr, "Allocated ram block %zu was not zerod\n", i); + goto cleanup; + } + } + + VIR_FREE(t); + + if (t != NULL) { + fprintf(stderr, "Pointer is still set after free\n"); + goto cleanup; + } + + ret = 0; + cleanup: + VIR_FREE(t); + return ret; +} + + +static int +testReallocArray(const void *opaque ATTRIBUTE_UNUSED) +{ + testDummyStruct *t; + size_t nt = 10, i; + int ret = -1; + + if (VIR_ALLOC_N(t, nt) < 0) + return -1; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + t[i].a = 10; + t[i].b = 20; + } + + if (VIR_REALLOC_N(t, nt + 5) < 0) + goto cleanup; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + + if (VIR_REALLOC_N(t, nt) < 0) + goto cleanup; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + + if (VIR_REALLOC_N(t, nt - 5) < 0) + goto cleanup; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < (nt - 5); i++) { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + + VIR_FREE(t); + + if (t != NULL) { + fprintf(stderr, "Pointer is still set after free\n"); + goto cleanup; + } + + ret = 0; + cleanup: + VIR_FREE(t); + return ret; +} + + +static int +testExpandArray(const void *opaque ATTRIBUTE_UNUSED) +{ + testDummyStruct *t; + size_t nt = 10, i; + int ret = -1; + + if (VIR_ALLOC_N(t, nt) < 0) + return -1; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + t[i].a = 10; + t[i].b = 20; + } + + if (VIR_EXPAND_N(t, nt, 5) < 0) + goto cleanup; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < (nt - 5); i++) { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + + for (i = (nt - 5); i < nt; i++) { + if (t[i].a != 0 || + t[i].b != 0) { + fprintf(stderr, "New ram block %zu was not zerod\n", i); + goto cleanup; + } + } + + VIR_SHRINK_N(t, nt, 5); + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + + VIR_SHRINK_N(t, nt, 5); + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + + VIR_FREE(t); + + if (t != NULL) { + fprintf(stderr, "Pointer is still set after free\n"); + goto cleanup; + } + + ret = 0; + cleanup: + VIR_FREE(t); + return ret; +} + + +static int +testResizeArray(const void *opaque ATTRIBUTE_UNUSED) +{ + testDummyStruct *t; + size_t nt = 10, at, i; + int ret = -1; + + if (VIR_ALLOC_N(t, nt) < 0) + return -1; + + at = nt; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) { + t[i].a = 10; + t[i].b = 20; + } + + if (VIR_RESIZE_N(t, at, nt, 8) < 0) + goto cleanup; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + if (at != 18) { + fprintf(stderr, "Expected allocation of 16 not %zu\n", at); + goto cleanup; + } + + for (i = 0; i < at; i++) { + if (i >= nt) { + if (t[i].a != 0 || + t[i].b != 0) { + fprintf(stderr, "New ram block %zu was not zerod\n", i); + goto cleanup; + } + } else { + if (t[i].a != 10 || + t[i].b != 20) { + fprintf(stderr, "Reallocated ram block %zu lost data\n", i); + goto cleanup; + } + } + } + + VIR_FREE(t); + + if (t != NULL) { + fprintf(stderr, "Pointer is still set after free\n"); + goto cleanup; + } + + ret = 0; + cleanup: + VIR_FREE(t); + return ret; +} + + +static int +testInsertArray(const void *opaque ATTRIBUTE_UNUSED) +{ + testDummyStruct **t; + size_t nt = 10, i; + int ret = -1; + testDummyStruct *n = (void *)0xff; + + if (VIR_ALLOC_N(t, nt) < 0) + return -1; + + if (testCheckNonNull(t) < 0) + goto cleanup; + + for (i = 0; i < nt; i++) + t[i] = (void*)0x50; + + if (VIR_INSERT_ELEMENT(t, 3, nt, n) < 0) { + if (nt != 10) { + fprintf(stderr, "Expecting array size 10 after OOM not %zu\n", nt); + goto cleanup; + } + goto cleanup; + } + + if (nt != 11) { + fprintf(stderr, "Expecting array size 11 not %zu\n", nt); + goto cleanup; + } + + if (n != NULL) { + fprintf(stderr, "Expecting element to be set to NULL\n"); + goto cleanup; + } + + for (i = 0; i < nt; i++) { + void *expect = i == 3 ? (void *)0xff : (void*)0x50; + if (t[i] != expect) { + fprintf(stderr, "Expecting %p at offset %zu not %p\n", + expect, i, t[i]); + goto cleanup; + } + } + + VIR_FREE(t); + + if (t != NULL) { + fprintf(stderr, "Pointer is still set after free\n"); + goto cleanup; + } + + ret = 0; + cleanup: + VIR_FREE(t); + return ret; +} + + +static int +mymain(void) +{ + int ret = 0; + + if (virtTestRun("alloc scalar", testAllocScalar, NULL) < 0) + ret = -1; + if (virtTestRun("alloc array", testAllocArray, NULL) < 0) + ret = -1; + if (virtTestRun("realloc array", testReallocArray, NULL) < 0) + ret = -1; + if (virtTestRun("expand array", testExpandArray, NULL) < 0) + ret = -1; + if (virtTestRun("resize array", testResizeArray, NULL) < 0) + ret = -1; + if (virtTestRun("insert array", testInsertArray, NULL) < 0) + ret = -1; + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIRT_TEST_MAIN(mymain) diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c index dd078c1db..35ac0c006 100644 --- a/tests/vircgrouptest.c +++ b/tests/vircgrouptest.c @@ -560,7 +560,7 @@ static int testCgroupGetPercpuStats(const void *args ATTRIBUTE_UNUSED) if ((rv = virCgroupGetPercpuStats(cgroup, params, - 2, 0, 1)) < 0) { + 2, 0, 1, 0)) < 0) { fprintf(stderr, "Failed call to virCgroupGetPercpuStats for /virtualmachines cgroup: %d\n", -rv); goto cleanup; } diff --git a/tests/virdrivermoduletest.c b/tests/virdrivermoduletest.c index 4203f5bab..840fc280f 100644 --- a/tests/virdrivermoduletest.c +++ b/tests/virdrivermoduletest.c @@ -65,8 +65,6 @@ mymain(void) ret = -1; \ } while (0) - virDriverModuleInitialize(abs_builddir "/../src/.libs"); - #ifdef WITH_NETWORK # define USE_NETWORK "network" TEST("network", NULL); diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c new file mode 100644 index 000000000..805fa44b7 --- /dev/null +++ b/tests/virfirewalltest.c @@ -0,0 +1,1186 @@ +/* + * Copyright (C) 2013-2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + * Author: Daniel P. Berrange <berrange@redhat.com> + */ + +#include <config.h> + +#define __VIR_FIREWALL_PRIV_H_ALLOW__ +#define __VIR_COMMAND_PRIV_H_ALLOW__ + +#include "testutils.h" +#include "virbuffer.h" +#include "vircommandpriv.h" +#include "virfirewallpriv.h" +#include "virmock.h" +#include "virdbuspriv.h" + +#define VIR_FROM_THIS VIR_FROM_FIREWALL + +#if WITH_DBUS +# include <dbus/dbus.h> +#endif + +static bool fwDisabled = true; +static virBufferPtr fwBuf; +static bool fwError; + +#define TEST_FILTER_TABLE_LIST \ + "Chain INPUT (policy ACCEPT)\n" \ + "target prot opt source destination\n" \ + "\n" \ + "Chain FORWARD (policy ACCEPT)\n" \ + "target prot opt source destination\n" \ + "\n" \ + "Chain OUTPUT (policy ACCEPT)\n" \ + "target prot opt source destination\n" + +#define TEST_NAT_TABLE_LIST \ + "Chain PREROUTING (policy ACCEPT)\n" \ + "target prot opt source destination\n" \ + "\n" \ + "Chain INPUT (policy ACCEPT)\n" \ + "target prot opt source destination\n" \ + "\n" \ + "Chain OUTPUT (policy ACCEPT)\n" \ + "target prot opt source destination\n" \ + "\n" \ + "Chain POSTROUTING (policy ACCEPT)\n" \ + "target prot opt source destination\n" + +#if WITH_DBUS +VIR_MOCK_IMPL_RET_ARGS(dbus_connection_send_with_reply_and_block, + DBusMessage *, + DBusConnection *, connection, + DBusMessage *, message, + int, timeout_milliseconds, + DBusError *, error) +{ + DBusMessage *reply = NULL; + const char *service = dbus_message_get_destination(message); + const char *member = dbus_message_get_member(message); + size_t i; + size_t nargs = 0; + char **args = NULL; + char *type = NULL; + + VIR_MOCK_IMPL_INIT_REAL(dbus_connection_send_with_reply_and_block); + + if (STREQ(service, "org.freedesktop.DBus") && + STREQ(member, "ListNames")) { + const char *svc1 = "org.foo.bar.wizz"; + const char *svc2 = VIR_FIREWALL_FIREWALLD_SERVICE; + DBusMessageIter iter; + DBusMessageIter sub; + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + dbus_message_iter_init_append(reply, &iter); + dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, + "s", &sub); + + if (!dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc1)) + goto error; + if (!fwDisabled && + !dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc2)) + goto error; + dbus_message_iter_close_container(&iter, &sub); + } else if (STREQ(service, VIR_FIREWALL_FIREWALLD_SERVICE) && + STREQ(member, "passthrough")) { + bool isAdd = false; + bool doError = false; + + if (virDBusMessageDecode(message, + "sa&s", + &type, + &nargs, + &args) < 0) + goto error; + + for (i = 0; i < nargs; i++) { + /* Fake failure on the command with this IP addr */ + if (STREQ(args[i], "-A")) { + isAdd = true; + } else if (isAdd && STREQ(args[i], "192.168.122.255")) { + doError = true; + } + } + + if (fwBuf) { + if (STREQ(type, "ipv4")) + virBufferAddLit(fwBuf, IPTABLES_PATH); + else if (STREQ(type, "ipv4")) + virBufferAddLit(fwBuf, IP6TABLES_PATH); + else + virBufferAddLit(fwBuf, EBTABLES_PATH); + } + for (i = 0; i < nargs; i++) { + if (fwBuf) { + virBufferAddLit(fwBuf, " "); + virBufferEscapeShell(fwBuf, args[i]); + } + } + if (fwBuf) + virBufferAddLit(fwBuf, "\n"); + if (doError) { + dbus_set_error_const(error, + "org.firewalld.error", + "something bad happened"); + } else { + if (nargs == 1 && + STREQ(type, "ipv4") && + STREQ(args[0], "-L")) { + if (virDBusCreateReply(&reply, + "s", TEST_FILTER_TABLE_LIST) < 0) + goto error; + } else if (nargs == 3 && + STREQ(type, "ipv4") && + STREQ(args[0], "-t") && + STREQ(args[1], "nat") && + STREQ(args[2], "-L")) { + if (virDBusCreateReply(&reply, + "s", TEST_NAT_TABLE_LIST) < 0) + goto error; + } else { + if (virDBusCreateReply(&reply, + "s", "success") < 0) + goto error; + } + } + } else { + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + } + + cleanup: + VIR_FREE(type); + for (i = 0; i < nargs; i++) + VIR_FREE(args[i]); + VIR_FREE(args); + return reply; + + error: + if (reply) + dbus_message_unref(reply); + reply = NULL; + if (error && !dbus_error_is_set(error)) + dbus_set_error_const(error, + "org.firewalld.error", + "something unexpected happened"); + + goto cleanup; +} +#endif + +struct testFirewallData { + virFirewallBackend tryBackend; + virFirewallBackend expectBackend; + bool fwDisabled; +}; + +static int +testFirewallSingleGroup(const void *opaque) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) + virCommandSetDryRun(&cmdbuf, NULL, NULL); + else + fwBuf = &cmdbuf; + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) < 0) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + + +static int +testFirewallRemoveRule(const void *opaque) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + const struct testFirewallData *data = opaque; + virFirewallRulePtr fwrule; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) + virCommandSetDryRun(&cmdbuf, NULL, NULL); + else + fwBuf = &cmdbuf; + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", NULL); + virFirewallRuleAddArg(fw, fwrule, "--source-host"); + virFirewallRemoveRule(fw, fwrule); + + fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", NULL); + virFirewallRuleAddArg(fw, fwrule, "--source-host"); + virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1"); + virFirewallRuleAddArgList(fw, fwrule, "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) < 0) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + + +static int +testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) + virCommandSetDryRun(&cmdbuf, NULL, NULL); + else + fwBuf = &cmdbuf; + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "OUTPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "OUTPUT", + "--jump", "DROP", NULL); + + + if (virFirewallApply(fw) < 0) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + +static void +testFirewallRollbackHook(const char *const*args, + const char *const*env ATTRIBUTE_UNUSED, + const char *input ATTRIBUTE_UNUSED, + char **output ATTRIBUTE_UNUSED, + char **error ATTRIBUTE_UNUSED, + int *status, + void *opaque ATTRIBUTE_UNUSED) +{ + bool isAdd = false; + while (*args) { + /* Fake failure on the command with this IP addr */ + if (STREQ(*args, "-A")) { + isAdd = true; + } else if (isAdd && STREQ(*args, "192.168.122.255")) { + *status = 127; + break; + } + args++; + } +} + +static int +testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallRollbackHook, NULL); + } else { + fwBuf = &cmdbuf; + fwError = true; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "OUTPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "OUTPUT", + "--jump", "DROP", NULL); + + + if (virFirewallApply(fw) < 0) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + + +static int +testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallRollbackHook, NULL); + } else { + fwBuf = &cmdbuf; + fwError = true; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, + true, NULL, NULL, + "-A", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "OUTPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "OUTPUT", + "--jump", "DROP", NULL); + + + if (virFirewallApply(fw) < 0) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + + +static int +testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallRollbackHook, NULL); + } else { + fwBuf = &cmdbuf; + fwError = true; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) == 0) { + fprintf(stderr, "Firewall apply unexpectedly worked\n"); + goto cleanup; + } + + if (virtTestOOMActive()) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + +static int +testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallRollbackHook, NULL); + } else { + fwError = true; + fwBuf = &cmdbuf; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + virFirewallStartRollback(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) == 0) { + fprintf(stderr, "Firewall apply unexpectedly worked\n"); + goto cleanup; + } + + if (virtTestOOMActive()) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + +static int +testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallRollbackHook, NULL); + } else { + fwBuf = &cmdbuf; + fwError = true; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallStartRollback(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + virFirewallStartRollback(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) == 0) { + fprintf(stderr, "Firewall apply unexpectedly worked\n"); + goto cleanup; + } + + if (virtTestOOMActive()) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + +static int +testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + const struct testFirewallData *data = opaque; + + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallRollbackHook, NULL); + } else { + fwBuf = &cmdbuf; + fwError = true; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallStartRollback(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.127", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + virFirewallStartRollback(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.127", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "192.168.122.255", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-D", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) == 0) { + fprintf(stderr, "Firewall apply unexpectedly worked\n"); + goto cleanup; + } + + if (virtTestOOMActive()) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + + +static const char *expectedLines[] = { + "Chain INPUT (policy ACCEPT)", + "target prot opt source destination", + "", + "Chain FORWARD (policy ACCEPT)", + "target prot opt source destination", + "", + "Chain OUTPUT (policy ACCEPT)", + "target prot opt source destination", + "", + "Chain PREROUTING (policy ACCEPT)", + "target prot opt source destination", + "", + "Chain INPUT (policy ACCEPT)", + "target prot opt source destination", + "", + "Chain OUTPUT (policy ACCEPT)", + "target prot opt source destination", + "", + "Chain POSTROUTING (policy ACCEPT)", + "target prot opt source destination", + "", +}; +static size_t expectedLineNum; +static bool expectedLineError; + +static void +testFirewallQueryHook(const char *const*args, + const char *const*env ATTRIBUTE_UNUSED, + const char *input ATTRIBUTE_UNUSED, + char **output, + char **error ATTRIBUTE_UNUSED, + int *status, + void *opaque ATTRIBUTE_UNUSED) +{ + if (STREQ(args[0], IPTABLES_PATH) && + STREQ(args[1], "-L")) { + if (VIR_STRDUP(*output, TEST_FILTER_TABLE_LIST) < 0) + *status = 127; + } else if (STREQ(args[0], IPTABLES_PATH) && + STREQ(args[1], "-t") && + STREQ(args[2], "nat") && + STREQ(args[3], "-L")) { + if (VIR_STRDUP(*output, TEST_NAT_TABLE_LIST) < 0) + *status = 127; + } +} + + +static int +testFirewallQueryCallback(virFirewallPtr fw, + const char *const *lines, + void *opaque ATTRIBUTE_UNUSED) +{ + size_t i; + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.129", + "--jump", "REJECT", NULL); + + for (i = 0; lines[i] != NULL; i++) { + if (expectedLineNum >= ARRAY_CARDINALITY(expectedLines)) { + expectedLineError = true; + break; + } + if (STRNEQ(expectedLines[expectedLineNum], lines[i])) { + fprintf(stderr, "Mismatch '%s' vs '%s' at %zu, %zu\n", + expectedLines[expectedLineNum], lines[i], + expectedLineNum, i); + expectedLineError = true; + break; + } + expectedLineNum++; + } + return 0; +} + +static int +testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) +{ + virBuffer cmdbuf = VIR_BUFFER_INITIALIZER; + virFirewallPtr fw = NULL; + int ret = -1; + const char *actual = NULL; + const char *expected = + IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + IPTABLES_PATH " -L\n" + IPTABLES_PATH " -t nat -L\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n" + IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + const struct testFirewallData *data = opaque; + + expectedLineNum = 0; + expectedLineError = false; + fwDisabled = data->fwDisabled; + if (virFirewallSetBackend(data->tryBackend) < 0) + goto cleanup; + + if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT) { + virCommandSetDryRun(&cmdbuf, testFirewallQueryHook, NULL); + } else { + fwBuf = &cmdbuf; + fwError = true; + } + + fw = virFirewallNew(); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.1", + "--jump", "ACCEPT", NULL); + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.127", + "--jump", "REJECT", NULL); + + virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, + false, + testFirewallQueryCallback, + NULL, + "-L", NULL); + virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, + false, + testFirewallQueryCallback, + NULL, + "-t", "nat", "-L", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.130", + "--jump", "REJECT", NULL); + + + virFirewallStartTransaction(fw, 0); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "192.168.122.128", + "--jump", "REJECT", NULL); + + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, + "-A", "INPUT", + "--source-host", "!192.168.122.1", + "--jump", "REJECT", NULL); + + if (virFirewallApply(fw) < 0) + goto cleanup; + + if (virBufferError(&cmdbuf)) + goto cleanup; + + actual = virBufferCurrentContent(&cmdbuf); + + if (expectedLineError) { + fprintf(stderr, "Got some unexpected query data\n"); + goto cleanup; + } + + if (STRNEQ_NULLABLE(expected, actual)) { + fprintf(stderr, "Unexected command execution\n"); + virtTestDifference(stderr, expected, actual); + goto cleanup; + } + + ret = 0; + cleanup: + virBufferFreeAndReset(&cmdbuf); + fwBuf = NULL; + virCommandSetDryRun(NULL, NULL, NULL); + virFirewallFree(fw); + return ret; +} + +static int +mymain(void) +{ + int ret = 0; + +#define RUN_TEST_DIRECT(name, method) \ + do { \ + struct testFirewallData data; \ + data.tryBackend = VIR_FIREWALL_BACKEND_AUTOMATIC; \ + data.expectBackend = VIR_FIREWALL_BACKEND_DIRECT; \ + data.fwDisabled = true; \ + if (virtTestRun(name " auto direct", method, &data) < 0) \ + ret = -1; \ + data.tryBackend = VIR_FIREWALL_BACKEND_DIRECT; \ + data.expectBackend = VIR_FIREWALL_BACKEND_DIRECT; \ + data.fwDisabled = true; \ + if (virtTestRun(name " manual direct", method, &data) < 0) \ + ret = -1; \ + } while (0) + +#if WITH_DBUS +# define RUN_TEST_FIREWALLD(name, method) \ + do { \ + struct testFirewallData data; \ + data.tryBackend = VIR_FIREWALL_BACKEND_AUTOMATIC; \ + data.expectBackend = VIR_FIREWALL_BACKEND_FIREWALLD; \ + data.fwDisabled = false; \ + if (virtTestRun(name " auto firewalld", method, &data) < 0) \ + ret = -1; \ + data.tryBackend = VIR_FIREWALL_BACKEND_FIREWALLD; \ + data.expectBackend = VIR_FIREWALL_BACKEND_FIREWALLD; \ + data.fwDisabled = false; \ + if (virtTestRun(name " manual firewalld", method, &data) < 0) \ + ret = -1; \ + } while (0) + +# define RUN_TEST(name, method) \ + RUN_TEST_DIRECT(name, method); \ + RUN_TEST_FIREWALLD(name, method) +#else /* ! WITH_DBUS */ +# define RUN_TEST(name, method) \ + RUN_TEST_DIRECT(name, method) +#endif /* ! WITH_DBUS */ + + RUN_TEST("single group", testFirewallSingleGroup); + RUN_TEST("remove rule", testFirewallRemoveRule); + RUN_TEST("many groups", testFirewallManyGroups); + RUN_TEST("ignore fail group", testFirewallIgnoreFailGroup); + RUN_TEST("ignore fail rule", testFirewallIgnoreFailRule); + RUN_TEST("no rollback", testFirewallNoRollback); + RUN_TEST("single rollback", testFirewallSingleRollback); + RUN_TEST("many rollback", testFirewallManyRollback); + RUN_TEST("chained rollback", testFirewallChainedRollback); + RUN_TEST("query transaction", testFirewallQuery); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +#if WITH_DBUS +VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virmockdbus.so") +#else +VIRT_TEST_MAIN(mymain) +#endif diff --git a/tests/virhostdevtest.c b/tests/virhostdevtest.c index 089014eed..de4cdde90 100644 --- a/tests/virhostdevtest.c +++ b/tests/virhostdevtest.c @@ -65,6 +65,9 @@ myCleanup(void) } if (mgr) { + if (mgr->stateDir && !getenv("LIBVIRT_SKIP_CLEANUP")) + virFileDeleteTree(mgr->stateDir); + virObjectUnref(mgr->activePCIHostdevs); virObjectUnref(mgr->inactivePCIHostdevs); virObjectUnref(mgr->activeUSBHostdevs); diff --git a/tests/virmock.h b/tests/virmock.h new file mode 100644 index 000000000..0dd8bb50d --- /dev/null +++ b/tests/virmock.h @@ -0,0 +1,266 @@ +/* + * virmock.h: helper for mocking C functions + * + * Copyright (C) 2014 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#ifndef __VIR_MOCK_H__ +# define __VIR_MOCK_H__ + +# if HAVE_DLFCN_H +# include <dlfcn.h> +# endif +# include <stdlib.h> +# include <stdio.h> + +# include "internal.h" + +# define VIR_MOCK_COUNT_ARGS(...) VIR_MOCK_ARG21(__VA_ARGS__, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1) +# define VIR_MOCK_ARG21(_1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, ...) _21 +# define VIR_MOCK_ARG_PASTE(a, b, ...) a##b(__VA_ARGS__) + +# define VIR_MOCK_ARGNAME(a, b) b +# define VIR_MOCK_ARGTYPE(a, b) a +# define VIR_MOCK_ARGTYPENAME(a, b) a b +# define VIR_MOCK_ARGTYPENAME_UNUSED(a, b) a b ATTRIBUTE_UNUSED + +# define VIR_MOCK_GET_ARG2(z, a, b) z(a, b) +# define VIR_MOCK_GET_ARG3(z, a, b, c) z(a, b) +# define VIR_MOCK_GET_ARG4(z, a, b, c, d) z(a, b), z(c, d) +# define VIR_MOCK_GET_ARG5(z, a, b, c, d, e) z(a, b), z(c, d) +# define VIR_MOCK_GET_ARG6(z, a, b, c, d, e, f) z(a, b), z(c, d), z(e, f) +# define VIR_MOCK_GET_ARG7(z, a, b, c, d, e, f, g) z(a, b), z(c, d), z(e, f) +# define VIR_MOCK_GET_ARG8(z, a, b, c, d, e, f, g, h) z(a, b), z(c, d), z(e, f), z(g, h) +# define VIR_MOCK_GET_ARG9(z, a, b, c, d, e, f, g, h, i) z(a, b), z(c, d), z(e, f), z(g, h) +# define VIR_MOCK_GET_ARG10(z, a, b, c, d, e, f, g, h, i, j) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j) +# define VIR_MOCK_GET_ARG11(z, a, b, c, d, e, f, g, h, i, j, k) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j) +# define VIR_MOCK_GET_ARG12(z, a, b, c, d, e, f, g, h, i, j, k, l) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l) +# define VIR_MOCK_GET_ARG13(z, a, b, c, d, e, f, g, h, i, j, k, l, m) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l) +# define VIR_MOCK_GET_ARG14(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n) +# define VIR_MOCK_GET_ARG15(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n) +# define VIR_MOCK_GET_ARG16(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n), z(o, p) +# define VIR_MOCK_GET_ARG17(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n), z(o, p) +# define VIR_MOCK_GET_ARG18(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n), z(o, p), z(q, r) +# define VIR_MOCK_GET_ARG19(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n), z(o, p), z(q, r) +# define VIR_MOCK_GET_ARG20(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n), z(o, p), z(q, r), z(s, t) +# define VIR_MOCK_GET_ARG21(z, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u) z(a, b), z(c, d), z(e, f), z(g, h), z(i, j), z(k, l), z(m, n), z(o, p), z(q, r), z(s, t) + + +# define VIR_MOCK_ARGNAMES_EXPAND(a, b, ...) VIR_MOCK_ARG_PASTE(a, b, __VA_ARGS__) +# define VIR_MOCK_ARGNAMES(...) \ + VIR_MOCK_ARGNAMES_EXPAND(VIR_MOCK_GET_ARG, VIR_MOCK_COUNT_ARGS(__VA_ARGS__), VIR_MOCK_ARGNAME, __VA_ARGS__) + +# define VIR_MOCK_ARGTYPES_EXPAND(a, b, ...) VIR_MOCK_ARG_PASTE(a, b, __VA_ARGS__) +# define VIR_MOCK_ARGTYPES(...) \ + VIR_MOCK_ARGTYPES_EXPAND(VIR_MOCK_GET_ARG, VIR_MOCK_COUNT_ARGS(__VA_ARGS__), VIR_MOCK_ARGTYPE, __VA_ARGS__) + +# define VIR_MOCK_ARGTYPENAMES_EXPAND(a, b, ...) VIR_MOCK_ARG_PASTE(a, b, __VA_ARGS__) +# define VIR_MOCK_ARGTYPENAMES(...) \ + VIR_MOCK_ARGTYPENAMES_EXPAND(VIR_MOCK_GET_ARG, VIR_MOCK_COUNT_ARGS(__VA_ARGS__), VIR_MOCK_ARGTYPENAME, __VA_ARGS__) + +# define VIR_MOCK_ARGTYPENAMES_UNUSED_EXPAND(a, b, ...) VIR_MOCK_ARG_PASTE(a, b, __VA_ARGS__) +# define VIR_MOCK_ARGTYPENAMES_UNUSED(...) \ + VIR_MOCK_ARGTYPENAMES_UNUSED_EXPAND(VIR_MOCK_GET_ARG, VIR_MOCK_COUNT_ARGS(__VA_ARGS__), VIR_MOCK_ARGTYPENAME_UNUSED, __VA_ARGS__) + + +/* + * The VIR_MOCK_LINK_NNN_MMM() macros are intended for use in + * LD_PRELOAD based wrappers. They provide a replacement for + * for an existing shared library symbol export. They will + * then lookup the same symbol name but with 'wrap_' prefixed + * on it, and call that. + * + * The actual test suite should provide the implemention of + * the wrap_XXXX symbol, using the VIR_MOCK_WRAP_NNN_MMM + * macros. + */ + + +/** + * VIR_MOCK_LINK_RET_ARGS: + * @name: the symbol name to replace + * @rettype: the return type + * @...: pairs of parameter type and parameter name + * + * Define a replacement for @name which invokes wrap_@name + * forwarding on all args, and passing back the return value. + */ +# define VIR_MOCK_LINK_RET_ARGS(name, rettype, ...) \ + rettype name(VIR_MOCK_ARGTYPENAMES(__VA_ARGS__)) \ + { \ + static rettype (*wrap_##name)(VIR_MOCK_ARGTYPES(__VA_ARGS__)); \ + if (wrap_##name == NULL && \ + !(wrap_##name = dlsym(RTLD_DEFAULT, \ + "wrap_" #name))) { \ + fprintf(stderr, "Missing symbol 'wrap_" #name "'\n"); \ + abort(); \ + } \ + \ + return wrap_##name(VIR_MOCK_ARGNAMES(__VA_ARGS__)); \ + } + +/** + * VIR_MOCK_LINK_RET_VOID: + * @name: the symbol name to replace + * @rettype: the return type + * + * Define a replacement for @name which invokes wrap_@name + * with no arguments, and passing back the return value. + */ +# define VIR_MOCK_LINK_RET_VOID(name, rettype) \ + rettype name(void) \ + { \ + static rettype (*wrap_##name)(void); \ + if (wrap_##name == NULL && \ + !(wrap_##name = dlsym(RTLD_DEFAULT, \ + "wrap_" #name))) { \ + fprintf(stderr, "Missing symbol 'wrap_" #name "'\n"); \ + abort(); \ + } \ + \ + return wrap_##name(); \ + } + +/** + * VIR_MOCK_LINK_VOID_ARGS: + * @name: the symbol name to replace + * @...: pairs of parameter type and parameter name + * + * Define a replacement for @name which invokes wrap_@name + * forwarding on all args, but with no return value. + */ +# define VIR_MOCK_LINK_VOID_ARGS(name, ...) \ + void name(VIR_MOCK_ARGTYPENAMES(__VA_ARGS__)) \ + { \ + static void (*wrap_##name)(VIR_MOCK_ARGTYPES(__VA_ARGS__)); \ + if (wrap_##name == NULL && \ + !(wrap_##name = dlsym(RTLD_DEFAULT, \ + "wrap_" #name))) { \ + fprintf(stderr, "Missing symbol 'wrap_" #name "'\n"); \ + abort(); \ + } \ + \ + wrap_##name(VIR_MOCK_ARGNAMES(__VA_ARGS__)); \ + } + + + +/* + * The VIR_MOCK_STUB_NNN_MMM() macros are intended for use in + * LD_PRELOAD based wrappers. They provide a replacement for + * for an existing shared library symbol export. They will + * be a pure no-op, optionally returning a dummy value. + */ + + +/** + * VIR_MOCK_STUB_RET_ARGS: + * @name: the symbol name to replace + * @rettype: the return type + * @retval: the return value + * @...: pairs of parameter type and parameter name + * + * Define a replacement for @name which invokes wrap_@name + * forwarding on all args, and passing back the return value. + */ +# define VIR_MOCK_STUB_RET_ARGS(name, rettype, retval, ...) \ + rettype name(VIR_MOCK_ARGTYPENAMES_UNUSED(__VA_ARGS__)) \ + { \ + return retval; \ + } + +/** + * VIR_MOCK_STUB_RET_VOID: + * @name: the symbol name to replace + * @rettype: the return type + * + * Define a replacement for @name which invokes wrap_@name + * with no arguments, and passing back the return value. + */ +# define VIR_MOCK_STUB_RET_VOID(name, rettype, retval) \ + rettype name(void) \ + { \ + return retval; \ + } + +/** + * VIR_MOCK_STUB_VOID_ARGS: + * @name: the symbol name to replace + * @...: pairs of parameter type and parameter name + * + * Define a replacement for @name which invokes wrap_@name + * forwarding on all args, but with no return value. + */ +# define VIR_MOCK_STUB_VOID_ARGS(name, ...) \ + void name(VIR_MOCK_ARGTYPENAMES_UNUSED(__VA_ARGS__)) \ + { \ + } + + + +/** + * VIR_MOCK_STUB_VOID_VOID: + * @name: the symbol name to replace + * + * Define a replacement for @name which invokes wrap_@name + * with no arguments and with no return value + */ +# define VIR_MOCK_STUB_VOID_VOID(name) \ + void name(void) \ + { \ + } + + +/* + * The VIR_MOCK_IMPL_NNN_MMM() macros are intended for use in the + * individual test suites. The define a stub implementation of + * the wrapped method and insert the caller provided code snippet + * as the body of the method. + */ + +# define VIR_MOCK_IMPL_RET_ARGS(name, rettype, ...) \ + rettype wrap_##name(VIR_MOCK_ARGTYPENAMES(__VA_ARGS__)); \ + static rettype (*real_##name)(VIR_MOCK_ARGTYPES(__VA_ARGS__)); \ + rettype wrap_##name(VIR_MOCK_ARGTYPENAMES_UNUSED(__VA_ARGS__)) + +# define VIR_MOCK_IMPL_INIT_REAL(name) \ + do { \ + if (real_##name == NULL && \ + !(real_##name = dlsym(RTLD_NEXT, \ + #name))) { \ + fprintf(stderr, "Missing symbol '" #name "'\n"); \ + abort(); \ + } \ + } while (0) + +# define VIR_MOCK_IMPL_RET_VOID(name, rettype) \ + rettype wrap_##name(void); \ + static rettype (*real_##name)(void); \ + rettype wrap_##name(void) + +# define VIR_MOCK_IMPL_VOID_ARGS(name, ...) \ + void wrap_##name(VIR_MOCK_ARGTYPENAMES(__VA_ARGS__)); \ + static void (*real_##name)(VIR_MOCK_ARGTYPES(__VA_ARGS__)); \ + void wrap_##name(VIR_MOCK_ARGTYPENAMES_UNUSED(__VA_ARGS__)) + +# define VIR_MOCK_IMPL_VOID_VOID(name) \ + void wrap_##name(void); \ + static void (*real_##name)(void); \ + void wrap_##name(void) + +#endif /* __VIR_MOCK_H__ */ diff --git a/tests/virmockdbus.c b/tests/virmockdbus.c new file mode 100644 index 000000000..8a01d9d27 --- /dev/null +++ b/tests/virmockdbus.c @@ -0,0 +1,64 @@ +/* + * virmockdbus.c: mocking of dbus message send/reply + * + * Copyright (C) 2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + * Author: Daniel P. Berrange <berrange@redhat.com> + */ + +#include <config.h> + +#ifdef WITH_DBUS +# include "virmock.h" +# include <dbus/dbus.h> + +VIR_MOCK_STUB_VOID_ARGS(dbus_connection_set_change_sigpipe, + dbus_bool_t, will_modify_sigpipe) + + +VIR_MOCK_STUB_RET_ARGS(dbus_bus_get, + DBusConnection *, (DBusConnection *)0x1, + DBusBusType, type, + DBusError *, error) + +VIR_MOCK_STUB_VOID_ARGS(dbus_connection_set_exit_on_disconnect, + DBusConnection *, connection, + dbus_bool_t, exit_on_disconnect) + +VIR_MOCK_STUB_RET_ARGS(dbus_connection_set_watch_functions, + dbus_bool_t, 1, + DBusConnection *, connection, + DBusAddWatchFunction, add_function, + DBusRemoveWatchFunction, remove_function, + DBusWatchToggledFunction, toggled_function, + void *, data, + DBusFreeFunction, free_data_function) + +VIR_MOCK_STUB_RET_ARGS(dbus_message_set_reply_serial, + dbus_bool_t, 1, + DBusMessage *, message, + dbus_uint32_t, serial) + + +VIR_MOCK_LINK_RET_ARGS(dbus_connection_send_with_reply_and_block, + DBusMessage *, + DBusConnection *, connection, + DBusMessage *, message, + int, timeout_milliseconds, + DBusError *, error) + +#endif /* WITH_DBUS */ diff --git a/tests/virnetdevbandwidthtest.c b/tests/virnetdevbandwidthtest.c index 3f68194b5..384991e1e 100644 --- a/tests/virnetdevbandwidthtest.c +++ b/tests/virnetdevbandwidthtest.c @@ -139,7 +139,7 @@ mymain(void) TC " qdisc add dev eth0 root handle 1: htb default 1\n" TC " class add dev eth0 parent 1: classid 1:1 htb rate 1024kbps\n" TC " qdisc add dev eth0 parent 1:1 handle 2: sfq perturb 10\n" - TC " filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1\n")); + TC " filter add dev eth0 parent 1:0 protocol all handle 1 fw flowid 1\n")); DO_TEST_SET(("<bandwidth>" " <outbound average='1024'/>" @@ -147,7 +147,7 @@ mymain(void) (TC " qdisc del dev eth0 root\n" TC " qdisc del dev eth0 ingress\n" TC " qdisc add dev eth0 ingress\n" - TC " filter add dev eth0 parent ffff: protocol ip u32 match ip src 0.0.0.0/0 " + TC " filter add dev eth0 parent ffff: protocol all u32 match u32 0 0 " "police rate 1024kbps burst 1024kb mtu 64kb drop flowid :1\n")); DO_TEST_SET(("<bandwidth>" @@ -159,9 +159,9 @@ mymain(void) TC " qdisc add dev eth0 root handle 1: htb default 1\n" TC " class add dev eth0 parent 1: classid 1:1 htb rate 1kbps ceil 2kbps burst 4kb\n" TC " qdisc add dev eth0 parent 1:1 handle 2: sfq perturb 10\n" - TC " filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1\n" + TC " filter add dev eth0 parent 1:0 protocol all handle 1 fw flowid 1\n" TC " qdisc add dev eth0 ingress\n" - TC " filter add dev eth0 parent ffff: protocol ip u32 match ip src 0.0.0.0/0 " + TC " filter add dev eth0 parent ffff: protocol all u32 match u32 0 0 " "police rate 5kbps burst 7kb mtu 64kb drop flowid :1\n")); return ret; diff --git a/tests/virpcimock.c b/tests/virpcimock.c index 033b7e9ad..0b4929073 100644 --- a/tests/virpcimock.c +++ b/tests/virpcimock.c @@ -136,10 +136,10 @@ struct fdCallback { }; struct pciDevice **pciDevices = NULL; -size_t nPciDevices = 0; +size_t nPCIDevices = 0; struct pciDriver **pciDrivers = NULL; -size_t nPciDrivers = 0; +size_t nPCIDrivers = 0; struct fdCallback *callbacks = NULL; size_t nCallbacks = 0; @@ -390,7 +390,7 @@ pci_device_new_from_stub(const struct pciDevice *data) if (pci_device_autobind(dev) < 0) ABORT("Unable to bind: %s", data->id); - if (VIR_APPEND_ELEMENT_QUIET(pciDevices, nPciDevices, dev) < 0) + if (VIR_APPEND_ELEMENT_QUIET(pciDevices, nPCIDevices, dev) < 0) ABORT_OOM(); VIR_FREE(devpath); @@ -401,7 +401,7 @@ static struct pciDevice * pci_device_find_by_id(const char *id) { size_t i; - for (i = 0; i < nPciDevices; i++) { + for (i = 0; i < nPCIDevices; i++) { struct pciDevice *dev = pciDevices[i]; if (STREQ(dev->id, id)) @@ -479,7 +479,7 @@ pci_driver_new(const char *name, int fail, ...) make_file(driverpath, "new_id", NULL, -1); make_file(driverpath, "remove_id", NULL, -1); - if (VIR_APPEND_ELEMENT_QUIET(pciDrivers, nPciDrivers, driver) < 0) + if (VIR_APPEND_ELEMENT_QUIET(pciDrivers, nPCIDrivers, driver) < 0) ABORT_OOM(); } @@ -488,7 +488,7 @@ pci_driver_find_by_dev(struct pciDevice *dev) { size_t i; - for (i = 0; i < nPciDrivers; i++) { + for (i = 0; i < nPCIDrivers; i++) { struct pciDriver *driver = pciDrivers[i]; size_t j; @@ -507,7 +507,7 @@ pci_driver_find_by_path(const char *path) { size_t i; - for (i = 0; i < nPciDrivers; i++) { + for (i = 0; i < nPCIDrivers; i++) { struct pciDriver *driver = pciDrivers[i]; if (strstr(path, driver->name)) @@ -709,7 +709,7 @@ pci_driver_handle_new_id(const char *path) driver->len++; } - for (i = 0; i < nPciDevices; i++) { + for (i = 0; i < nPCIDevices; i++) { struct pciDevice *dev = pciDevices[i]; if (!dev->driver && diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 2890651e9..018469a68 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Red Hat, Inc. + * Copyright (C) 2013-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -29,6 +29,7 @@ #include "virlog.h" #include "virstoragefile.h" #include "virstring.h" +#include "dirname.h" #define VIR_FROM_THIS VIR_FROM_NONE @@ -56,21 +57,27 @@ static char *canonraw; static char *absqcow2; static char *canonqcow2; static char *abswrap; +static char *canonwrap; static char *absqed; +static char *canonqed; +static char *absdir; +static char *canondir; static char *abslink2; static void testCleanupImages(void) { - virCommandPtr cmd; - VIR_FREE(qemuimg); VIR_FREE(absraw); VIR_FREE(canonraw); VIR_FREE(absqcow2); VIR_FREE(canonqcow2); VIR_FREE(abswrap); + VIR_FREE(canonwrap); VIR_FREE(absqed); + VIR_FREE(canonqed); + VIR_FREE(absdir); + VIR_FREE(canondir); VIR_FREE(abslink2); if (chdir(abs_builddir) < 0) { @@ -79,9 +86,45 @@ testCleanupImages(void) return; } - cmd = virCommandNewArgList("rm", "-rf", datadir, NULL); - ignore_value(virCommandRun(cmd, NULL)); - virCommandFree(cmd); + virFileDeleteTree(datadir); +} + + +static virStorageSourcePtr +testStorageFileGetMetadata(const char *path, + int format, + uid_t uid, gid_t gid, + bool allow_probe) +{ + virStorageSourcePtr ret = NULL; + + if (VIR_ALLOC(ret) < 0) + return NULL; + + ret->type = VIR_STORAGE_TYPE_FILE; + ret->format = format; + + if (VIR_STRDUP(ret->relPath, path) < 0) + goto error; + + if (!(ret->relDir = mdir_name(path))) { + virReportOOMError(); + goto error; + } + + if (!(ret->path = canonicalize_file_name(path))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "failed to resolve '%s'", path); + goto error; + } + + if (virStorageFileGetMetadata(ret, uid, gid, allow_probe) < 0) + goto error; + + return ret; + + error: + virStorageSourceFree(ret); + return NULL; } static int @@ -98,6 +141,9 @@ testPrepImages(void) if (!qemuimg) goto skip; + /* Clean up from any earlier failed tests */ + virFileDeleteTree(datadir); + /* See if qemu-img supports '-o compat=xxx'. If so, we force the * use of both v2 and v3 files; if not, it is v2 only but the test * still works. */ @@ -114,6 +160,7 @@ testPrepImages(void) virAsprintf(&absqcow2, "%s/qcow2", datadir) < 0 || virAsprintf(&abswrap, "%s/wrap", datadir) < 0 || virAsprintf(&absqed, "%s/qed", datadir) < 0 || + virAsprintf(&absdir, "%s/dir", datadir) < 0 || virAsprintf(&abslink2, "%s/sub/link2", datadir) < 0) goto cleanup; @@ -121,6 +168,14 @@ testPrepImages(void) fprintf(stderr, "unable to create directory %s\n", datadir "/sub"); goto cleanup; } + if (virFileMakePath(datadir "/dir") < 0) { + fprintf(stderr, "unable to create directory %s\n", datadir "/dir"); + goto cleanup; + } + if (!(canondir = canonicalize_file_name(absdir))) { + virReportOOMError(); + goto cleanup; + } if (chdir(datadir) < 0) { fprintf(stderr, "unable to test relative backing chains\n"); @@ -166,6 +221,10 @@ testPrepImages(void) virCommandAddArg(cmd, "wrap"); if (virCommandRun(cmd, NULL) < 0) goto skip; + if (!(canonwrap = canonicalize_file_name(abswrap))) { + virReportOOMError(); + goto cleanup; + } /* Create a qed file. */ virCommandFree(cmd); @@ -175,6 +234,10 @@ testPrepImages(void) virCommandAddArg(cmd, "qed"); if (virCommandRun(cmd, NULL) < 0) goto skip; + if (!(canonqed = canonicalize_file_name(absqed))) { + virReportOOMError(); + goto cleanup; + } #ifdef HAVE_SYMLINK /* Create some symlinks in a sub-directory. */ @@ -199,16 +262,25 @@ testPrepImages(void) goto cleanup; } +/* Many fields of virStorageFileMetadata have the same content whether + * we access the file relatively or absolutely; but file names differ + * depending on how the chain was opened. For ease of testing, we + * test both relative and absolute starts, and use a flag to say which + * of the two variations to compare against. */ typedef struct _testFileData testFileData; struct _testFileData { const char *expBackingStore; const char *expBackingStoreRaw; - const char *expDirectory; - enum virStorageFileFormat expFormat; - bool expIsFile; unsigned long long expCapacity; bool expEncrypted; + const char *pathRel; + const char *pathAbs; + const char *path; + const char *relDirRel; + const char *relDirAbs; + int type; + int format; }; enum { @@ -216,13 +288,14 @@ enum { EXP_FAIL = 1, EXP_WARN = 2, ALLOW_PROBE = 4, + ABS_START = 8, }; struct testChainData { const char *start; enum virStorageFileFormat format; - const testFileData *files; + const testFileData *files[4]; int nfiles; unsigned int flags; }; @@ -232,12 +305,14 @@ testStorageChain(const void *args) { const struct testChainData *data = args; int ret = -1; - virStorageFileMetadataPtr meta; - virStorageFileMetadataPtr elt; + virStorageSourcePtr meta; + virStorageSourcePtr elt; size_t i = 0; + char *broken = NULL; + bool isAbs = !!(data->flags & ABS_START); - meta = virStorageFileGetMetadata(data->start, data->format, -1, -1, - (data->flags & ALLOW_PROBE) != 0); + meta = testStorageFileGetMetadata(data->start, data->format, -1, -1, + (data->flags & ALLOW_PROBE) != 0); if (!meta) { if (data->flags & EXP_FAIL) { virResetLastError(); @@ -254,42 +329,65 @@ testStorageChain(const void *args) goto cleanup; } virResetLastError(); - } else if (virGetLastError()) { - fprintf(stderr, "call should not have warned\n"); - goto cleanup; + if (virStorageFileChainGetBroken(meta, &broken) || !broken) { + fprintf(stderr, "call should identify broken part of chain\n"); + goto cleanup; + } + } else { + if (virGetLastError()) { + fprintf(stderr, "call should not have warned\n"); + goto cleanup; + } + if (virStorageFileChainGetBroken(meta, &broken) || broken) { + fprintf(stderr, "chain should not be identified as broken\n"); + goto cleanup; + } } elt = meta; while (elt) { char *expect = NULL; char *actual = NULL; + const char *expPath; + const char *expRelDir; if (i == data->nfiles) { fprintf(stderr, "probed chain was too long\n"); goto cleanup; } + expPath = isAbs ? data->files[i]->pathAbs + : data->files[i]->pathRel; + expRelDir = isAbs ? data->files[i]->relDirAbs + : data->files[i]->relDirRel; if (virAsprintf(&expect, - "store:%s\nraw:%s\ndirectory:%s\nother:%d %d %lld %d", - NULLSTR(data->files[i].expBackingStore), - NULLSTR(data->files[i].expBackingStoreRaw), - NULLSTR(data->files[i].expDirectory), - data->files[i].expFormat, - data->files[i].expIsFile, - data->files[i].expCapacity, - data->files[i].expEncrypted) < 0 || + "store:%s\nraw:%s\nother:%lld %d\n" + "relPath:%s\npath:%s\nrelDir:%s\ntype:%d %d\n", + NULLSTR(data->files[i]->expBackingStore), + NULLSTR(data->files[i]->expBackingStoreRaw), + data->files[i]->expCapacity, + data->files[i]->expEncrypted, + NULLSTR(expPath), + NULLSTR(data->files[i]->path), + NULLSTR(expRelDir), + data->files[i]->type, + data->files[i]->format) < 0 || virAsprintf(&actual, - "store:%s\nraw:%s\ndirectory:%s\nother:%d %d %lld %d", - NULLSTR(elt->backingStore), + "store:%s\nraw:%s\nother:%lld %d\n" + "relPath:%s\npath:%s\nrelDir:%s\ntype:%d %d\n", + NULLSTR(elt->backingStore ? elt->backingStore->path : NULL), NULLSTR(elt->backingStoreRaw), - NULLSTR(elt->directory), - elt->backingStoreFormat, elt->backingStoreIsFile, - elt->capacity, elt->encrypted) < 0) { + elt->capacity, !!elt->encryption, + NULLSTR(elt->relPath), + NULLSTR(elt->path), + NULLSTR(elt->relDir), + elt->type, elt->format) < 0) { VIR_FREE(expect); VIR_FREE(actual); goto cleanup; } if (STRNEQ(expect, actual)) { + fprintf(stderr, "chain member %zu", i); virtTestDifference(stderr, expect, actual); VIR_FREE(expect); VIR_FREE(actual); @@ -297,7 +395,7 @@ testStorageChain(const void *args) } VIR_FREE(expect); VIR_FREE(actual); - elt = elt->backingMeta; + elt = elt->backingStore; i++; } if (i != data->nfiles) { @@ -307,7 +405,98 @@ testStorageChain(const void *args) ret = 0; cleanup: - virStorageFileFreeMetadata(meta); + VIR_FREE(broken); + virStorageSourceFree(meta); + return ret; +} + +struct testLookupData +{ + virStorageSourcePtr chain; + const char *target; + const char *name; + unsigned int expIndex; + const char *expResult; + virStorageSourcePtr expMeta; + const char *expParent; +}; + +static int +testStorageLookup(const void *args) +{ + const struct testLookupData *data = args; + int ret = 0; + virStorageSourcePtr result; + const char *actualParent; + unsigned int idx; + + if (virStorageFileParseChainIndex(data->target, data->name, &idx) < 0 && + data->expIndex) { + fprintf(stderr, "call should not have failed\n"); + ret = -1; + } + if (idx != data->expIndex) { + fprintf(stderr, "index: expected %u, got %u\n", data->expIndex, idx); + ret = -1; + } + + /* Test twice to ensure optional parameter doesn't cause NULL deref. */ + result = virStorageFileChainLookup(data->chain, NULL, + idx ? NULL : data->name, + idx, NULL); + + if (!data->expResult) { + if (!virGetLastError()) { + fprintf(stderr, "call should have failed\n"); + ret = -1; + } + virResetLastError(); + } else { + if (virGetLastError()) { + fprintf(stderr, "call should not have warned\n"); + ret = -1; + } + } + + if (!result) { + if (data->expResult) { + fprintf(stderr, "result 1: expected %s, got NULL\n", + data->expResult); + ret = -1; + } + } else if (STRNEQ_NULLABLE(data->expResult, result->path)) { + fprintf(stderr, "result 1: expected %s, got %s\n", + NULLSTR(data->expResult), NULLSTR(result->path)); + ret = -1; + } + + result = virStorageFileChainLookup(data->chain, data->chain, + data->name, idx, &actualParent); + if (!data->expResult) + virResetLastError(); + + if (!result) { + if (data->expResult) { + fprintf(stderr, "result 2: expected %s, got NULL\n", + data->expResult); + ret = -1; + } + } else if (STRNEQ_NULLABLE(data->expResult, result->path)) { + fprintf(stderr, "result 2: expected %s, got %s\n", + NULLSTR(data->expResult), NULLSTR(result->path)); + ret = -1; + } + if (data->expMeta != result) { + fprintf(stderr, "meta: expected %p, got %p\n", + data->expMeta, result); + ret = -1; + } + if (STRNEQ_NULLABLE(data->expParent, actualParent)) { + fprintf(stderr, "parent: expected %s, got %s\n", + NULLSTR(data->expParent), NULLSTR(actualParent)); + ret = -1; + } + return ret; } @@ -316,123 +505,104 @@ mymain(void) { int ret; virCommandPtr cmd = NULL; + struct testChainData data; + virStorageSourcePtr chain = NULL; /* Prep some files with qemu-img; if that is not found on PATH, or * if it lacks support for qcow2 and qed, skip this test. */ if ((ret = testPrepImages()) != 0) return ret; -#define TEST_ONE_CHAIN(id, start, format, chain, flags) \ +#define TEST_ONE_CHAIN(id, start, format, flags, ...) \ do { \ - struct testChainData data = { \ - start, format, chain, ARRAY_CARDINALITY(chain), flags, \ + size_t i; \ + memset(&data, 0, sizeof(data)); \ + data = (struct testChainData){ \ + start, format, { __VA_ARGS__ }, 0, flags, \ }; \ + for (i = 0; i < ARRAY_CARDINALITY(data.files); i++) \ + if (data.files[i]) \ + data.nfiles++; \ if (virtTestRun("Storage backing chain " id, \ testStorageChain, &data) < 0) \ ret = -1; \ } while (0) +#define VIR_FLATTEN_2(...) __VA_ARGS__ +#define VIR_FLATTEN_1(_1) VIR_FLATTEN_2 _1 + #define TEST_CHAIN(id, relstart, absstart, format, chain1, flags1, \ chain2, flags2, chain3, flags3, chain4, flags4) \ do { \ - TEST_ONE_CHAIN(#id "a", relstart, format, chain1, flags1); \ - TEST_ONE_CHAIN(#id "b", relstart, format, chain2, flags2); \ - TEST_ONE_CHAIN(#id "c", absstart, format, chain3, flags3); \ - TEST_ONE_CHAIN(#id "d", absstart, format, chain4, flags4); \ + TEST_ONE_CHAIN(#id "a", relstart, format, flags1, \ + VIR_FLATTEN_1(chain1)); \ + TEST_ONE_CHAIN(#id "b", relstart, format, flags2, \ + VIR_FLATTEN_1(chain2)); \ + TEST_ONE_CHAIN(#id "c", absstart, format, flags3 | ABS_START,\ + VIR_FLATTEN_1(chain3)); \ + TEST_ONE_CHAIN(#id "d", absstart, format, flags4 | ABS_START,\ + VIR_FLATTEN_1(chain4)); \ } while (0) - /* Expected details about files in chains */ - const testFileData raw = { - NULL, NULL, NULL, VIR_STORAGE_FILE_NONE, false, 0, false, - }; - const testFileData qcow2_relback_relstart = { - canonraw, "raw", ".", VIR_STORAGE_FILE_RAW, true, 1024, false, - }; - const testFileData qcow2_relback_absstart = { - canonraw, "raw", datadir, VIR_STORAGE_FILE_RAW, true, 1024, false, - }; - const testFileData qcow2_absback = { - canonraw, absraw, datadir, VIR_STORAGE_FILE_RAW, true, 1024, false, - }; - const testFileData qcow2_as_probe = { - canonraw, absraw, datadir, VIR_STORAGE_FILE_AUTO, true, 1024, false, - }; - const testFileData qcow2_bogus = { - NULL, datadir "/bogus", datadir, VIR_STORAGE_FILE_NONE, - false, 1024, false, - }; - const testFileData qcow2_protocol = { - "nbd:example.org:6000", NULL, NULL, VIR_STORAGE_FILE_RAW, - false, 1024, false, - }; - const testFileData wrap = { - canonqcow2, absqcow2, datadir, VIR_STORAGE_FILE_QCOW2, - true, 1024, false, - }; - const testFileData wrap_as_raw = { - canonqcow2, absqcow2, datadir, VIR_STORAGE_FILE_RAW, - true, 1024, false, - }; - const testFileData wrap_as_probe = { - canonqcow2, absqcow2, datadir, VIR_STORAGE_FILE_AUTO, - true, 1024, false, - }; - const testFileData qed = { - canonraw, absraw, datadir, VIR_STORAGE_FILE_RAW, - true, 1024, false, - }; -#if HAVE_SYMLINK - const testFileData link1_rel = { - canonraw, "../raw", "sub/../sub/..", VIR_STORAGE_FILE_RAW, - true, 1024, false, - }; - const testFileData link1_abs = { - canonraw, "../raw", datadir "/sub/../sub/..", VIR_STORAGE_FILE_RAW, - true, 1024, false, - }; - const testFileData link2_rel = { - canonqcow2, "../sub/link1", "sub/../sub", VIR_STORAGE_FILE_QCOW2, - true, 1024, false, - }; - const testFileData link2_abs = { - canonqcow2, "../sub/link1", datadir "/sub/../sub", - VIR_STORAGE_FILE_QCOW2, true, 1024, false, - }; -#endif - /* The actual tests, in several groups. */ /* Missing file */ - const testFileData chain0[] = { }; - TEST_ONE_CHAIN("0", "bogus", VIR_STORAGE_FILE_RAW, chain0, EXP_FAIL); + TEST_ONE_CHAIN("0", "bogus", VIR_STORAGE_FILE_RAW, EXP_FAIL); /* Raw image, whether with right format or no specified format */ - const testFileData chain1[] = { raw }; + testFileData raw = { + .pathRel = "raw", + .pathAbs = canonraw, + .path = canonraw, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_RAW, + }; TEST_CHAIN(1, "raw", absraw, VIR_STORAGE_FILE_RAW, - chain1, EXP_PASS, - chain1, ALLOW_PROBE | EXP_PASS, - chain1, EXP_PASS, - chain1, ALLOW_PROBE | EXP_PASS); + (&raw), EXP_PASS, + (&raw), ALLOW_PROBE | EXP_PASS, + (&raw), EXP_PASS, + (&raw), ALLOW_PROBE | EXP_PASS); TEST_CHAIN(2, "raw", absraw, VIR_STORAGE_FILE_AUTO, - chain1, EXP_PASS, - chain1, ALLOW_PROBE | EXP_PASS, - chain1, EXP_PASS, - chain1, ALLOW_PROBE | EXP_PASS); + (&raw), EXP_PASS, + (&raw), ALLOW_PROBE | EXP_PASS, + (&raw), EXP_PASS, + (&raw), ALLOW_PROBE | EXP_PASS); /* Qcow2 file with relative raw backing, format provided */ - const testFileData chain3a[] = { qcow2_relback_relstart, raw }; - const testFileData chain3c[] = { qcow2_relback_absstart, raw }; - const testFileData chain4a[] = { raw }; + raw.pathAbs = "raw"; + testFileData qcow2 = { + .expBackingStore = canonraw, + .expBackingStoreRaw = "raw", + .expCapacity = 1024, + .pathRel = "qcow2", + .pathAbs = canonqcow2, + .path = canonqcow2, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_QCOW2, + }; + testFileData qcow2_as_raw = { + .pathRel = "qcow2", + .pathAbs = canonqcow2, + .path = canonqcow2, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_RAW, + }; TEST_CHAIN(3, "qcow2", absqcow2, VIR_STORAGE_FILE_QCOW2, - chain3a, EXP_PASS, - chain3a, ALLOW_PROBE | EXP_PASS, - chain3c, EXP_PASS, - chain3c, ALLOW_PROBE | EXP_PASS); + (&qcow2, &raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS, + (&qcow2, &raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS); TEST_CHAIN(4, "qcow2", absqcow2, VIR_STORAGE_FILE_AUTO, - chain4a, EXP_PASS, - chain3a, ALLOW_PROBE | EXP_PASS, - chain4a, EXP_PASS, - chain3c, ALLOW_PROBE | EXP_PASS); + (&qcow2_as_raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS, + (&qcow2_as_raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS); /* Rewrite qcow2 file to use absolute backing name */ virCommandFree(cmd); @@ -440,28 +610,43 @@ mymain(void) "-F", "raw", "-b", absraw, "qcow2", NULL); if (virCommandRun(cmd, NULL) < 0) ret = -1; + qcow2.expBackingStoreRaw = absraw; + raw.pathRel = absraw; + raw.pathAbs = absraw; + raw.relDirRel = datadir; /* Qcow2 file with raw as absolute backing, backing format provided */ - const testFileData chain5[] = { qcow2_absback, raw }; - const testFileData chain6[] = { raw }; TEST_CHAIN(5, "qcow2", absqcow2, VIR_STORAGE_FILE_QCOW2, - chain5, EXP_PASS, - chain5, ALLOW_PROBE | EXP_PASS, - chain5, EXP_PASS, - chain5, ALLOW_PROBE | EXP_PASS); + (&qcow2, &raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS, + (&qcow2, &raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS); TEST_CHAIN(6, "qcow2", absqcow2, VIR_STORAGE_FILE_AUTO, - chain6, EXP_PASS, - chain5, ALLOW_PROBE | EXP_PASS, - chain6, EXP_PASS, - chain5, ALLOW_PROBE | EXP_PASS); + (&qcow2_as_raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS, + (&qcow2_as_raw), EXP_PASS, + (&qcow2, &raw), ALLOW_PROBE | EXP_PASS); /* Wrapped file access */ - const testFileData chain7[] = { wrap, qcow2_absback, raw }; + testFileData wrap = { + .expBackingStore = canonqcow2, + .expBackingStoreRaw = absqcow2, + .expCapacity = 1024, + .pathRel = "wrap", + .pathAbs = abswrap, + .path = canonwrap, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_QCOW2, + }; + qcow2.pathRel = absqcow2; + qcow2.relDirRel = datadir; TEST_CHAIN(7, "wrap", abswrap, VIR_STORAGE_FILE_QCOW2, - chain7, EXP_PASS, - chain7, ALLOW_PROBE | EXP_PASS, - chain7, EXP_PASS, - chain7, ALLOW_PROBE | EXP_PASS); + (&wrap, &qcow2, &raw), EXP_PASS, + (&wrap, &qcow2, &raw), ALLOW_PROBE | EXP_PASS, + (&wrap, &qcow2, &raw), EXP_PASS, + (&wrap, &qcow2, &raw), ALLOW_PROBE | EXP_PASS); /* Rewrite qcow2 and wrap file to omit backing file type */ virCommandFree(cmd); @@ -475,15 +660,27 @@ mymain(void) "-b", absqcow2, "wrap", NULL); if (virCommandRun(cmd, NULL) < 0) ret = -1; + qcow2_as_raw.pathRel = absqcow2; + qcow2_as_raw.relDirRel = datadir; /* Qcow2 file with raw as absolute backing, backing format omitted */ - const testFileData chain8a[] = { wrap_as_raw, raw }; - const testFileData chain8b[] = { wrap_as_probe, qcow2_as_probe, raw }; + testFileData wrap_as_raw = { + .expBackingStore = canonqcow2, + .expBackingStoreRaw = absqcow2, + .expCapacity = 1024, + .pathRel = "wrap", + .pathAbs = abswrap, + .path = canonwrap, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_QCOW2, + }; TEST_CHAIN(8, "wrap", abswrap, VIR_STORAGE_FILE_QCOW2, - chain8a, EXP_PASS, - chain8b, ALLOW_PROBE | EXP_PASS, - chain8a, EXP_PASS, - chain8b, ALLOW_PROBE | EXP_PASS); + (&wrap_as_raw, &qcow2_as_raw), EXP_PASS, + (&wrap, &qcow2, &raw), ALLOW_PROBE | EXP_PASS, + (&wrap_as_raw, &qcow2_as_raw), EXP_PASS, + (&wrap, &qcow2, &raw), ALLOW_PROBE | EXP_PASS); /* Rewrite qcow2 to a missing backing file, with backing type */ virCommandFree(cmd); @@ -492,14 +689,17 @@ mymain(void) "qcow2", NULL); if (virCommandRun(cmd, NULL) < 0) ret = -1; + qcow2.expBackingStore = NULL; + qcow2.expBackingStoreRaw = datadir "/bogus"; + qcow2.pathRel = "qcow2"; + qcow2.relDirRel = "."; /* Qcow2 file with missing backing file but specified type */ - const testFileData chain9[] = { qcow2_bogus }; TEST_CHAIN(9, "qcow2", absqcow2, VIR_STORAGE_FILE_QCOW2, - chain9, EXP_WARN, - chain9, ALLOW_PROBE | EXP_WARN, - chain9, EXP_WARN, - chain9, ALLOW_PROBE | EXP_WARN); + (&qcow2), EXP_WARN, + (&qcow2), ALLOW_PROBE | EXP_WARN, + (&qcow2), EXP_WARN, + (&qcow2), ALLOW_PROBE | EXP_WARN); /* Rewrite qcow2 to a missing backing file, without backing type */ virCommandFree(cmd); @@ -509,12 +709,11 @@ mymain(void) ret = -1; /* Qcow2 file with missing backing file and no specified type */ - const testFileData chain10[] = { qcow2_bogus }; TEST_CHAIN(10, "qcow2", absqcow2, VIR_STORAGE_FILE_QCOW2, - chain10, EXP_WARN, - chain10, ALLOW_PROBE | EXP_WARN, - chain10, EXP_WARN, - chain10, ALLOW_PROBE | EXP_WARN); + (&qcow2), EXP_WARN, + (&qcow2), ALLOW_PROBE | EXP_WARN, + (&qcow2), EXP_WARN, + (&qcow2), ALLOW_PROBE | EXP_WARN); /* Rewrite qcow2 to use an nbd: protocol as backend */ virCommandFree(cmd); @@ -523,23 +722,71 @@ mymain(void) "qcow2", NULL); if (virCommandRun(cmd, NULL) < 0) ret = -1; + qcow2.expBackingStore = "nbd:example.org:6000"; + qcow2.expBackingStoreRaw = "nbd:example.org:6000"; /* Qcow2 file with backing protocol instead of file */ - const testFileData chain11[] = { qcow2_protocol }; + testFileData nbd = { + .pathRel = "nbd:example.org:6000", + .pathAbs = "nbd:example.org:6000", + .path = "nbd:example.org:6000", + .type = VIR_STORAGE_TYPE_NETWORK, + .format = VIR_STORAGE_FILE_RAW, + }; TEST_CHAIN(11, "qcow2", absqcow2, VIR_STORAGE_FILE_QCOW2, - chain11, EXP_PASS, - chain11, ALLOW_PROBE | EXP_PASS, - chain11, EXP_PASS, - chain11, ALLOW_PROBE | EXP_PASS); + (&qcow2, &nbd), EXP_PASS, + (&qcow2, &nbd), ALLOW_PROBE | EXP_PASS, + (&qcow2, &nbd), EXP_PASS, + (&qcow2, &nbd), ALLOW_PROBE | EXP_PASS); /* qed file */ - const testFileData chain12a[] = { raw }; - const testFileData chain12b[] = { qed, raw }; + testFileData qed = { + .expBackingStore = canonraw, + .expBackingStoreRaw = absraw, + .expCapacity = 1024, + .pathRel = "qed", + .pathAbs = absqed, + .path = canonqed, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_QED, + }; + testFileData qed_as_raw = { + .pathRel = "qed", + .pathAbs = absqed, + .path = canonqed, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_RAW, + }; TEST_CHAIN(12, "qed", absqed, VIR_STORAGE_FILE_AUTO, - chain12a, EXP_PASS, - chain12b, ALLOW_PROBE | EXP_PASS, - chain12a, EXP_PASS, - chain12b, ALLOW_PROBE | EXP_PASS); + (&qed_as_raw), EXP_PASS, + (&qed, &raw), ALLOW_PROBE | EXP_PASS, + (&qed_as_raw), EXP_PASS, + (&qed, &raw), ALLOW_PROBE | EXP_PASS); + + /* directory */ + testFileData dir = { + .pathRel = "dir", + .pathAbs = absdir, + .path = canondir, + .relDirRel = ".", + .relDirAbs = datadir, + .type = VIR_STORAGE_TYPE_DIR, + .format = VIR_STORAGE_FILE_DIR, + }; + TEST_CHAIN(13, "dir", absdir, VIR_STORAGE_FILE_AUTO, + (&dir), EXP_PASS, + (&dir), ALLOW_PROBE | EXP_PASS, + (&dir), EXP_PASS, + (&dir), ALLOW_PROBE | EXP_PASS); + TEST_CHAIN(14, "dir", absdir, VIR_STORAGE_FILE_DIR, + (&dir), EXP_PASS, + (&dir), ALLOW_PROBE | EXP_PASS, + (&dir), EXP_PASS, + (&dir), ALLOW_PROBE | EXP_PASS); #ifdef HAVE_SYMLINK /* Rewrite qcow2 and wrap file to use backing names relative to a @@ -558,16 +805,206 @@ mymain(void) ret = -1; /* Behavior of symlinks to qcow2 with relative backing files */ - const testFileData chain13a[] = { link2_rel, link1_rel, raw }; - const testFileData chain13c[] = { link2_abs, link1_abs, raw }; - TEST_CHAIN(13, "sub/link2", abslink2, VIR_STORAGE_FILE_QCOW2, - chain13a, EXP_PASS, - chain13a, ALLOW_PROBE | EXP_PASS, - chain13c, EXP_PASS, - chain13c, ALLOW_PROBE | EXP_PASS); + testFileData link1 = { + .expBackingStore = canonraw, + .expBackingStoreRaw = "../raw", + .expCapacity = 1024, + .pathRel = "../sub/link1", + .pathAbs = "../sub/link1", + .path = canonqcow2, + .relDirRel = "sub/../sub", + .relDirAbs = datadir "/sub/../sub", + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_QCOW2, + }; + testFileData link2 = { + .expBackingStore = canonqcow2, + .expBackingStoreRaw = "../sub/link1", + .expCapacity = 1024, + .pathRel = "sub/link2", + .pathAbs = abslink2, + .path = canonwrap, + .relDirRel = "sub", + .relDirAbs = datadir "/sub", + .type = VIR_STORAGE_TYPE_FILE, + .format = VIR_STORAGE_FILE_QCOW2, + }; + raw.pathRel = "../raw"; + raw.pathAbs = "../raw"; + raw.relDirRel = "sub/../sub/.."; + raw.relDirAbs = datadir "/sub/../sub/.."; + TEST_CHAIN(15, "sub/link2", abslink2, VIR_STORAGE_FILE_QCOW2, + (&link2, &link1, &raw), EXP_PASS, + (&link2, &link1, &raw), ALLOW_PROBE | EXP_PASS, + (&link2, &link1, &raw), EXP_PASS, + (&link2, &link1, &raw), ALLOW_PROBE | EXP_PASS); #endif + /* Rewrite qcow2 to be a self-referential loop */ + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "qcow2", "-b", "qcow2", "qcow2", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + qcow2.expBackingStore = NULL; + qcow2.expBackingStoreRaw = "qcow2"; + + /* Behavior of an infinite loop chain */ + TEST_CHAIN(16, "qcow2", absqcow2, VIR_STORAGE_FILE_QCOW2, + (&qcow2), EXP_WARN, + (&qcow2), ALLOW_PROBE | EXP_WARN, + (&qcow2), EXP_WARN, + (&qcow2), ALLOW_PROBE | EXP_WARN); + + /* Rewrite wrap and qcow2 to be mutually-referential loop */ + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "qcow2", "-b", "wrap", "qcow2", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "qcow2", "-b", absqcow2, "wrap", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + qcow2.expBackingStoreRaw = "wrap"; + qcow2.pathRel = absqcow2; + qcow2.relDirRel = datadir; + + /* Behavior of an infinite loop chain */ + TEST_CHAIN(17, "wrap", abswrap, VIR_STORAGE_FILE_QCOW2, + (&wrap, &qcow2), EXP_WARN, + (&wrap, &qcow2), ALLOW_PROBE | EXP_WARN, + (&wrap, &qcow2), EXP_WARN, + (&wrap, &qcow2), ALLOW_PROBE | EXP_WARN); + + /* Rewrite wrap and qcow2 back to 3-deep chain, absolute backing */ + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "qcow2", "-b", absraw, "qcow2", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + + /* Test behavior of chain lookups, absolute backing from relative start */ + chain = testStorageFileGetMetadata("wrap", VIR_STORAGE_FILE_QCOW2, + -1, -1, false); + if (!chain) { + ret = -1; + goto cleanup; + } + +#define TEST_LOOKUP_TARGET(id, target, name, index, result, meta, parent) \ + do { \ + struct testLookupData data2 = { chain, target, name, index, \ + result, meta, parent, }; \ + if (virtTestRun("Chain lookup " #id, \ + testStorageLookup, &data2) < 0) \ + ret = -1; \ + } while (0) +#define TEST_LOOKUP(id, name, result, meta, parent) \ + TEST_LOOKUP_TARGET(id, NULL, name, 0, result, meta, parent) + + TEST_LOOKUP(0, "bogus", NULL, NULL, NULL); + TEST_LOOKUP(1, "wrap", chain->path, chain, NULL); + TEST_LOOKUP(2, abswrap, chain->path, chain, NULL); + TEST_LOOKUP(3, "qcow2", chain->backingStore->path, chain->backingStore, + chain->path); + TEST_LOOKUP(4, absqcow2, chain->backingStore->path, chain->backingStore, + chain->path); + TEST_LOOKUP(5, "raw", chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + TEST_LOOKUP(6, absraw, chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + TEST_LOOKUP(7, NULL, chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + + /* Rewrite wrap and qcow2 back to 3-deep chain, relative backing */ + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "raw", "-b", "raw", "qcow2", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "qcow2", "-b", "qcow2", "wrap", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + + /* Test behavior of chain lookups, relative backing from absolute start */ + virStorageSourceFree(chain); + chain = testStorageFileGetMetadata(abswrap, VIR_STORAGE_FILE_QCOW2, + -1, -1, false); + if (!chain) { + ret = -1; + goto cleanup; + } + + TEST_LOOKUP(8, "bogus", NULL, NULL, NULL); + TEST_LOOKUP(9, "wrap", chain->path, chain, NULL); + TEST_LOOKUP(10, abswrap, chain->path, chain, NULL); + TEST_LOOKUP(11, "qcow2", chain->backingStore->path, chain->backingStore, + chain->path); + TEST_LOOKUP(12, absqcow2, chain->backingStore->path, chain->backingStore, + chain->path); + TEST_LOOKUP(13, "raw", chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + TEST_LOOKUP(14, absraw, chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + TEST_LOOKUP(15, NULL, chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + + /* Use link to wrap with cross-directory relative backing */ + virCommandFree(cmd); + cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2", + "-F", "qcow2", "-b", "../qcow2", "wrap", NULL); + if (virCommandRun(cmd, NULL) < 0) + ret = -1; + + /* Test behavior of chain lookups, relative backing */ + virStorageSourceFree(chain); + chain = testStorageFileGetMetadata("sub/link2", VIR_STORAGE_FILE_QCOW2, + -1, -1, false); + if (!chain) { + ret = -1; + goto cleanup; + } + + TEST_LOOKUP(16, "bogus", NULL, NULL, NULL); + TEST_LOOKUP(17, "sub/link2", chain->path, chain, NULL); + TEST_LOOKUP(18, "wrap", chain->path, chain, NULL); + TEST_LOOKUP(19, abswrap, chain->path, chain, NULL); + TEST_LOOKUP(20, "../qcow2", chain->backingStore->path, chain->backingStore, + chain->path); + TEST_LOOKUP(21, "qcow2", NULL, NULL, NULL); + TEST_LOOKUP(22, absqcow2, chain->backingStore->path, chain->backingStore, + chain->path); + TEST_LOOKUP(23, "raw", chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + TEST_LOOKUP(24, absraw, chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + TEST_LOOKUP(25, NULL, chain->backingStore->backingStore->path, + chain->backingStore->backingStore, chain->backingStore->path); + + TEST_LOOKUP_TARGET(26, "vda", "bogus[1]", 0, NULL, NULL, NULL); + TEST_LOOKUP_TARGET(27, "vda", "vda[-1]", 0, NULL, NULL, NULL); + TEST_LOOKUP_TARGET(28, "vda", "vda[1][1]", 0, NULL, NULL, NULL); + TEST_LOOKUP_TARGET(29, "vda", "wrap", 0, chain->path, chain, NULL); + TEST_LOOKUP_TARGET(30, "vda", "vda[0]", 0, NULL, NULL, NULL); + TEST_LOOKUP_TARGET(31, "vda", "vda[1]", 1, + chain->backingStore->path, + chain->backingStore, + chain->path); + TEST_LOOKUP_TARGET(32, "vda", "vda[2]", 2, + chain->backingStore->backingStore->path, + chain->backingStore->backingStore, + chain->backingStore->path); + TEST_LOOKUP_TARGET(33, "vda", "vda[3]", 3, NULL, NULL, NULL); + + cleanup: /* Final cleanup */ + virStorageSourceFree(chain); testCleanupImages(); virCommandFree(cmd); diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c deleted file mode 100644 index 23167dbac..000000000 --- a/tests/virsystemdmock.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library. If not, see - * <http://www.gnu.org/licenses/>. - * - * Author: Daniel P. Berrange <berrange@redhat.com> - */ - -#include <config.h> - -#ifdef __linux__ -# include "internal.h" - -# include <stdlib.h> - -# include <dbus/dbus.h> - -void dbus_connection_set_change_sigpipe(dbus_bool_t will_modify_sigpipe ATTRIBUTE_UNUSED) -{ -} - -DBusConnection *dbus_bus_get(DBusBusType type ATTRIBUTE_UNUSED, - DBusError *error ATTRIBUTE_UNUSED) -{ - return (DBusConnection *)0x1; -} - -void dbus_connection_set_exit_on_disconnect(DBusConnection *connection ATTRIBUTE_UNUSED, - dbus_bool_t exit_on_disconnect ATTRIBUTE_UNUSED) -{ -} - - -dbus_bool_t dbus_connection_set_watch_functions(DBusConnection *connection ATTRIBUTE_UNUSED, - DBusAddWatchFunction add_function ATTRIBUTE_UNUSED, - DBusRemoveWatchFunction remove_function ATTRIBUTE_UNUSED, - DBusWatchToggledFunction toggled_function ATTRIBUTE_UNUSED, - void *data ATTRIBUTE_UNUSED, - DBusFreeFunction free_data_function ATTRIBUTE_UNUSED) -{ - return 1; -} - -dbus_bool_t dbus_message_set_reply_serial(DBusMessage *message ATTRIBUTE_UNUSED, - dbus_uint32_t serial ATTRIBUTE_UNUSED) -{ - return 1; -} - -DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connection ATTRIBUTE_UNUSED, - DBusMessage *message, - int timeout_milliseconds ATTRIBUTE_UNUSED, - DBusError *error ATTRIBUTE_UNUSED) -{ - DBusMessage *reply = NULL; - const char *service = dbus_message_get_destination(message); - const char *member = dbus_message_get_member(message); - - if (STREQ(service, "org.freedesktop.machine1")) { - if (getenv("FAIL_BAD_SERVICE")) { - dbus_set_error_const(error, - "org.freedesktop.systemd.badthing", - "Something went wrong creating the machine"); - } else { - reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); - } - } else if (STREQ(service, "org.freedesktop.DBus") && - STREQ(member, "ListActivatableNames")) { - const char *svc1 = "org.foo.bar.wizz"; - const char *svc2 = "org.freedesktop.machine1"; - DBusMessageIter iter, sub; - reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); - dbus_message_iter_init_append(reply, &iter); - dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, - "s", &sub); - - if (!dbus_message_iter_append_basic(&sub, - DBUS_TYPE_STRING, - &svc1)) - goto error; - if (!getenv("FAIL_NO_SERVICE") && - !dbus_message_iter_append_basic(&sub, - DBUS_TYPE_STRING, - &svc2)) - goto error; - dbus_message_iter_close_container(&iter, &sub); - } else if (STREQ(service, "org.freedesktop.DBus") && - STREQ(member, "ListNames")) { - const char *svc1 = "org.foo.bar.wizz"; - const char *svc2 = "org.freedesktop.systemd1"; - DBusMessageIter iter, sub; - reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); - dbus_message_iter_init_append(reply, &iter); - dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, - "s", &sub); - - if (!dbus_message_iter_append_basic(&sub, - DBUS_TYPE_STRING, - &svc1)) - goto error; - if ((!getenv("FAIL_NO_SERVICE") && !getenv("FAIL_NOT_REGISTERED")) && - !dbus_message_iter_append_basic(&sub, - DBUS_TYPE_STRING, - &svc2)) - goto error; - dbus_message_iter_close_container(&iter, &sub); - } else { - reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); - } - - return reply; - - error: - dbus_message_unref(reply); - return NULL; -} - -#else -/* Nothing to override on non-__linux__ platforms */ -#endif diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c index 4fc513742..0fcd4e844 100644 --- a/tests/virsystemdtest.c +++ b/tests/virsystemdtest.c @@ -22,17 +22,115 @@ #include "testutils.h" -#ifdef __linux__ +#ifdef WITH_DBUS # include <stdlib.h> +# include <dbus/dbus.h> # include "virsystemd.h" # include "virlog.h" - +# include "virmock.h" # define VIR_FROM_THIS VIR_FROM_NONE VIR_LOG_INIT("tests.systemdtest"); +VIR_MOCK_IMPL_RET_ARGS(dbus_connection_send_with_reply_and_block, + DBusMessage *, + DBusConnection *, connection, + DBusMessage *, message, + int, timeout_milliseconds, + DBusError *, error) +{ + DBusMessage *reply = NULL; + const char *service = dbus_message_get_destination(message); + const char *member = dbus_message_get_member(message); + + VIR_MOCK_IMPL_INIT_REAL(dbus_connection_send_with_reply_and_block); + + if (STREQ(service, "org.freedesktop.machine1")) { + if (getenv("FAIL_BAD_SERVICE")) { + dbus_set_error_const(error, + "org.freedesktop.systemd.badthing", + "Something went wrong creating the machine"); + } else { + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + } + } else if (STREQ(service, "org.freedesktop.login1")) { + char *supported = getenv("RESULT_SUPPORT"); + DBusMessageIter iter; + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + dbus_message_iter_init_append(reply, &iter); + + if (!dbus_message_iter_append_basic(&iter, + DBUS_TYPE_STRING, + &supported)) + goto error; + } else if (STREQ(service, "org.freedesktop.DBus") && + STREQ(member, "ListActivatableNames")) { + const char *svc1 = "org.foo.bar.wizz"; + const char *svc2 = "org.freedesktop.machine1"; + const char *svc3 = "org.freedesktop.login1"; + DBusMessageIter iter; + DBusMessageIter sub; + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + dbus_message_iter_init_append(reply, &iter); + dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, + "s", &sub); + + if (!dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc1)) + goto error; + if (!getenv("FAIL_NO_SERVICE") && + !dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc2)) + goto error; + if (!getenv("FAIL_NO_SERVICE") && + !dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc3)) + goto error; + dbus_message_iter_close_container(&iter, &sub); + } else if (STREQ(service, "org.freedesktop.DBus") && + STREQ(member, "ListNames")) { + const char *svc1 = "org.foo.bar.wizz"; + const char *svc2 = "org.freedesktop.systemd1"; + const char *svc3 = "org.freedesktop.login1"; + DBusMessageIter iter; + DBusMessageIter sub; + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + dbus_message_iter_init_append(reply, &iter); + dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, + "s", &sub); + + if (!dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc1)) + goto error; + if ((!getenv("FAIL_NO_SERVICE") && !getenv("FAIL_NOT_REGISTERED")) && + !dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc2)) + goto error; + if ((!getenv("FAIL_NO_SERVICE") && !getenv("FAIL_NOT_REGISTERED")) && + !dbus_message_iter_append_basic(&sub, + DBUS_TYPE_STRING, + &svc3)) + goto error; + dbus_message_iter_close_container(&iter, &sub); + } else { + reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN); + } + + return reply; + + error: + dbus_message_unref(reply); + return NULL; +} + + static int testCreateContainer(const void *opaque ATTRIBUTE_UNUSED) { unsigned char uuid[VIR_UUID_BUFLEN] = { @@ -237,6 +335,86 @@ testScopeName(const void *opaque) return ret; } +typedef int (*virSystemdCanHelper)(bool * result); +struct testPMSupportData { + virSystemdCanHelper tested; +}; + +static int testPMSupportHelper(const void *opaque) +{ + int rv; + bool result; + size_t i; + const char *results[4] = {"yes", "no", "na", "challenge"}; + int expected[4] = {1, 0, 0, 1}; + const struct testPMSupportData *data = opaque; + + for (i = 0; i < 4; i++) { + setenv("RESULT_SUPPORT", results[i], 1); + if ((rv = data->tested(&result)) < 0) { + fprintf(stderr, "%s", "Unexpected canSuspend error\n"); + return -1; + } + + if (result != expected[i]) { + fprintf(stderr, "Unexpected result for answer '%s'\n", results[i]); + goto error; + } + unsetenv("RESULT_SUPPORT"); + } + + return 0; + error: + unsetenv("RESULT_SUPPORT"); + return -1; +} + +static int testPMSupportHelperNoSystemd(const void *opaque) +{ + int rv; + bool result; + const struct testPMSupportData *data = opaque; + + setenv("FAIL_NO_SERVICE", "1", 1); + + if ((rv = data->tested(&result)) == 0) { + unsetenv("FAIL_NO_SERVICE"); + fprintf(stderr, "%s", "Unexpected canSuspend success\n"); + return -1; + } + unsetenv("FAIL_NO_SERVICE"); + + if (rv != -2) { + fprintf(stderr, "%s", "Unexpected canSuspend error\n"); + return -1; + } + + return 0; +} + +static int testPMSupportSystemdNotRunning(const void *opaque) +{ + int rv; + bool result; + const struct testPMSupportData *data = opaque; + + setenv("FAIL_NOT_REGISTERED", "1", 1); + + if ((rv = data->tested(&result)) == 0) { + unsetenv("FAIL_NOT_REGISTERED"); + fprintf(stderr, "%s", "Unexpected canSuspend success\n"); + return -1; + } + unsetenv("FAIL_NOT_REGISTERED"); + + if (rv != -2) { + fprintf(stderr, "%s", "Unexpected canSuspend error\n"); + return -1; + } + + return 0; +} + static int mymain(void) { @@ -275,15 +453,34 @@ mymain(void) TEST_SCOPE("demo", "/machine/eng-dept/testing!stuff", "machine-eng\\x2ddept-testing\\x21stuff-lxc\\x2ddemo.scope"); +# define TESTS_PM_SUPPORT_HELPER(name, function) \ + do { \ + struct testPMSupportData data = { \ + function \ + }; \ + if (virtTestRun("Test " name " ", testPMSupportHelper, &data) < 0) \ + ret = -1; \ + if (virtTestRun("Test " name " no systemd ", \ + testPMSupportHelperNoSystemd, &data) < 0) \ + ret = -1; \ + if (virtTestRun("Test systemd " name " not running ", \ + testPMSupportSystemdNotRunning, &data) < 0) \ + ret = -1; \ + } while (0) + + TESTS_PM_SUPPORT_HELPER("canSuspend", &virSystemdCanSuspend); + TESTS_PM_SUPPORT_HELPER("canHibernate", &virSystemdCanHibernate); + TESTS_PM_SUPPORT_HELPER("canHybridSleep", &virSystemdCanHybridSleep); + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virsystemdmock.so") +VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virmockdbus.so") -#else +#else /* ! WITH_DBUS */ int main(void) { return EXIT_AM_SKIP; } -#endif +#endif /* ! WITH_DBUS */ diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index af91c615e..4b927c176 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -56,7 +56,7 @@ uuid="00000000-0000-0000-0000-0123456789ab" disk1="$tmpdir/1.img" disk2="$tmpdir/2.img" relative_disk1="$tmpdir/./../`basename $tmpdir`//./1.img" -nonexistent="$tmpdir/nonexistant.img" +nonexistent="$tmpdir/nonexistent.img" bad_disk="/etc/passwd" valid_uuid="libvirt-$uuid" nonexistent_uuid="libvirt-00000000-0000-0000-0000-000000000001" |