networkxml2confdata \
networkxml2xmlupdatein \
networkxml2xmlupdateout \
+ networkxml2firewalldata \
nodedevschemadata \
nodedevschematest \
nodeinfodata \
test_programs += jsontest
endif WITH_YAJL
-test_programs += networkxml2xmltest networkxml2xmlupdatetest
+test_programs += \
+ networkxml2xmltest \
+ networkxml2xmlupdatetest \
+ $(NULL)
if WITH_NETWORK
-test_programs += networkxml2conftest
+test_programs += \
+ networkxml2conftest \
+ networkxml2firewalltest \
+ $(NULL)
endif WITH_NETWORK
if WITH_STORAGE_SHEEPDOG
networkxml2conftest.c \
testutils.c testutils.h
networkxml2conftest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS)
+
+networkxml2firewalltest_SOURCES = \
+ networkxml2firewalltest.c \
+ testutils.c testutils.h
+networkxml2firewalltest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS)
+
else ! WITH_NETWORK
EXTRA_DIST += networkxml2conftest.c
endif ! WITH_NETWORK
--- /dev/null
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
--- /dev/null
+<network>
+ <name>default</name>
+ <bridge name="virbr0"/>
+ <forward/>
+ <ip address="192.168.122.1" netmask="255.255.255.0">
+ <dhcp>
+ <range start="192.168.122.2" end="192.168.122.254"/>
+ </dhcp>
+ </ip>
+</network>
--- /dev/null
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 547 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \
+--in-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
--- /dev/null
+<network>
+ <name>default</name>
+ <bridge name="virbr0"/>
+ <forward/>
+ <ip address="192.168.122.1" netmask="255.255.255.0">
+ <dhcp>
+ <range start="192.168.122.2" end="192.168.122.254"/>
+ </dhcp>
+ </ip>
+ <ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" >
+ <dhcp>
+ <range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff" />
+ </dhcp>
+ </ip>
+</network>
--- /dev/null
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table filter --insert FORWARD --source 192.168.128.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.128.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 '!' \
+--destination 192.168.128.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+-p udp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+-p tcp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table filter --insert FORWARD --source 192.168.150.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.150.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 '!' \
+--destination 192.168.150.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+-p udp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+-p tcp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
--- /dev/null
+<network>
+ <name>default</name>
+ <bridge name="virbr0"/>
+ <forward/>
+ <ip address="192.168.122.1" netmask="255.255.255.0">
+ <dhcp>
+ <range start="192.168.122.2" end="192.168.122.254"/>
+ </dhcp>
+ </ip>
+ <ip address="192.168.128.1" netmask="255.255.255.0"/>
+ <ip address="192.168.150.1" netmask="255.255.255.0"/>
+</network>
--- /dev/null
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 547 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \
+--in-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \
+--out-interface virbr0 --jump ACCEPT
--- /dev/null
+<network>
+ <name>default</name>
+ <bridge name="virbr0"/>
+ <forward/>
+ <ip address="192.168.122.1" netmask="255.255.255.0"/>
+ <ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"/>
+</network>
--- /dev/null
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 69 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
--- /dev/null
+<network>
+ <name>default</name>
+ <bridge name="virbr0"/>
+ <forward/>
+ <ip address="192.168.122.1" netmask="255.255.255.0">
+ <tftp root='/some/dir'/>
+ <dhcp>
+ <range start="192.168.122.2" end="192.168.122.254"/>
+ </dhcp>
+ </ip>
+</network>
--- /dev/null
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
--- /dev/null
+<network>
+ <name>default</name>
+ <bridge name="virbr0"/>
+ <forward mode='route'/>
+ <ip address="192.168.122.1" netmask="255.255.255.0">
+ <dhcp>
+ <range start="192.168.122.2" end="192.168.122.254"/>
+ </dhcp>
+ </ip>
+</network>
--- /dev/null
+/*
+ * networkxml2firewalltest.c: Test iptables rule generation
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <config.h>
+
+#if defined (__linux__)
+
+# include "testutils.h"
+# include "network/bridge_driver_platform.h"
+# include "virbuffer.h"
+
+# define __VIR_FIREWALL_PRIV_H_ALLOW__
+# include "virfirewallpriv.h"
+
+# define __VIR_COMMAND_PRIV_H_ALLOW__
+# include "vircommandpriv.h"
+
+# define VIR_FROM_THIS VIR_FROM_NONE
+
+static const char *abs_top_srcdir;
+
+# ifdef __linux__
+# define RULESTYPE "linux"
+# else
+# error "test case not ported to this platform"
+# endif
+
+static int testCompareXMLToArgvFiles(const char *xml,
+ const char *cmdline)
+{
+ char *expectargv = NULL;
+ int len;
+ char *actualargv = NULL;
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ virNetworkDefPtr def = NULL;
+ int ret = -1;
+
+ virCommandSetDryRun(&buf, NULL, NULL);
+
+ if (!(def = virNetworkDefParseFile(xml)))
+ goto cleanup;
+
+ if (networkAddFirewallRules(def) < 0)
+ goto cleanup;
+
+ if (virBufferError(&buf))
+ goto cleanup;
+
+ actualargv = virBufferContentAndReset(&buf);
+ virtTestClearCommandPath(actualargv);
+ virCommandSetDryRun(NULL, NULL, NULL);
+
+ len = virtTestLoadFile(cmdline, &expectargv);
+ if (len < 0)
+ goto cleanup;
+
+ if (STRNEQ(expectargv, actualargv)) {
+ virtTestDifference(stderr, expectargv, actualargv);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ virBufferFreeAndReset(&buf);
+ VIR_FREE(expectargv);
+ VIR_FREE(actualargv);
+ virNetworkDefFree(def);
+ return ret;
+}
+
+struct testInfo {
+ const char *name;
+};
+
+
+static int
+testCompareXMLToIPTablesHelper(const void *data)
+{
+ int result = -1;
+ const struct testInfo *info = data;
+ char *xml = NULL;
+ char *args = NULL;
+
+ if (virAsprintf(&xml, "%s/networkxml2firewalldata/%s.xml",
+ abs_srcdir, info->name) < 0 ||
+ virAsprintf(&args, "%s/networkxml2firewalldata/%s-%s.args",
+ abs_srcdir, info->name, RULESTYPE) < 0)
+ goto cleanup;
+
+ result = testCompareXMLToArgvFiles(xml, args);
+
+ cleanup:
+ VIR_FREE(xml);
+ VIR_FREE(args);
+ return result;
+}
+
+
+static int
+mymain(void)
+{
+ int ret = 0;
+
+ abs_top_srcdir = getenv("abs_top_srcdir");
+ if (!abs_top_srcdir)
+ abs_top_srcdir = abs_srcdir "/..";
+
+# define DO_TEST(name) \
+ do { \
+ static struct testInfo info = { \
+ name, \
+ }; \
+ if (virtTestRun("Network XML-2-iptables " name, \
+ testCompareXMLToIPTablesHelper, &info) < 0) \
+ ret = -1; \
+ } while (0)
+
+ if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ DO_TEST("nat-default");
+ DO_TEST("nat-tftp");
+ DO_TEST("nat-many-ips");
+ DO_TEST("nat-no-dhcp");
+ DO_TEST("nat-ipv6");
+ DO_TEST("route-default");
+ DO_TEST("route-default");
+
+ cleanup:
+ return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+VIRT_TEST_MAIN(mymain)
+
+#else /* ! defined (__linux__) */
+
+int main(void)
+{
+ return EXIT_AM_SKIP;
+}
+
+#endif /* ! defined (__linux__) */
}
+/*
+ * @cmdset contains a list of command line args, eg
+ *
+ * "/usr/sbin/iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT
+ * /usr/sbin/iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT
+ * /usr/sbin/iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ * /usr/sbin/iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ * /usr/sbin/iptables --table filter --insert FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT"
+ *
+ * And we're munging it in-place to strip the path component
+ * of the command line, to produce
+ *
+ * "iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT
+ * iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT
+ * iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ * iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ * iptables --table filter --insert FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT"
+ */
+void virtTestClearCommandPath(char *cmdset)
+{
+ size_t offset = 0;
+ char *lineStart = cmdset;
+ char *lineEnd = strchr(lineStart, '\n');
+
+ while (lineStart) {
+ char *dirsep;
+ char *movestart;
+ size_t movelen;
+ dirsep = strchr(lineStart, ' ');
+ if (dirsep) {
+ while (dirsep > lineStart && *dirsep != '/')
+ dirsep--;
+ if (*dirsep == '/')
+ dirsep++;
+ movestart = dirsep;
+ } else {
+ movestart = lineStart;
+ }
+ movelen = lineEnd ? lineEnd - movestart : strlen(movestart);
+
+ if (movelen) {
+ memmove(cmdset + offset, movestart, movelen + 1);
+ offset += movelen + 1;
+ }
+ lineStart = lineEnd ? lineEnd + 1 : NULL;
+ lineEnd = lineStart ? strchr(lineStart, '\n') : NULL;
+ }
+ cmdset[offset] = '\0';
+}
+
+
virCapsPtr virTestGenericCapsInit(void)
{
virCapsPtr caps;
int virtTestClearLineRegex(const char *pattern,
char *string);
+void virtTestClearCommandPath(char *cmdset);
+
int virtTestDifference(FILE *stream,
const char *expect,
const char *actual);
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff