]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5b0c71e)
nwfilter: Add test case for testing the state attribute
authorStefan Berger <stefanb@us.ibm.com>
Thu, 7 Oct 2010 10:43:35 +0000 (06:43 -0400)
committerStefan Berger <stefanb@us.ibm.com>
Thu, 7 Oct 2010 10:43:35 +0000 (06:43 -0400)
This patch adds a test case for testing the XML parser's and instantiator's
support of the state attribute. The other test case tests existing
capabilities. Both test cases will be used in TCK again.

tests/nwfilterxml2xmlin/example-1.xml [new file with mode: 0644] patch | blob
tests/nwfilterxml2xmlin/example-2.xml [new file with mode: 0644] patch | blob
tests/nwfilterxml2xmlout/example-1.xml [new file with mode: 0644] patch | blob
tests/nwfilterxml2xmlout/example-2.xml [new file with mode: 0644] patch | blob
tests/nwfilterxml2xmltest.c patch | blob | blame | history

diff --git a/tests/nwfilterxml2xmlin/example-1.xml b/tests/nwfilterxml2xmlin/example-1.xml
new file mode 100644 (file)
index 0000000..e8d00ed
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/example-1.xml
@@ -0,0 +1,24 @@
+<filter name='testcase'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+
+  <!-- allow incoming ssh connections -->
+  <rule action='accept' direction='in' priority='100'>
+    <tcp dstportstart='22'/>
+  </rule>
+
+  <!-- allow incoming ICMP (ping) packets -->
+  <rule action='accept' direction='in' priority='200'>
+    <icmp/>
+  </rule>
+
+  <!-- allow all outgoing traffic -->
+  <rule action='accept' direction='in' priority='300'>
+    <all/>
+  </rule>
+
+  <!-- drop all other traffic -->
+  <rule action='drop' direction='inout' priority='1000'>
+    <all/>
+  </rule>
+
+</filter>
diff --git a/tests/nwfilterxml2xmlin/example-2.xml b/tests/nwfilterxml2xmlin/example-2.xml
new file mode 100644 (file)
index 0000000..112fa05
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/example-2.xml
@@ -0,0 +1,37 @@
+<filter name='testcase'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+
+  <!-- VM outgoing: allow all established and related connections -->
+  <rule action='accept' direction='out' priority='100'>
+    <all state='ESTABLISHED,RELATED'
+         comment='out: existing and related (ftp) connections'/>
+  </rule>
+
+  <!-- VM incoming: allow all established connections -->
+  <rule action='accept' direction='in' priority='100'>
+    <all state='ESTABLISHED'
+         comment='in: existing connections'/>
+  </rule>
+
+  <!-- allow incoming ssh and ftp traffic -->
+  <rule action='accept' direction='in' priority='200'>
+    <tcp dstportstart='21' dstportend='22' state='NEW'
+         comment='in: ftp and ssh'/>
+  </rule>
+
+  <!-- allow incoming ICMP (ping) packets -->
+  <rule action='accept' direction='in' priority='300'>
+    <icmp state='NEW' comment='in: icmp'/>
+  </rule>
+
+  <!-- allow outgong DNS lookups -->
+  <rule action='accept' direction='out' priority='300'>
+    <udp dstportstart='53' state='NEW' comment='out: DNS lookups'/>
+  </rule>
+
+  <!-- drop all other traffic -->
+  <rule action='drop' direction='inout' priority='1000'>
+    <all comment='inout: drop all non-accepted traffic'/>
+  </rule>
+
+</filter>
diff --git a/tests/nwfilterxml2xmlout/example-1.xml b/tests/nwfilterxml2xmlout/example-1.xml
new file mode 100644 (file)
index 0000000..dd0ef94
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/example-1.xml
@@ -0,0 +1,15 @@
+<filter name='testcase' chain='root'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+  <rule action='accept' direction='in' priority='100'>
+    <tcp dstportstart='22'/>
+  </rule>
+  <rule action='accept' direction='in' priority='200'>
+    <icmp/>
+  </rule>
+  <rule action='accept' direction='in' priority='300'>
+    <all/>
+  </rule>
+  <rule action='drop' direction='inout' priority='1000'>
+    <all/>
+  </rule>
+</filter>
diff --git a/tests/nwfilterxml2xmlout/example-2.xml b/tests/nwfilterxml2xmlout/example-2.xml
new file mode 100644 (file)
index 0000000..a3f0bf9
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/example-2.xml
@@ -0,0 +1,21 @@
+<filter name='testcase' chain='root'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+  <rule action='accept' direction='out' priority='100'>
+    <all state='ESTABLISHED,RELATED' comment='out: existing and related (ftp) connections'/>
+  </rule>
+  <rule action='accept' direction='in' priority='100'>
+    <all state='ESTABLISHED' comment='in: existing connections'/>
+  </rule>
+  <rule action='accept' direction='in' priority='200'>
+    <tcp state='NEW' dstportstart='21' dstportend='22' comment='in: ftp and ssh'/>
+  </rule>
+  <rule action='accept' direction='in' priority='300'>
+    <icmp state='NEW' comment='in: icmp'/>
+  </rule>
+  <rule action='accept' direction='out' priority='300'>
+    <udp state='NEW' dstportstart='53' comment='out: DNS lookups'/>
+  </rule>
+  <rule action='drop' direction='inout' priority='1000'>
+    <all comment='inout: drop all non-accepted traffic'/>
+  </rule>
+</filter>
diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c
index e001e99fe0ce3840fcbb98f6f47d076ebff4f169..3a8001d22cf0244d6866c8d8d5c4d481f9026208 100644 (file)
--- a/tests/nwfilterxml2xmltest.c
+++ b/tests/nwfilterxml2xmltest.c
@@ -126,6 +126,9 @@ mymain(int argc, char **argv)
 
     DO_TEST("comment-test");
 
+    DO_TEST("example-1");
+    DO_TEST("example-2");
+
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
 }
 
Unnamed repository; edit this file 'description' to name the repository.