nwfilter: Add a test case for testing the comment attribute

This patch adds a test case for testing the XML parser's and instantiator's
support of the comment attribute.

diff --git a/tests/nwfilterxml2xmlin/comment-test.xml b/tests/nwfilterxml2xmlin/comment-test.xml
new file mode 100644 (file)
index 0000000..69ba783
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/comment-test.xml
@@ -0,0 +1,71 @@
+<filter name='testcase'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+
+  <rule action='accept' direction='in'>
+    <mac protocolid='0x1234' comment='mac rule'/>
+  </rule>
+
+  <rule action='accept' direction='out'>
+     <ip  srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+          dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+          srcipaddr='10.1.2.3' srcipmask='255.255.255.255'
+          dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+          protocol='udp'
+          srcportstart='0x123' srcportend='0x234'
+          dstportstart='0x3456' dstportend='0x4567'
+          dscp='0x32' comment='ip rule'/>
+  </rule>
+
+  <rule action='accept' direction='out'>
+     <ipv6 srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:fe'
+           dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80'
+           srcipaddr='::10.1.2.3' srcipmask='22'
+           dstipaddr='::10.1.2.3'
+           dstipmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000'
+           protocol='tcp'
+           srcportstart='0x111' srcportend='400'
+           dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
+  </rule>
+
+  <rule action='accept' direction='out'>
+     <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
+          dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
+          hwtype='0x12'
+          protocoltype='0x56'
+          opcode='Request'
+          arpsrcmacaddr='1:2:3:4:5:6'
+          arpdstmacaddr='a:b:c:d:e:f'
+          comment='arp rule'/>
+  </rule>
+
+  <rule action='accept' direction='out'>
+     <udp srcmacaddr='1:2:3:4:5:6'
+          dstipaddr='10.1.2.3' dstipmask='255.255.255.255'
+          dscp='0x22'
+          srcportstart='0x123' srcportend='400'
+          dstportstart='0x234' dstportend='0x444'
+          comment='udp rule'/>
+  </rule>
+
+  <rule action='accept' direction='in'>
+     <tcp-ipv6 srcmacaddr='1:2:3:4:5:6'
+               srcipaddr='a:b:c::' srcipmask='128'
+               dscp='0x40'
+               srcportstart='0x20' srcportend='0x21'
+               dstportstart='0x100' dstportend='0x1111'
+               comment='tcp/ipv6 rule'/>
+  </rule>
+
+  <rule action='accept' direction='in'>
+     <udp-ipv6 comment='`ls`;${COLUMNS};$(ls);"test";&amp;&apos;3   spaces&apos;'/>
+  </rule>
+
+  <rule action='accept' direction='in'>
+     <sctp-ipv6 comment='comment with lone &apos;, `, ", `, \, $x, and two  spaces'/>
+  </rule>
+
+  <rule action='accept' direction='in'>
+     <ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat &lt; ${tmp}; rm -f ${tmp}'/>
+  </rule>
+
+</filter>

diff --git a/tests/nwfilterxml2xmlout/comment-test.xml b/tests/nwfilterxml2xmlout/comment-test.xml
new file mode 100644 (file)
index 0000000..1d95af1
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/comment-test.xml
@@ -0,0 +1,30 @@
+<filter name='testcase' chain='root'>
+  <uuid>01a992d2-f8c8-7c27-f69b-ab0a9d377379</uuid>
+  <rule action='accept' direction='in' priority='500'>
+    <mac protocolid='0x1234' comment='mac rule'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <ip srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' srcipaddr='10.1.2.3' srcipmask='32' dstipaddr='10.1.2.3' dstipmask='32' protocol='udp' srcportstart='0x123' srcportend='0x234' dstportstart='0x3456' dstportend='0x4567' dscp='0x32' comment='ip rule'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <ipv6 srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:fe' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:80' srcipaddr='::10.1.2.3' srcipmask='22' dstipaddr='::10.1.2.3' dstipmask='113' protocol='tcp' srcportstart='0x111' srcportend='400' dstportstart='0x3333' dstportend='65535' comment='ipv6 rule'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='0x12' protocoltype='0x56' opcode='Request' arpsrcmacaddr='01:02:03:04:05:06' arpdstmacaddr='0a:0b:0c:0d:0e:0f' comment='arp rule'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <udp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='0x22' srcportstart='0x123' srcportend='400' dstportstart='0x234' dstportend='0x444' comment='udp rule'/>
+  </rule>
+  <rule action='accept' direction='in' priority='500'>
+    <tcp-ipv6 srcmacaddr='01:02:03:04:05:06' srcipaddr='a:b:c::' srcipmask='128' srcportstart='0x20' srcportend='0x21' dstportstart='0x100' dstportend='0x1111' comment='tcp/ipv6 rule'/>
+  </rule>
+  <rule action='accept' direction='in' priority='500'>
+    <udp-ipv6 comment='`ls`;${COLUMNS};$(ls);&quot;test&quot;;&amp;&apos;3   spaces&apos;'/>
+  </rule>
+  <rule action='accept' direction='in' priority='500'>
+    <sctp-ipv6 comment='comment with lone &apos;, `, &quot;, `, \, $x, and two  spaces'/>
+  </rule>
+  <rule action='accept' direction='in' priority='500'>
+    <ah-ipv6 comment='tmp=`mktemp`; echo ${RANDOM} &gt; ${tmp} ; cat &lt; ${tmp}; rm -f ${tmp}'/>
+  </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c
index e681b919efc4dde416c5bfab84459c878c0d191f..e001e99fe0ce3840fcbb98f6f47d076ebff4f169 100644 (file)
--- a/tests/nwfilterxml2xmltest.c
+++ b/tests/nwfilterxml2xmltest.c
@@ -124,6 +124,8 @@ mymain(int argc, char **argv)
 
     DO_TEST("hex-data-test");
 
+    DO_TEST("comment-test");
+
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
 }