static int
testFirewallSingleGroup(const void *opaque)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
virFirewallPtr fw = NULL;
int ret = -1;
const char *actual = NULL;
const char *expected =
IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
if (virFirewallSetBackend(data->tryBackend) < 0)
goto cleanup;
if (data->expectBackend == VIR_FIREWALL_BACKEND_DIRECT)
virCommandSetDryRun(&cmdbuf, NULL, NULL);
else
fwBuf = &cmdbuf;
fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
if (virFirewallApply(fw) < 0)
goto cleanup;
if (virBufferError(&cmdbuf))
goto cleanup;
actual = virBufferCurrentContent(&cmdbuf);
if (STRNEQ_NULLABLE(expected, actual)) {
fprintf(stderr, "Unexected command execution\n");
virTestDifference(stderr, expected, actual);
goto cleanup;
}
ret = 0;
cleanup:
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
virFirewallFree(fw);
return ret;
}
static int
mymain(void)
{
int ret = 0;
abs_top_srcdir = getenv("abs_top_srcdir");
if (!abs_top_srcdir)
abs_top_srcdir = abs_srcdir "/..";
# define DO_TEST(name) \
do { \
static struct testInfo info = { \
name, \
}; \
if (virTestRun("Network XML-2-iptables " name, \
testCompareXMLToIPTablesHelper, &info) < 0) \
ret = -1; \
} while (0)
virFirewallSetLockOverride(true);
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
ret = -1;
goto cleanup;
}
DO_TEST("nat-default");
DO_TEST("nat-tftp");
DO_TEST("nat-many-ips");
DO_TEST("nat-no-dhcp");
DO_TEST("nat-ipv6");
DO_TEST("route-default");
DO_TEST("route-default");
cleanup:
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
static int
mymain(void)
{
int ret = 0;
abs_top_srcdir = getenv("abs_top_srcdir");
if (!abs_top_srcdir)
abs_top_srcdir = abs_srcdir "/..";
# define DO_TEST(name) \
do { \
static struct testInfo info = { \
name, \
}; \
if (virTestRun("NWFilter XML-2-firewall " name, \
testCompareXMLToIPTablesHelper, &info) < 0) \
ret = -1; \
} while (0)
virFirewallSetLockOverride(true);
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
if (!hasNetfilterTools()) {
fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
return EXIT_AM_SKIP;
}
ret = -1;
goto cleanup;
}
DO_TEST("ah");
DO_TEST("ah-ipv6");
DO_TEST("all");
DO_TEST("all-ipv6");
DO_TEST("arp");
DO_TEST("comment");
DO_TEST("conntrack");
DO_TEST("esp");
DO_TEST("esp-ipv6");
DO_TEST("example-1");
DO_TEST("example-2");
DO_TEST("hex-data");
DO_TEST("icmp-direction2");
DO_TEST("icmp-direction3");
DO_TEST("icmp-direction");
DO_TEST("icmp");
DO_TEST("icmpv6");
DO_TEST("igmp");
DO_TEST("ip");
DO_TEST("ipset");
DO_TEST("ipt-no-macspoof");
DO_TEST("ipv6");
DO_TEST("iter1");
DO_TEST("iter2");
DO_TEST("iter3");
DO_TEST("mac");
DO_TEST("rarp");
DO_TEST("sctp");
DO_TEST("sctp-ipv6");
DO_TEST("stp");
DO_TEST("target2");
DO_TEST("target");
DO_TEST("tcp");
DO_TEST("tcp-ipv6");
DO_TEST("udp");
DO_TEST("udp-ipv6");
DO_TEST("udplite");
DO_TEST("udplite-ipv6");
DO_TEST("vlan");
cleanup:
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
