]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
nwfilter: extend schema + add testcase w/ connlimit-above
authorStefan Berger <stefanb@us.ibm.com>
Fri, 23 Apr 2010 15:42:39 +0000 (11:42 -0400)
committerStefan Berger <stefanb@us.ibm.com>
Fri, 23 Apr 2010 15:42:39 +0000 (11:42 -0400)
I am extending the schema with the recently added connlimit-above
attribute and adding a test case for it to the test suite.

docs/schemas/nwfilter.rng
tests/nwfilterxml2xmlin/conntrack-test.xml [new file with mode: 0644]
tests/nwfilterxml2xmlout/conntrack-test.xml [new file with mode: 0644]
tests/nwfilterxml2xmltest.c

index e553bccc16bb5708e1689a320177c433a1770933..0497d275ce31b2ee558081d15aafa0150db5da02 100644 (file)
           <ref name="sixbitrange"/>
         </attribute>
       </optional>
+      <optional>
+        <attribute name="connlimit-above">
+          <ref name="uint16range"/>
+        </attribute>
+      </optional>
     </interleave>
   </define>
 
diff --git a/tests/nwfilterxml2xmlin/conntrack-test.xml b/tests/nwfilterxml2xmlin/conntrack-test.xml
new file mode 100644 (file)
index 0000000..1a49e69
--- /dev/null
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+  <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+  <rule action='drop' direction='out' priority='500'>
+    <icmp connlimit-above='1'/>
+  </rule>
+  <rule action='drop' direction='out' priority='500'>
+    <tcp connlimit-above='2'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <all/>
+  </rule>
+</filter>
diff --git a/tests/nwfilterxml2xmlout/conntrack-test.xml b/tests/nwfilterxml2xmlout/conntrack-test.xml
new file mode 100644 (file)
index 0000000..1a49e69
--- /dev/null
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+  <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>
+  <rule action='drop' direction='out' priority='500'>
+    <icmp connlimit-above='1'/>
+  </rule>
+  <rule action='drop' direction='out' priority='500'>
+    <tcp connlimit-above='2'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <all/>
+  </rule>
+</filter>
index 4dcda26315981c2dd1bc4f29d802fbe5bc31af90..d653a9a71f9f39fbb95e503e199b9c03e3613fdb 100644 (file)
@@ -119,6 +119,8 @@ mymain(int argc, char **argv)
     DO_TEST("icmp-direction2-test");
     DO_TEST("icmp-direction3-test");
 
+    DO_TEST("conntrack-test");
+
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
 }