nwfilter: More XML parser test cases

This patch adds a couple more nwfilter test cases for the XML parser tests.

diff --git a/tests/nwfilterxml2xmlin/icmp-direction-test.xml b/tests/nwfilterxml2xmlin/icmp-direction-test.xml
new file mode 100644 (file)
index 0000000..a692d2a
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/icmp-direction-test.xml
@@ -0,0 +1,15 @@
+<filter name='testcase'>
+    <uuid>f4b3f745-d23d-2ee6-218a-d5671611229b</uuid>
+    <!-- allow incoming ICMP Echo Reply -->
+    <rule action='accept' direction='in' priority='500'>
+        <icmp type='0'/>
+    </rule>
+    <!-- allow outgoing ICMP Echo Request -->
+    <rule action='accept' direction='out' priority='500'>
+        <icmp type='8'/>
+    </rule>
+    <!-- drop all other ICMP traffic -->
+    <rule action='drop' direction='inout' priority='600'>
+        <icmp/>
+    </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmlin/icmp-direction2-test.xml b/tests/nwfilterxml2xmlin/icmp-direction2-test.xml
new file mode 100644 (file)
index 0000000..1396348
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/icmp-direction2-test.xml
@@ -0,0 +1,15 @@
+<filter name='testcase'>
+    <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
+    <!-- allow incoming ICMP Echo Request -->
+    <rule action='accept' direction='in' priority='500'>
+        <icmp type='8'/>
+    </rule>
+    <!-- allow outgoing ICMP Echo Reply -->
+    <rule action='accept' direction='out' priority='500'>
+        <icmp type='0'/>
+    </rule>
+    <!-- drop all other ICMP traffic -->
+    <rule action='drop' direction='inout' priority='600'>
+        <icmp/>
+    </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmlin/icmp-direction3-test.xml b/tests/nwfilterxml2xmlin/icmp-direction3-test.xml
new file mode 100644 (file)
index 0000000..b5e3dcd
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/icmp-direction3-test.xml
@@ -0,0 +1,10 @@
+<filter name='testcase'>
+    <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
+    <rule action='accept' direction='out' priority='500'>
+        <icmp/>
+    </rule>
+    <!-- drop all other traffic -->
+    <rule action='drop' direction='inout' priority='600'>
+        <all/>
+    </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmlin/ipt-no-macspoof-test.xml b/tests/nwfilterxml2xmlin/ipt-no-macspoof-test.xml
new file mode 100644 (file)
index 0000000..ab78bd1
--- /dev/null
+++ b/tests/nwfilterxml2xmlin/ipt-no-macspoof-test.xml
@@ -0,0 +1,14 @@
+<filter name='testcase'>
+  <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+  <rule action='drop' direction='inout'>
+     <!-- should use $MAC for MAC address, but tests would depend on VM's
+          MAC address -->
+     <all match='no' srcmacaddr='12:34:56:78:9a:bc'/>
+  </rule>
+
+  <rule action='drop' direction='in'>
+     <!-- not accepting incoming traffic from a certain MAC address -->
+     <all match='no' srcmacaddr='aa:aa:aa:aa:aa:aa'/>
+  </rule>
+
+</filter>

diff --git a/tests/nwfilterxml2xmlout/icmp-direction-test.xml b/tests/nwfilterxml2xmlout/icmp-direction-test.xml
new file mode 100644 (file)
index 0000000..1022adb
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/icmp-direction-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+  <uuid>f4b3f745-d23d-2ee6-218a-d5671611229b</uuid>
+  <rule action='accept' direction='in' priority='500'>
+    <icmp type='0'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <icmp type='8'/>
+  </rule>
+  <rule action='drop' direction='inout' priority='600'>
+    <icmp/>
+  </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmlout/icmp-direction2-test.xml b/tests/nwfilterxml2xmlout/icmp-direction2-test.xml
new file mode 100644 (file)
index 0000000..2314b2d
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/icmp-direction2-test.xml
@@ -0,0 +1,12 @@
+<filter name='testcase' chain='root'>
+  <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
+  <rule action='accept' direction='in' priority='500'>
+    <icmp type='8'/>
+  </rule>
+  <rule action='accept' direction='out' priority='500'>
+    <icmp type='0'/>
+  </rule>
+  <rule action='drop' direction='inout' priority='600'>
+    <icmp/>
+  </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmlout/icmp-direction3-test.xml b/tests/nwfilterxml2xmlout/icmp-direction3-test.xml
new file mode 100644 (file)
index 0000000..31daef3
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/icmp-direction3-test.xml
@@ -0,0 +1,9 @@
+<filter name='testcase' chain='root'>
+  <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
+  <rule action='accept' direction='out' priority='500'>
+    <icmp/>
+  </rule>
+  <rule action='drop' direction='inout' priority='600'>
+    <all/>
+  </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmlout/ipt-no-macspoof-test.xml b/tests/nwfilterxml2xmlout/ipt-no-macspoof-test.xml
new file mode 100644 (file)
index 0000000..218ce4d
--- /dev/null
+++ b/tests/nwfilterxml2xmlout/ipt-no-macspoof-test.xml
@@ -0,0 +1,9 @@
+<filter name='testcase' chain='root'>
+  <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
+  <rule action='drop' direction='inout' priority='500'>
+    <all match='no' srcmacaddr='12:34:56:78:9a:bc'/>
+  </rule>
+  <rule action='drop' direction='in' priority='500'>
+    <all match='no' srcmacaddr='aa:aa:aa:aa:aa:aa'/>
+  </rule>
+</filter>

diff --git a/tests/nwfilterxml2xmltest.c b/tests/nwfilterxml2xmltest.c
index 8a8c15a575a079ea7e0c2b649d301e66e35721d6..4dcda26315981c2dd1bc4f29d802fbe5bc31af90 100644 (file)
--- a/tests/nwfilterxml2xmltest.c
+++ b/tests/nwfilterxml2xmltest.c
@@ -114,6 +114,10 @@ mymain(int argc, char **argv)
 
     DO_TEST("ref-test");
     DO_TEST("ref-rule-test");
+    DO_TEST("ipt-no-macspoof-test");
+    DO_TEST("icmp-direction-test");
+    DO_TEST("icmp-direction2-test");
+    DO_TEST("icmp-direction3-test");
 
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);
 }