...
 
Commits (2)
......@@ -76,9 +76,9 @@ diag "ip is $guestip";
my $ebtables = (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebtables';
my $ebtable = `$ebtables -L;$ebtables -t nat -L`;
diag $ebtable;
# ebtables shortens :00: to :0: so we need to do that too
# ebtables *might* shorten :00: to :0: so we need to allow for both when searching
$_ = $mac;
s/00/0/g;
s/0([0-9])/0{0,1}$1/g;
ok($ebtable =~ $_, "check ebtables entry");
# ping guest1
......
......@@ -81,9 +81,9 @@ diag "guest ip is $guestip";
my $ebtables = (-e '/sbin/ebtables') ? '/sbin/ebtables' : '/usr/sbin/ebtables';
my $ebtable = `$ebtables -L;$ebtables -t nat -L`;
diag $ebtable;
# ebtables shortens :00: to :0: so we need to do that too
# ebtables *might* shorten :00: to :0: so we need to allow for both when searching
$_ = $mac;
s/00/0/g;
s/0([0-9])/0{0,1}$1/g;
ok($ebtable =~ $_, "check ebtables entry");
my $macfalse = "52:54:00:f9:21:22";
......
......@@ -653,7 +653,7 @@ main() {
exit 1
fi
createVM "${vm2}" "${TESTFILTERNAME}" "10.1.1.1" "52:54:0:9f:33:da" \
createVM "${vm2}" "${TESTFILTERNAME}" "10.1.1.1" "52:54:10:9f:33:da" \
"${flags}"
if [ $? -ne 0 ]; then
echo "Could not create VM ${vm2}. Exiting."
......
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/0a:0b:0c:0d:0e:0f/a:b:c:d:e:f/g | grep -v "^Bridge" | grep -v "^$"
-p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype 12 --arp-ptype 0x22 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f -j ACCEPT
-p ARP -s 1:2:3:4:5:6 --arp-op Request --arp-htype 255 --arp-ptype 0xff -j ACCEPT
-p ARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT
......
......@@ -2,7 +2,7 @@
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/0a:0b:0c:0d:0e:0f/a:b:c:d:e:f/g | grep -v "^Bridge" | grep -v "^$"
-p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst 10.1.2.3 --ip-tos 0x32 --ip-proto udp --ip-sport 291:564 --ip-dport 13398:17767 -j ACCEPT
-p IPv6 -s 1:2:3:4:5:6/ff:ff:ff:ff:ff:fe -d aa:bb:cc:dd:ee:80/ff:ff:ff:ff:ff:80 --ip6-src ::/ffff:fc00:: --ip6-dst ::10.1.0.0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000 --ip6-proto tcp --ip6-sport 273:400 --ip6-dport 13107:65535 -j ACCEPT
-p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype 18 --arp-ptype 0x56 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f -j ACCEPT
......
......@@ -2,7 +2,7 @@
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/0a:0b:0c:0d:0e:0f/a:b:c:d:e:f/g | grep -v "^Bridge" | grep -v "^$"
-p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst 10.1.2.3 --ip-tos 0x32 --ip-proto udp --ip-sport 291:564 --ip-dport 13398:17767 -j ACCEPT
-p IPv6 -s 1:2:3:4:5:6/ff:ff:ff:ff:ff:fe -d aa:bb:cc:dd:ee:80/ff:ff:ff:ff:ff:80 --ip6-src ::/ffff:fc00:: --ip6-dst ::10.1.0.0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000 --ip6-proto tcp --ip6-sport 273:400 --ip6-dport 13107:65535 -j ACCEPT
-p ARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype 18 --arp-ptype 0x56 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f -j ACCEPT
......
......@@ -2,7 +2,7 @@
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
-p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst 10.1.2.3 --ip-proto udp --ip-sport 20:22 --ip-dport 100:101 -j ACCEPT
-p IPv4 --ip-src 10.1.0.0/17 --ip-dst 10.1.2.0/24 --ip-tos 0x3F --ip-proto udp -j ACCEPT
#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
......
......@@ -2,7 +2,7 @@
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
-p IPv6 -s 1:2:3:4:5:6/ff:ff:ff:ff:ff:fe -d aa:bb:cc:dd:ee:80/ff:ff:ff:ff:ff:80 --ip6-src ::/ffff:fc00:: --ip6-dst ::10.1.0.0/ffff:ffff:ffff:ffff:ffff:ffff:ffff:8000 --ip6-proto udp --ip6-sport 20:22 --ip6-dport 100:101 -j ACCEPT
-p IPv6 --ip6-src a:b:c::/ffff:ffff:ffff:ffff:8000:: --ip6-dst 1::2/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --ip6-proto tcp --ip6-sport 100:101 --ip6-dport 20:22 -j ACCEPT
-p IPv6 --ip6-src a:b:c::/ffff:ffff:ffff:ffff:8000:: --ip6-dst 1::2/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --ip6-proto tcp --ip6-sport 65535 --ip6-dport 255:256 -j ACCEPT
......
......@@ -2,7 +2,7 @@
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
-p ARP -s 1:2:3:4:5:6 -j ACCEPT
#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
-p IPv4 -d aa:bb:cc:dd:ee:ff -j ACCEPT
......
#ebtables -t nat -L libvirt-I-vnet0 | sed s/0x8035/RARP/g | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/0a:0b:0c:0d:0e:0f/a:b:c:d:e:f/g | sed s/0x8035/RARP/g | grep -v "^Bridge" | grep -v "^$"
-p RARP -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --arp-op Request --arp-htype 12 --arp-ptype 0x22 --arp-mac-src 1:2:3:4:5:6 --arp-mac-dst a:b:c:d:e:f -j ACCEPT
-p RARP -s 1:2:3:4:5:6 --arp-op Request --arp-htype 255 --arp-ptype 0xff -j ACCEPT
-p RARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT
......
......@@ -6,9 +6,9 @@
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L I-vnet0-stp-xyz | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L I-vnet0-stp-xyz | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/06:05:04:03:02:01/6:5:4:3:2:1/g | grep -v "^Bridge" | grep -v "^$"
-s 1:2:3:4:5:6 -d BGA --stp-root-prio 4660:9029 --stp-root-addr 6:5:4:3:2:1 --stp-root-cost 287454020:573785173 -j RETURN
#ebtables -t nat -L O-vnet0-stp-xyz | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L O-vnet0-stp-xyz | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | sed s/06:05:04:03:02:01/6:5:4:3:2:1/g | grep -v "^Bridge" | grep -v "^$"
-s 1:2:3:4:5:6 -d BGA --stp-type 18 --stp-flags 68 -j CONTINUE
-s 1:2:3:4:5:6 -d BGA --stp-sender-prio 4660 --stp-sender-addr 6:5:4:3:2:1 --stp-port 123:234 --stp-msg-age 5544:5555 --stp-max-age 7777:8888 --stp-hello-time 12345:12346 --stp-forward-delay 54321:65432 -j DROP
......@@ -50,7 +50,7 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --p
-i vnet0 -j libvirt-I-vnet0
#ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
-o vnet0 -j libvirt-O-vnet0
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
-p ARP -s 1:2:3:4:5:6 -j ACCEPT
-p ARP -s 1:2:3:4:5:6 -j DROP
-p ARP -s 1:2:3:4:5:6 -j DROP
......
......@@ -24,7 +24,7 @@
#ebtables -t nat -L O-vnet0-ipv4 | grep -v "^Bridge" | grep -v "^$"
-j ACCEPT
#ebtables -t nat -L I-vnet0-arp-mac | grep -v "^Bridge" | grep -v "^$"
-p ARP --arp-mac-src 52:54:0:9f:33:da -j RETURN
-p ARP --arp-mac-src 52:54:10:9f:33:da -j RETURN
-j DROP
#ebtables -t nat -L I-vnet0-arp-ip | grep -v "^Bridge" | grep -v "^$"
-p ARP --arp-ip-src 10.1.1.1 -j RETURN
......
#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-I-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
-p 802_1Q -s aa:bb:cc:dd:ee:ff -d 1:2:3:4:5:6 --vlan-id 291 -j CONTINUE
-p 802_1Q -s aa:bb:cc:dd:ee:ff -d 1:2:3:4:5:6 --vlan-id 1234 -j RETURN
-p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-encap 2054 -j DROP
-p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-encap 4660 -j ACCEPT
#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
#ebtables -t nat -L libvirt-O-vnet0 | sed s/01:02:03:04:05:06/1:2:3:4:5:6/g | grep -v "^Bridge" | grep -v "^$"
-p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 291 -j CONTINUE
-p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 1234 -j RETURN
-p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 291 -j DROP
......