diff --git a/tests/Makefile.am b/tests/Makefile.am
index 19c1efcabf..bda3632742 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -91,6 +91,7 @@ EXTRA_DIST = \
networkxml2confdata \
networkxml2xmlupdatein \
networkxml2xmlupdateout \
+ networkxml2firewalldata \
nodedevschemadata \
nodedevschematest \
nodeinfodata \
@@ -253,10 +254,16 @@ if WITH_YAJL
test_programs += jsontest
endif WITH_YAJL
-test_programs += networkxml2xmltest networkxml2xmlupdatetest
+test_programs += \
+ networkxml2xmltest \
+ networkxml2xmlupdatetest \
+ $(NULL)
if WITH_NETWORK
-test_programs += networkxml2conftest
+test_programs += \
+ networkxml2conftest \
+ networkxml2firewalltest \
+ $(NULL)
endif WITH_NETWORK
if WITH_STORAGE_SHEEPDOG
@@ -664,6 +671,12 @@ networkxml2conftest_SOURCES = \
networkxml2conftest.c \
testutils.c testutils.h
networkxml2conftest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS)
+
+networkxml2firewalltest_SOURCES = \
+ networkxml2firewalltest.c \
+ testutils.c testutils.h
+networkxml2firewalltest_LDADD = ../src/libvirt_driver_network_impl.la $(LDADDS)
+
else ! WITH_NETWORK
EXTRA_DIST += networkxml2conftest.c
endif ! WITH_NETWORK
diff --git a/tests/networkxml2firewalldata/nat-default-linux.args b/tests/networkxml2firewalldata/nat-default-linux.args
new file mode 100644
index 0000000000..b92a84528f
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-default-linux.args
@@ -0,0 +1,30 @@
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
diff --git a/tests/networkxml2firewalldata/nat-default.xml b/tests/networkxml2firewalldata/nat-default.xml
new file mode 100644
index 0000000000..d7241d0c16
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-default.xml
@@ -0,0 +1,10 @@
+
+ default
+
+
+
+
+
+
+
+
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.args b/tests/networkxml2firewalldata/nat-ipv6-linux.args
new file mode 100644
index 0000000000..2fae0db542
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.args
@@ -0,0 +1,44 @@
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 547 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \
+--in-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
diff --git a/tests/networkxml2firewalldata/nat-ipv6.xml b/tests/networkxml2firewalldata/nat-ipv6.xml
new file mode 100644
index 0000000000..337e71de20
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-ipv6.xml
@@ -0,0 +1,15 @@
+
+ default
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.args b/tests/networkxml2firewalldata/nat-many-ips-linux.args
new file mode 100644
index 0000000000..8e8923dadf
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.args
@@ -0,0 +1,58 @@
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table filter --insert FORWARD --source 192.168.128.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.128.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 '!' \
+--destination 192.168.128.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+-p udp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+-p tcp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table filter --insert FORWARD --source 192.168.150.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.150.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 '!' \
+--destination 192.168.150.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+-p udp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+-p tcp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
diff --git a/tests/networkxml2firewalldata/nat-many-ips.xml b/tests/networkxml2firewalldata/nat-many-ips.xml
new file mode 100644
index 0000000000..0c8dcff30d
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-many-ips.xml
@@ -0,0 +1,12 @@
+
+ default
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.args b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
new file mode 100644
index 0000000000..e6635f0ad7
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
@@ -0,0 +1,42 @@
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ip6tables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+ip6tables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 547 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+ip6tables --table filter --insert FORWARD --source 2001:db8:ca2:2::/64 \
+--in-interface virbr0 --jump ACCEPT
+ip6tables --table filter --insert FORWARD --destination 2001:db8:ca2:2::/64 \
+--out-interface virbr0 --jump ACCEPT
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp.xml b/tests/networkxml2firewalldata/nat-no-dhcp.xml
new file mode 100644
index 0000000000..0bccd1da48
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-no-dhcp.xml
@@ -0,0 +1,7 @@
+
+ default
+
+
+
+
+
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.args b/tests/networkxml2firewalldata/nat-tftp-linux.args
new file mode 100644
index 0000000000..2eac1e0668
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.args
@@ -0,0 +1,32 @@
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 69 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
+--destination 192.168.122.0/24 --jump MASQUERADE
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 255.255.255.255/32 --jump RETURN
+iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
+--destination 224.0.0.0/24 --jump RETURN
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
diff --git a/tests/networkxml2firewalldata/nat-tftp.xml b/tests/networkxml2firewalldata/nat-tftp.xml
new file mode 100644
index 0000000000..17e8e0a4a1
--- /dev/null
+++ b/tests/networkxml2firewalldata/nat-tftp.xml
@@ -0,0 +1,11 @@
+
+ default
+
+
+
+
+
+
+
+
+
diff --git a/tests/networkxml2firewalldata/route-default-linux.args b/tests/networkxml2firewalldata/route-default-linux.args
new file mode 100644
index 0000000000..2ebef08fe2
--- /dev/null
+++ b/tests/networkxml2firewalldata/route-default-linux.args
@@ -0,0 +1,20 @@
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 67 --jump ACCEPT
+iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
+--destination-port 68 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
+--destination-port 53 --jump ACCEPT
+iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+iptables --table filter --insert FORWARD --in-interface virbr0 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
+--in-interface virbr0 --jump ACCEPT
+iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
+--out-interface virbr0 --jump ACCEPT
+iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
+--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
diff --git a/tests/networkxml2firewalldata/route-default.xml b/tests/networkxml2firewalldata/route-default.xml
new file mode 100644
index 0000000000..3bc7bb98fa
--- /dev/null
+++ b/tests/networkxml2firewalldata/route-default.xml
@@ -0,0 +1,10 @@
+
+ default
+
+
+
+
+
+
+
+
diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c
new file mode 100644
index 0000000000..9255e0149c
--- /dev/null
+++ b/tests/networkxml2firewalltest.c
@@ -0,0 +1,163 @@
+/*
+ * networkxml2firewalltest.c: Test iptables rule generation
+ *
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * .
+ *
+ */
+
+#include
+
+#if defined (__linux__)
+
+# include "testutils.h"
+# include "network/bridge_driver_platform.h"
+# include "virbuffer.h"
+
+# define __VIR_FIREWALL_PRIV_H_ALLOW__
+# include "virfirewallpriv.h"
+
+# define __VIR_COMMAND_PRIV_H_ALLOW__
+# include "vircommandpriv.h"
+
+# define VIR_FROM_THIS VIR_FROM_NONE
+
+static const char *abs_top_srcdir;
+
+# ifdef __linux__
+# define RULESTYPE "linux"
+# else
+# error "test case not ported to this platform"
+# endif
+
+static int testCompareXMLToArgvFiles(const char *xml,
+ const char *cmdline)
+{
+ char *expectargv = NULL;
+ int len;
+ char *actualargv = NULL;
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ virNetworkDefPtr def = NULL;
+ int ret = -1;
+
+ virCommandSetDryRun(&buf, NULL, NULL);
+
+ if (!(def = virNetworkDefParseFile(xml)))
+ goto cleanup;
+
+ if (networkAddFirewallRules(def) < 0)
+ goto cleanup;
+
+ if (virBufferError(&buf))
+ goto cleanup;
+
+ actualargv = virBufferContentAndReset(&buf);
+ virtTestClearCommandPath(actualargv);
+ virCommandSetDryRun(NULL, NULL, NULL);
+
+ len = virtTestLoadFile(cmdline, &expectargv);
+ if (len < 0)
+ goto cleanup;
+
+ if (STRNEQ(expectargv, actualargv)) {
+ virtTestDifference(stderr, expectargv, actualargv);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ virBufferFreeAndReset(&buf);
+ VIR_FREE(expectargv);
+ VIR_FREE(actualargv);
+ virNetworkDefFree(def);
+ return ret;
+}
+
+struct testInfo {
+ const char *name;
+};
+
+
+static int
+testCompareXMLToIPTablesHelper(const void *data)
+{
+ int result = -1;
+ const struct testInfo *info = data;
+ char *xml = NULL;
+ char *args = NULL;
+
+ if (virAsprintf(&xml, "%s/networkxml2firewalldata/%s.xml",
+ abs_srcdir, info->name) < 0 ||
+ virAsprintf(&args, "%s/networkxml2firewalldata/%s-%s.args",
+ abs_srcdir, info->name, RULESTYPE) < 0)
+ goto cleanup;
+
+ result = testCompareXMLToArgvFiles(xml, args);
+
+ cleanup:
+ VIR_FREE(xml);
+ VIR_FREE(args);
+ return result;
+}
+
+
+static int
+mymain(void)
+{
+ int ret = 0;
+
+ abs_top_srcdir = getenv("abs_top_srcdir");
+ if (!abs_top_srcdir)
+ abs_top_srcdir = abs_srcdir "/..";
+
+# define DO_TEST(name) \
+ do { \
+ static struct testInfo info = { \
+ name, \
+ }; \
+ if (virtTestRun("Network XML-2-iptables " name, \
+ testCompareXMLToIPTablesHelper, &info) < 0) \
+ ret = -1; \
+ } while (0)
+
+ if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ DO_TEST("nat-default");
+ DO_TEST("nat-tftp");
+ DO_TEST("nat-many-ips");
+ DO_TEST("nat-no-dhcp");
+ DO_TEST("nat-ipv6");
+ DO_TEST("route-default");
+ DO_TEST("route-default");
+
+ cleanup:
+ return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+VIRT_TEST_MAIN(mymain)
+
+#else /* ! defined (__linux__) */
+
+int main(void)
+{
+ return EXIT_AM_SKIP;
+}
+
+#endif /* ! defined (__linux__) */
diff --git a/tests/testutils.c b/tests/testutils.c
index feda22bd00..dbe4773f14 100644
--- a/tests/testutils.c
+++ b/tests/testutils.c
@@ -855,6 +855,57 @@ int virtTestClearLineRegex(const char *pattern,
}
+/*
+ * @cmdset contains a list of command line args, eg
+ *
+ * "/usr/sbin/iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT
+ * /usr/sbin/iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT
+ * /usr/sbin/iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ * /usr/sbin/iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ * /usr/sbin/iptables --table filter --insert FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT"
+ *
+ * And we're munging it in-place to strip the path component
+ * of the command line, to produce
+ *
+ * "iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT
+ * iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT
+ * iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
+ * iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
+ * iptables --table filter --insert FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT"
+ */
+void virtTestClearCommandPath(char *cmdset)
+{
+ size_t offset = 0;
+ char *lineStart = cmdset;
+ char *lineEnd = strchr(lineStart, '\n');
+
+ while (lineStart) {
+ char *dirsep;
+ char *movestart;
+ size_t movelen;
+ dirsep = strchr(lineStart, ' ');
+ if (dirsep) {
+ while (dirsep > lineStart && *dirsep != '/')
+ dirsep--;
+ if (*dirsep == '/')
+ dirsep++;
+ movestart = dirsep;
+ } else {
+ movestart = lineStart;
+ }
+ movelen = lineEnd ? lineEnd - movestart : strlen(movestart);
+
+ if (movelen) {
+ memmove(cmdset + offset, movestart, movelen + 1);
+ offset += movelen + 1;
+ }
+ lineStart = lineEnd ? lineEnd + 1 : NULL;
+ lineEnd = lineStart ? strchr(lineStart, '\n') : NULL;
+ }
+ cmdset[offset] = '\0';
+}
+
+
virCapsPtr virTestGenericCapsInit(void)
{
virCapsPtr caps;
diff --git a/tests/testutils.h b/tests/testutils.h
index e89492bf62..ad28ea78c0 100644
--- a/tests/testutils.h
+++ b/tests/testutils.h
@@ -59,6 +59,8 @@ int virtTestCaptureProgramOutput(const char *const argv[], char **buf, int maxle
int virtTestClearLineRegex(const char *pattern,
char *string);
+void virtTestClearCommandPath(char *cmdset);
+
int virtTestDifference(FILE *stream,
const char *expect,
const char *actual);