Add libvirt network filter support to security-containers

[Feature]       libvirt network filters implementation
[Cause]         N/A
[Solution]      - It was assumed that network filters are defined per
                  container.
                - A new parameter networkFilterConfig has been added to
                  the container config file.
                - Unit test have been updated due to a new configuration
                  parameter in the container confg file.

                - "Network integration" tests for security-containers
                  have been implemented. The tests assume that
                  in the environment are two containers (Buisness and
                  Private). Both of them are mutually isolated and both
                  have the Internet access.

[Verification]  Build, install, run tests

Signed-off-by: Jacek Pielaszkiewicz <j.pielaszkie@samsung.com>
Change-Id: Ibc08d85c1a362119fb71d80f66184a5c67b5c721

diff --git a/common/libvirt/network-filter.cpp b/common/libvirt/network-filter.cpp
new file mode 100644 (file)
index 0000000..94fd96d
--- /dev/null
+++ b/common/libvirt/network-filter.cpp
@@ -0,0 +1,81 @@
+/*
+ *  Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Contact: Jan Olszak <j.olszak@samsung.com>
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+
+/**
+ * @file
+ * @author  Jan Olszak (j.olszak@samsung.com)
+ * @brief   Implementation of the class wrapping libvirt network
+ */
+
+#include "config.hpp"
+
+#include "logger/logger.hpp"
+#include "libvirt/network-filter.hpp"
+#include "libvirt/helpers.hpp"
+#include "libvirt/exception.hpp"
+
+
+namespace security_containers {
+namespace libvirt {
+
+LibvirtNWFilter::LibvirtNWFilter(const std::string& configXML)
+    : mCon(LIBVIRT_LXC_ADDRESS), mNetFilter(nullptr),
+      mDetachOnExit(false)
+{
+    mNetFilter = virNWFilterDefineXML(mCon.get(), configXML.c_str());
+
+    if (mNetFilter == nullptr) {
+        LOGE("Error while definig a network filter:\n"
+             << libvirtFormatError());
+        throw LibvirtOperationException();
+    }
+}
+
+LibvirtNWFilter::~LibvirtNWFilter()
+{
+    if (!mDetachOnExit)
+    {
+        if (virNWFilterUndefine(mNetFilter) < 0) {
+            LOGE("Error while undefining the network filter:\n"
+                 << libvirtFormatError());
+        }
+    }
+
+    if (virNWFilterFree(mNetFilter) < 0) {
+        LOGE("Error while destroying the network filter object:\n"
+             << libvirtFormatError());
+    }
+}
+
+void LibvirtNWFilter::setDetachOnExit()
+{
+    mDetachOnExit = true;
+}
+
+virNWFilterPtr LibvirtNWFilter::get()
+{
+    return mNetFilter;
+}
+
+LibvirtNWFilter::operator bool() const
+{
+    return mNetFilter != nullptr;
+}
+
+} // namespace libvirt
+} // namespace security_containers

diff --git a/common/libvirt/network-filter.hpp b/common/libvirt/network-filter.hpp
new file mode 100644 (file)
index 0000000..ad6d8c4
--- /dev/null
+++ b/common/libvirt/network-filter.hpp
@@ -0,0 +1,67 @@
+/*
+ *  Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Contact: Jan Olszak <j.olszak@samsung.com>
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+
+/**
+ * @file
+ * @author  Jan Olszak (j.olszak@samsung.com)
+ * @brief   Declaration of the class wrapping libvirt network
+ */
+
+#ifndef COMMON_LIBVIRT_NETWORK_FILTER_HPP
+#define COMMON_LIBVIRT_NETWORK_FILTER_HPP
+
+#include "libvirt/connection.hpp"
+
+#include <libvirt/libvirt.h>
+
+
+namespace security_containers {
+namespace libvirt {
+
+class LibvirtNWFilter {
+
+public:
+    LibvirtNWFilter(const std::string& configXML);
+    ~LibvirtNWFilter();
+
+    /**
+     * @return The libvirt network pointer
+     */
+    virNWFilterPtr get();
+
+    /**
+     * @return libvirt network pointer is not NULL
+     */
+    operator bool() const;
+
+    /**
+     * Set whether container should be detached on exit.
+     */
+    void setDetachOnExit();
+
+private:
+    LibvirtConnection mCon;
+    virNWFilterPtr mNetFilter;
+    bool mDetachOnExit;
+};
+
+} // namespace libvirt
+} // namespace security_containers
+
+
+#endif // COMMON_LIBVIRT_NETWORK_FILTER_HPP

diff --git a/common/libvirt/network.hpp b/common/libvirt/network.hpp
index 92a73da..26e3b0a 100644 (file)
--- a/common/libvirt/network.hpp
+++ b/common/libvirt/network.hpp
@@ -55,7 +55,6 @@ private:
     virNetworkPtr mNet;
 };
 
-
 } // namespace libvirt
 } // namespace security_containers
 

diff --git a/server/configs/containers/business.conf b/server/configs/containers/business.conf
index f16ccb4..1b711b4 100644 (file)
--- a/server/configs/containers/business.conf
+++ b/server/configs/containers/business.conf
@@ -5,6 +5,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/business.xml",
     "networkConfig" : "../libvirt-config/business-network.xml",
+    "networkFilterConfig" : "../libvirt-config/business-nwfilter.xml",
     "runMountPoint" : "business/run",
     "permittedToSend" : [ "/tmp/.*" ],
     "permittedToRecv" : [ "/tmp/.*" ]

diff --git a/server/configs/containers/private.conf b/server/configs/containers/private.conf
index cde88c3..a981caf 100644 (file)
--- a/server/configs/containers/private.conf
+++ b/server/configs/containers/private.conf
@@ -5,6 +5,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/private.xml",
     "networkConfig" : "../libvirt-config/private-network.xml",
+    "networkFilterConfig" : "../libvirt-config/private-nwfilter.xml",
     "runMountPoint" : "private/run",
     "permittedToSend" : [ "/tmp/.*" ],
     "permittedToRecv" : [ "/tmp/.*" ]

diff --git a/server/configs/libvirt-config/business-network.xml b/server/configs/libvirt-config/business-network.xml
index 1cc7eeb..beb5c80 100644 (file)
--- a/server/configs/libvirt-config/business-network.xml
+++ b/server/configs/libvirt-config/business-network.xml
@@ -3,9 +3,10 @@
     <uuid>cc0951f9-3397-4272-ae05-66c19229accf</uuid>
     <bridge name="virbr-business"/>
     <forward/>
-    <ip address="192.168.102.1" netmask="255.255.255.0">
+    <dns forwardPlainNames="yes"/>
+    <ip address="10.0.102.1" netmask="255.0.0.0">
         <dhcp>
-            <range start="192.168.102.2" end="192.168.102.254"/>
+            <range start="10.0.102.2" end="10.0.102.2"/>
         </dhcp>
     </ip>
 </network>

diff --git a/server/configs/libvirt-config/business-nwfilter.xml b/server/configs/libvirt-config/business-nwfilter.xml
new file mode 100644 (file)
index 0000000..ea7453e
--- /dev/null
+++ b/server/configs/libvirt-config/business-nwfilter.xml
@@ -0,0 +1,8 @@
+<filter name='business-nwfilter' chain='root'>
+    <rule action='reject' direction='in' priority='100'>
+        <ip srcipaddr='10.0.0.0' srcipmask='255.0.0.0'/>
+    </rule>
+    <rule action='reject' direction='out' priority='100'>
+        <ip dstipaddr='10.0.0.0' srcipmask='255.0.0.0'/>
+    </rule>
+</filter>

diff --git a/server/configs/libvirt-config/business.xml b/server/configs/libvirt-config/business.xml
index deaf000..c2539e9 100644 (file)
--- a/server/configs/libvirt-config/business.xml
+++ b/server/configs/libvirt-config/business.xml
@@ -99,6 +99,7 @@
 
     <interface type='network'>
       <source network='business'/>
+      <filterref filter='business-nwfilter'/>
     </interface>
     <filesystem type='mount'>
       <!-- TODO: this directory could be generated from .conf files-->

diff --git a/server/configs/libvirt-config/private-network.xml b/server/configs/libvirt-config/private-network.xml
index 76add2c..f917b52 100644 (file)
--- a/server/configs/libvirt-config/private-network.xml
+++ b/server/configs/libvirt-config/private-network.xml
@@ -3,9 +3,10 @@
     <uuid>5b25f83d-ccb6-45f0-9d5c-c05199c261bd</uuid>
     <bridge name="virbr-private"/>
     <forward/>
-    <ip address="192.168.101.1" netmask="255.255.255.0">
+    <dns forwardPlainNames="yes"/>
+    <ip address="10.0.101.1" netmask="255.0.0.0">
         <dhcp>
-            <range start="192.168.101.2" end="192.168.101.254"/>
+            <range start="10.0.101.2" end="10.0.101.2"/>
         </dhcp>
     </ip>
 </network>

diff --git a/server/configs/libvirt-config/private-nwfilter.xml b/server/configs/libvirt-config/private-nwfilter.xml
new file mode 100644 (file)
index 0000000..f3bd8ca
--- /dev/null
+++ b/server/configs/libvirt-config/private-nwfilter.xml
@@ -0,0 +1,8 @@
+<filter name='private-nwfilter' chain='root'>
+    <rule action='reject' direction='in' priority='100'>
+        <ip srcipaddr='10.0.0.0' srcipmask='255.0.0.0'/>
+    </rule>
+    <rule action='reject' direction='out' priority='100'>
+        <ip dstipaddr='10.0.0.0' srcipmask='255.0.0.0'/>
+    </rule>
+</filter>

diff --git a/server/configs/libvirt-config/private.xml b/server/configs/libvirt-config/private.xml
index 532cd76..d6ce465 100644 (file)
--- a/server/configs/libvirt-config/private.xml
+++ b/server/configs/libvirt-config/private.xml
@@ -99,6 +99,7 @@
 
     <interface type='network'>
       <source network='private'/>
+      <filterref filter='private-nwfilter'/>
     </interface>
     <filesystem type='mount'>
       <!-- TODO: this directory could be generated from .conf files-->

diff --git a/server/container-config.hpp b/server/container-config.hpp
index f5f202e..e679abb 100644 (file)
--- a/server/container-config.hpp
+++ b/server/container-config.hpp
@@ -60,6 +60,12 @@ struct ContainerConfig {
     std::string networkConfig;
 
     /**
+     *
+     * Container's libvirt (XML) network filter config file.
+     */
+    std::string networkFilterConfig;
+
+    /**
      * Container's CFS quota in us when it's in the foreground
      */
     std::int64_t cpuQuotaForeground;
@@ -92,6 +98,7 @@ struct ContainerConfig {
         switchToDefaultAfterTimeout,
         config,
         networkConfig,
+        networkFilterConfig,
         cpuQuotaForeground,
         cpuQuotaBackground,
         runMountPoint,

diff --git a/server/container.cpp b/server/container.cpp
index 6fcaf77..62b2c65 100644 (file)
--- a/server/container.cpp
+++ b/server/container.cpp
@@ -66,6 +66,8 @@ Container::Container(const std::string& containerConfigPath,
     const std::string baseConfigPath = utils::dirName(containerConfigPath);
     mConfig.config = fs::absolute(mConfig.config, baseConfigPath).string();
     mConfig.networkConfig = fs::absolute(mConfig.networkConfig, baseConfigPath).string();
+    mConfig.networkFilterConfig = fs::absolute(mConfig.networkFilterConfig,
+                                               baseConfigPath).string();
     if (!mConfig.runMountPoint.empty()) {
         mRunMountPoint = fs::absolute(mConfig.runMountPoint, baseRunMountPointPath).string();
     }

diff --git a/server/network-admin.cpp b/server/network-admin.cpp
index 763dec0..6553d62 100644 (file)
--- a/server/network-admin.cpp
+++ b/server/network-admin.cpp
@@ -57,6 +57,7 @@ std::string getNetworkName(virNetworkPtr net)
 
 NetworkAdmin::NetworkAdmin(const ContainerConfig& config)
     : mConfig(config),
+      mNWFilter(utils::readFileContent(mConfig.networkFilterConfig)),
       mNetwork(utils::readFileContent(mConfig.networkConfig)),
       mId(getNetworkName(mNetwork.get())),
       mDetachOnExit(false)
@@ -143,6 +144,7 @@ bool NetworkAdmin::isActive()
 void NetworkAdmin::setDetachOnExit()
 {
     mDetachOnExit = true;
+    mNWFilter.setDetachOnExit();
 }
 
 

diff --git a/server/network-admin.hpp b/server/network-admin.hpp
index 8ddb883..0ec3a74 100644 (file)
--- a/server/network-admin.hpp
+++ b/server/network-admin.hpp
@@ -28,6 +28,7 @@
 
 #include "container-config.hpp"
 
+#include "libvirt/network-filter.hpp"
 #include "libvirt/network.hpp"
 
 
@@ -69,6 +70,7 @@ public:
 
 private:
     const ContainerConfig& mConfig;
+    libvirt::LibvirtNWFilter mNWFilter;
     libvirt::LibvirtNetwork mNetwork;
     const std::string mId;
     bool mDetachOnExit;

diff --git a/tests/integration_tests/CMakeLists.txt b/tests/integration_tests/CMakeLists.txt
index 3f96c47..c0289c3 100644 (file)
--- a/tests/integration_tests/CMakeLists.txt
+++ b/tests/integration_tests/CMakeLists.txt
@@ -38,3 +38,4 @@ INSTALL(PROGRAMS ${main_SCRIPT} DESTINATION ${SCRIPT_INSTALL_DIR})
 ## Subdirectories ##############################################################
 ADD_SUBDIRECTORY(common)
 ADD_SUBDIRECTORY(image_tests)
+ADD_SUBDIRECTORY(network_tests)

diff --git a/tests/integration_tests/__init__.py b/tests/integration_tests/__init__.py
index 731d042..634cfe6 100644 (file)
--- a/tests/integration_tests/__init__.py
+++ b/tests/integration_tests/__init__.py
@@ -1,3 +1,4 @@
 __all__ = ["common",
+           "network_tests",
            "image_tests"
           ]

diff --git a/tests/integration_tests/network_tests/CMakeLists.txt b/tests/integration_tests/network_tests/CMakeLists.txt
new file mode 100644 (file)
index 0000000..374c8c1
--- /dev/null
+++ b/tests/integration_tests/network_tests/CMakeLists.txt
@@ -0,0 +1,26 @@
+#    Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+#
+# @file   CMakeLists.txt
+# @author Jacek Pielaszkiewicz (j.pielaszkie@samsung.com)
+#
+
+MESSAGE(STATUS "Including network tests to Integration Tests...")
+
+SET(TEST_NETWORK_DEST_DIR "${TEST_DEST_DIR}/network_tests")
+
+FILE(GLOB net_test_SCRIPTS *.py)
+
+INSTALL(FILES ${net_test_SCRIPTS} DESTINATION ${TEST_NETWORK_DEST_DIR})

diff --git a/tests/integration_tests/network_tests/__init__.py b/tests/integration_tests/network_tests/__init__.py
new file mode 100644 (file)
index 0000000..a41c5d7
--- /dev/null
+++ b/tests/integration_tests/network_tests/__init__.py
@@ -0,0 +1,4 @@
+__all__ = ["network_common",
+           "network_tests"
+          ]
+

diff --git a/tests/integration_tests/network_tests/network_common.py b/tests/integration_tests/network_tests/network_common.py
new file mode 100755 (executable)
index 0000000..2b64920
--- /dev/null
+++ b/tests/integration_tests/network_tests/network_common.py
@@ -0,0 +1,297 @@
+#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+# @file   network_common.py.in
+# @author Jacek Pielaszkiewicz (j.pielaszkie@samsung.com)
+#
+
+from sc_integration_tests.common import sc_test_utils
+import subprocess
+import string
+import sys
+import os
+
+# Debug command on/off
+DEBUG_COMMAND=False
+
+# Test urls
+TEST_URL_INTERNET=["www.samsung.com", "www.google.com", "www.oracle.com"]
+
+# Path to test container
+TEST_CONTAINER_PATH="/opt/usr/containers/private"
+
+# Device Ethernet device
+ETHERNET_DEVICE="usb0"
+ETHERNET_DEVICE_DETECT=False
+
+# Test containers
+CONTAINER_T1="business"
+CONTAINER_T2="private"
+
+containers=[CONTAINER_T1, CONTAINER_T2]
+
+# Null device
+OUTPUT_TO_NULL_DEVICE=" >/dev/null 2>&1 "
+
+# Ping timeout
+PING_TIME_OUT=3
+
+# The calss store test cases results
+class TestNetworkInfo:
+    testName = ""
+    testItemType = []
+    testItemName = []
+    testItemStatus = []
+    testItemResult = []
+    testItemDescription = []
+
+    def __init__(self, tn):
+        self.testName = tn
+
+# ----------------------------------------------------------
+# Functions print info/error/warning message
+#
+def LOG_INFO(arg):
+    print("[Info] " + arg)
+
+def LOG_ERROR(arg):
+    print("[Error] " + arg)
+
+def LOG_WARNING(arg):
+    print("[Warning] " + arg)
+
+def LOG_DEBUG(arg):
+    print("[Debug] " + arg)
+
+# ----------------------------------------------------------
+# The function tests mandatory user privileges
+#
+def test_run_user():
+    if(os.getegid() != 0 or os.geteuid() != 0):
+        return 1
+    return 0
+
+# ----------------------------------------------------------
+# The function runs os command
+#
+def runCommand(cmd, blockDebug=False):
+    null_device_str = OUTPUT_TO_NULL_DEVICE
+    if(DEBUG_COMMAND):
+        null_device_str = ""
+
+    run_cmd = "( " + cmd + " ) " + null_device_str
+
+    rc=0
+    try:
+        out=sc_test_utils.launchProc(run_cmd)
+    except Exception:
+        rc=1
+
+    if(DEBUG_COMMAND and not blockDebug):
+        LOG_DEBUG("[DEBUG CMD] RC = " + str(rc) + "; CMD = " + run_cmd)
+
+    return rc
+
+# ----------------------------------------------------------
+# The function runs os command and read output
+#
+def runCommandAndReadOutput(cmd):
+    proc=subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
+    while(True):
+        # Return code
+        rcode=proc.poll()
+
+        # Get line
+        ret=proc.stdout.readline()
+        ret=ret.translate(None, "\n")
+
+        # Ignore empty lines
+        if(ret != ""):
+            yield ret
+
+        # Test return code
+        if(rcode is not None):
+            break
+
+# ----------------------------------------------------------
+# The function checks whether test container image is present in system
+#
+def test_guest_image():
+    rc = runCommand("/usr/bin/chroot " + TEST_CONTAINER_PATH + " /bin/true")
+    if( rc != 0 ):
+        return 1
+    return 0
+
+# ----------------------------------------------------------
+# The functions gets active ethernet device
+#
+def getActiveEthernetDevice():
+    cmd=["/usr/sbin/ip -o link | /usr/bin/awk \' /ether/ { split( $2, list, \":\" ); print list[1] }\'"]
+    iter = runCommandAndReadOutput(cmd)
+    for val in iter:
+        ETHERNET_DEVICE=val
+
+    if(ETHERNET_DEVICE == ""):
+        return 1
+
+    return 0
+
+# ----------------------------------------------------------
+# The function checks whether mandatory tools are present in
+# the system
+#
+def test_mandatory_toos():
+
+    tools     =["/usr/bin/ping"]
+    root_tools=[TEST_CONTAINER_PATH]
+
+    for i in range(len(tools)):
+        rc = runCommand("/usr/bin/ls " + root_tools[i] + tools[i])
+        if( rc != 0 ):
+            if( root_tools[i] != "" ):
+                LOG_ERROR("No " + tools[i] + " command in guest")
+            else:
+                LOG_ERROR("No " + tools[i] + " command in host")
+            return 1
+    return 0
+
+def virshCmd(args):
+    return runCommand("/usr/bin/virsh -c lxc:/// " + args)
+
+# ----------------------------------------------------------
+# The function tests single test case result
+#
+def test_result(expected_result, result):
+    if((expected_result >= 0 and result == expected_result) or (expected_result < 0 and result != 0)):
+        return 0
+    return 1
+
+# ----------------------------------------------------------
+# The function performs single internet access test
+#
+def internetAccessTest(container):
+    count=0
+    for item in TEST_URL_INTERNET:
+        LOG_INFO("           Test for URL : " + item);
+        rc = virshCmd("lxc-enter-namespace " + container + \
+                    " --noseclabel -- /usr/bin/ping -c 3 -W " + \
+                    str(PING_TIME_OUT) + " " + item)
+        if(rc != 0):
+            count = count + 1
+
+    if(count != 0):
+        return 1
+
+    return 0;
+
+# ----------------------------------------------------------
+# The function performs single internet access test
+#
+def networkVisibiltyTest(container, dest_ip):
+    return virshCmd("lxc-enter-namespace " + container + \
+                    " --noseclabel -- /usr/bin/ping -c 3 -W " + \
+                    str(PING_TIME_OUT) + " " + dest_ip)
+
+def printInternetAccessTestStatus(container, testInfo1):
+
+    text = "          Internet access for container: " + container + \
+           "; TCS = " + testInfo1.testItemResult[len(testInfo1.testItemResult)-1]
+
+    if(testInfo1.testItemResult[len(testInfo1.testItemResult)-1] == "Success"):
+        LOG_INFO(text)
+    else:
+        LOG_ERROR(text)
+
+def networkVisibiltyTestStatus(src, dest, ip, testInfo2):
+
+    text = "          Container access: " + src + \
+          " -> " + dest + \
+          " [" + ip + "]" + \
+          "; TCS = " + testInfo2.testItemResult[len(testInfo2.testItemResult)-1]
+
+    if(testInfo2.testItemResult[len(testInfo2.testItemResult)-1] == "Success"):
+        LOG_INFO(text)
+    else:
+        LOG_ERROR(text)
+
+# ----------------------------------------------------------
+# The function performs test case for two containers - Business and Private.
+# Both containers are mutually isolated and have access to the Internet.
+#
+def twoNetworks():
+    ltestInfo = TestNetworkInfo("Two networks tests")
+
+    # 0. Test data
+    containers_list      = [CONTAINER_T1, CONTAINER_T2]
+    dest_containers_list = [CONTAINER_T2, CONTAINER_T1]
+    test_ip_list         = [["192.168.101.2"], ["192.168.102.2"]]
+    test_1_expected_res  = [ 0,  0]
+    test_2_expected_res  = [-1, -1]
+
+    # 1. Enable internet access for both networks
+    LOG_INFO("   - Setup device")
+
+    # 2. Internet access
+    LOG_INFO("   - Two containers environment network test case execution")
+    LOG_INFO("     - Internet access test")
+    for i in range(len(containers_list)):
+
+        # - Test case info
+        ltestInfo.testItemType.append("[Two nets] Internet access")
+        ltestInfo.testItemName.append(containers_list[i])
+        ltestInfo.testItemDescription.append("Internet access test for : " + containers_list[i])
+
+        # - Perform test
+        rc = internetAccessTest(containers_list[i])
+
+        # - Test status store
+        if(test_result(test_1_expected_res[i], rc) == 0):
+            ltestInfo.testItemStatus.append(0)
+            ltestInfo.testItemResult.append("Success")
+        else:
+            ltestInfo.testItemStatus.append(1)
+            ltestInfo.testItemResult.append("Error")
+
+        # - Print status
+        printInternetAccessTestStatus(containers_list[i], ltestInfo)
+
+    # 3. Mutual containers visibility
+    LOG_INFO("     - Containers isolation")
+    for i in range(len(containers_list)):
+        # Interate over destynation ips
+        dest_ips = test_ip_list[i]
+
+        for j in range(len(dest_ips)):
+            # - Test case info
+            ltestInfo.testItemType.append("[Two nets] Visibility")
+            ltestInfo.testItemName.append(containers_list[i] + "->" + dest_containers_list[i])
+            ltestInfo.testItemDescription.append("Container access for : " + containers_list[i])
+
+            # Perform test
+            rc = networkVisibiltyTest(containers_list[i], dest_ips[j])
+
+            # - Test status store
+            if(test_result(test_2_expected_res[i], rc) == 0):
+                ltestInfo.testItemStatus.append(0)
+                ltestInfo.testItemResult.append("Success")
+            else:
+                ltestInfo.testItemStatus.append(1)
+                ltestInfo.testItemResult.append("Error")
+
+            # - Print status
+            networkVisibiltyTestStatus(containers_list[i], dest_containers_list[i], dest_ips[j], ltestInfo)
+
+    LOG_INFO("   - Clean environment")
+
+    return ltestInfo

diff --git a/tests/integration_tests/network_tests/network_tests.py b/tests/integration_tests/network_tests/network_tests.py
new file mode 100644 (file)
index 0000000..bd118a2
--- /dev/null
+++ b/tests/integration_tests/network_tests/network_tests.py
@@ -0,0 +1,65 @@
+#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+# @file   network_tests.py
+# @author Jacek Pielaszkiewicz (j.pielaszkie@samsung.com)
+#
+
+'''! Module used to test network in containers
+
+@author: Jacek Pielaszkiewicz (j.pielaszkie@samsung.com)
+'''
+import unittest
+from sc_integration_tests.common import sc_test_utils
+from network_common import *
+
+class NetworkTestCase(unittest.TestCase):
+    '''! Test case to check network configuration
+    '''
+    def setUp(self):
+        # Function setup host machine to perform tests
+        #
+        # 1. Check user permisions
+        if(test_run_user() == 1):
+            self.assertTrue(False, "ROOT user is required to run the test")
+            return
+
+        # 2. Test container images
+        if(test_guest_image() == 1):
+            self.assertTrue(False, "No test container in path :" + TEST_CONTAINER_PATH)
+            return
+
+        # 3. Test mandatory tools
+        if(test_mandatory_toos() == 1):
+            self.assertTrue(False, "No mandatory tools on host or in guest")
+            return
+
+        # 4. Ethernet device obtaning
+        if(ETHERNET_DEVICE_DETECT and getActiveEthernetDevice() == 1):
+            self.assertTrue(False, "Cannot obtain ethernet device")
+            return
+
+    def test_01twoNetworks(self):
+        '''! Checks networks configuration
+        '''
+        print("\n")
+        ret=twoNetworks()
+        for item in ret.testItemStatus:
+           self.assertTrue(item == 0)
+
+def main():
+    unittest.main(verbosity=2)
+
+if __name__ == "__main__":
+    main()

diff --git a/tests/integration_tests/sc_int_tests.py b/tests/integration_tests/sc_int_tests.py
index 42e2812..60d1ed3 100644 (file)
--- a/tests/integration_tests/sc_int_tests.py
+++ b/tests/integration_tests/sc_int_tests.py
@@ -5,12 +5,14 @@
 Security-containers integration tests launcher. Launches all integration tests.
 '''
 import unittest
+from sc_integration_tests.network_tests import *
 
 from sc_integration_tests.image_tests import *
 
 # add tests here...
 test_groups = [
-               image_tests
+               image_tests,
+               network_tests
               ]
 
 

diff --git a/tests/unit_tests/libvirt/network.cpp b/tests/unit_tests/libvirt/network.cpp
index 09adcc8..b158ecd 100644 (file)
--- a/tests/unit_tests/libvirt/network.cpp
+++ b/tests/unit_tests/libvirt/network.cpp
@@ -26,6 +26,7 @@
 #include "config.hpp"
 #include "ut.hpp"
 
+#include "libvirt/network-filter.hpp"
 #include "libvirt/network.hpp"
 #include "libvirt/exception.hpp"
 
@@ -56,12 +57,27 @@ const std::string CORRECT_CONFIG_XML =  "<network>"
                                         "   </ip>"
                                         "</network>";
 
+const std::string CORRECT_CONFIG_FILTER_XML = "<filter name='test-nwfilter' chain='root'>"
+                                              "    <rule action='reject' direction='in' priority='100'>"
+                                              "        <ip srcipaddr='192.168.121.0' srcipmask='255.255.255.0'/>"
+                                              "    </rule>"
+                                              "    <rule action='reject' direction='out' priority='100'>"
+                                              "        <ip dstipaddr='192.168.121.0' srcipmask='255.255.255.0'/>"
+                                              "    </rule>"
+                                              "</filter>";
+
 const std::string BUGGY_CONFIG_XML = "<><TRASH>";
 
+const std::string BUGGY_CONFIG_FILTER_XML = "<><TRASH";
+
 } // namespace
 
 BOOST_AUTO_TEST_CASE(ConstructorDestructorTest)
 {
+    std::unique_ptr<LibvirtNWFilter> nwFilterPtr;
+    BOOST_REQUIRE_NO_THROW(nwFilterPtr.reset(new LibvirtNWFilter(CORRECT_CONFIG_FILTER_XML)));
+    BOOST_REQUIRE_NO_THROW(nwFilterPtr.reset());
+
     std::unique_ptr<LibvirtNetwork> netPtr;
     BOOST_REQUIRE_NO_THROW(netPtr.reset(new LibvirtNetwork(CORRECT_CONFIG_XML)));
     BOOST_REQUIRE_NO_THROW(netPtr.reset());
@@ -69,17 +85,24 @@ BOOST_AUTO_TEST_CASE(ConstructorDestructorTest)
 
 BOOST_AUTO_TEST_CASE(BuggyConfigTest)
 {
+    BOOST_REQUIRE_THROW(LibvirtNWFilter filter(BUGGY_CONFIG_FILTER_XML), LibvirtOperationException);
     BOOST_REQUIRE_THROW(LibvirtNetwork net(BUGGY_CONFIG_XML), LibvirtOperationException);
 }
 
 BOOST_AUTO_TEST_CASE(DefinitionTest)
 {
+    LibvirtNWFilter filter(CORRECT_CONFIG_FILTER_XML);
+    BOOST_CHECK(filter.get() != NULL);
+
     LibvirtNetwork net(CORRECT_CONFIG_XML);
     BOOST_CHECK(net.get() != NULL);
 }
 
 BOOST_AUTO_TEST_CASE(BoolTest)
 {
+    LibvirtNWFilter filter(CORRECT_CONFIG_FILTER_XML);
+    BOOST_CHECK(filter);
+
     LibvirtNetwork net(CORRECT_CONFIG_XML);
     BOOST_CHECK(net);
 }

diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in
index 341052b..9ebef78 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in
+++ b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/buggy.xml",
     "networkConfig" : "",
+    "networkFilterConfig" : "",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf
index 7ac04e9..1943228 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf
+++ b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "/this/is/a/missing/file/path/missing.xml",
     "networkConfig" : "",
+    "networkFilterConfig" : "",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in
index 8f4da35..2360ac6 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in
+++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test-no-shutdown.xml",
     "networkConfig" : "",
+    "networkFilterConfig" : "",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in
index badc3da..52da12a 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in
+++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test.xml",
     "networkConfig" : "",
+    "networkFilterConfig" : "",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf
index 0dc866a..5f59a89 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf
+++ b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "/missing/file/path/libvirt.xml",
     "networkConfig" : "../libvirt-config/network.xml",
+    "networkFilterConfig" : "../libvirt-config/network-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf
index bf35f07..f646f80 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf
+++ b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/test-dbus.xml",
     "networkConfig" : "../libvirt-config/network.xml",
+    "networkFilterConfig" : "../libvirt-config/network-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "/tmp/ut-container",

diff --git a/tests/unit_tests/server/configs/ut-container/containers/test.conf b/tests/unit_tests/server/configs/ut-container/containers/test.conf
index dc81e44..cfd08c4 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container/containers/test.conf
+++ b/tests/unit_tests/server/configs/ut-container/containers/test.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/test.xml",
     "networkConfig" : "../libvirt-config/network.xml",
+    "networkFilterConfig" : "../libvirt-config/network-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml
new file mode 100644 (file)
index 0000000..fa1490e
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml
@@ -0,0 +1,4 @@
+<filter name='test_network_filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0008</uuid>
+</filter>
+

diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in b/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in
index 555a9c6..d927f11 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in
+++ b/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in
@@ -16,6 +16,7 @@
         </filesystem>
         <interface type='network'>
             <source network='test_network'/>
+            <filterref filter='test_network_filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml
index 4205758..a6bab81 100644 (file)
--- a/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml
+++ b/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test_network'/>
+            <filterref filter='test_network_filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf
index ef49f19..af3380b 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf
+++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/console1-dbus.xml",
     "networkConfig" : "../libvirt-config/network1.xml",
+    "networkFilterConfig" : "../libvirt-config/network1-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "/tmp/ut-containers-manager/console1-dbus",

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf
index b26e02e..e7bcf3f 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf
+++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/console1.xml",
     "networkConfig" : "../libvirt-config/network1.xml",
+    "networkFilterConfig" : "../libvirt-config/network1-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf
index 76c5e49..0db0a8a 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf
+++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : false,
     "config" : "../libvirt-config/console2-dbus.xml",
     "networkConfig" : "../libvirt-config/network2.xml",
+    "networkFilterConfig" : "../libvirt-config/network2-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "/tmp/ut-containers-manager/console2-dbus",

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf
index f609a85..9e0b7c5 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf
+++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/console2.xml",
     "networkConfig" : "../libvirt-config/network2.xml",
+    "networkFilterConfig" : "../libvirt-config/network2-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf
index 592cbfa..14a8a60 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf
+++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/console3-dbus.xml",
     "networkConfig" : "../libvirt-config/network3.xml",
+    "networkFilterConfig" : "../libvirt-config/network3-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "/tmp/ut-containers-manager/console3-dbus",

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf
index e249df7..6ace25e 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf
+++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/console3.xml",
     "networkConfig" : "../libvirt-config/network3.xml",
+    "networkFilterConfig" : "../libvirt-config/network3-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml
index 9ca7f5e..81ded84 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml
+++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test-network-1'/>
+            <filterref filter='test-network-1-filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml
index ca8400a..90abf67 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml
+++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test-network-2'/>
+            <filterref filter='test-network-2-filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml
index d3224ff..3c08bb2 100644 (file)
--- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml
+++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test-network-3'/>
+            <filterref filter='test-network-3-filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml
new file mode 100644 (file)
index 0000000..df0befd
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml
@@ -0,0 +1,3 @@
+<filter name='test-network-1-filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0003</uuid>
+</filter>

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml
new file mode 100644 (file)
index 0000000..68d7dab
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml
@@ -0,0 +1,3 @@
+<filter name='test-network-2-filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0002</uuid>
+</filter>

diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml
new file mode 100644 (file)
index 0000000..5e44805
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml
@@ -0,0 +1,3 @@
+<filter name='test-network-3-filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0004</uuid>
+</filter>

diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in
index 2b88e29..48d0ef8 100644 (file)
--- a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in
+++ b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "",
     "networkConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/buggy-network.xml",
+    "networkFilterConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/buggy-network-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf
index ca580a1..b60814d 100644 (file)
--- a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf
+++ b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "",
     "networkConfig" : "",
+    "networkFilterConfig" : "",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in
index 547c6cd..1dce4ea 100644 (file)
--- a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in
+++ b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "",
     "networkConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/network.xml",
+    "networkFilterConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/network-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml
new file mode 100644 (file)
index 0000000..de0f81e
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml
@@ -0,0 +1 @@
+<><TRASHXML>

diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml
new file mode 100644 (file)
index 0000000..658c129
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml
@@ -0,0 +1,4 @@
+<filter name='test_network_filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0001</uuid>
+</filter>
+

diff --git a/tests/unit_tests/server/configs/ut-server/containers/container1.conf b/tests/unit_tests/server/configs/ut-server/containers/container1.conf
index f93690a..b0f523f 100644 (file)
--- a/tests/unit_tests/server/configs/ut-server/containers/container1.conf
+++ b/tests/unit_tests/server/configs/ut-server/containers/container1.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/container1.xml",
     "networkConfig" : "../libvirt-config/network1.xml",
+    "networkFilterConfig" : "../libvirt-config/network1-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-server/containers/container2.conf b/tests/unit_tests/server/configs/ut-server/containers/container2.conf
index f519018..8a1fde1 100644 (file)
--- a/tests/unit_tests/server/configs/ut-server/containers/container2.conf
+++ b/tests/unit_tests/server/configs/ut-server/containers/container2.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/container2.xml",
     "networkConfig" : "../libvirt-config/network2.xml",
+    "networkFilterConfig" : "../libvirt-config/network2-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-server/containers/container3.conf b/tests/unit_tests/server/configs/ut-server/containers/container3.conf
index 3c5989e..be23c63 100644 (file)
--- a/tests/unit_tests/server/configs/ut-server/containers/container3.conf
+++ b/tests/unit_tests/server/configs/ut-server/containers/container3.conf
@@ -3,6 +3,7 @@
     "switchToDefaultAfterTimeout" : true,
     "config" : "../libvirt-config/container3.xml",
     "networkConfig" : "../libvirt-config/network3.xml",
+    "networkFilterConfig" : "../libvirt-config/network3-filter.xml",
     "cpuQuotaForeground" : -1,
     "cpuQuotaBackground" : 1000,
     "runMountPoint" : "",

diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml
index 8571df7..913168b 100644 (file)
--- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml
+++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test-network-1'/>
+            <filterref filter='test-network-1-filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml
index 23f7a76..904765e 100644 (file)
--- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml
+++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test-network-2'/>
+            <filterref filter='test-network-2-filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml
index 59ea557..569c592 100644 (file)
--- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml
+++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml
@@ -12,6 +12,7 @@
         <console type="pty"/>
         <interface type='network'>
             <source network='test-network-3'/>
+            <filterref filter='test-network-3-filter'/>
         </interface>
     </devices>
 </domain>

diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml
new file mode 100644 (file)
index 0000000..b1dc861
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml
@@ -0,0 +1,3 @@
+<filter name='test-network-1-filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0006</uuid>
+</filter>

diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml
new file mode 100644 (file)
index 0000000..45911ce
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml
@@ -0,0 +1,3 @@
+<filter name='test-network-2-filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0005</uuid>
+</filter>

diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml
new file mode 100644 (file)
index 0000000..84416fb
--- /dev/null
+++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml
@@ -0,0 +1,3 @@
+<filter name='test-network-3-filter' chain='root'>
+    <uuid>37ec6a98-a8f2-4033-8146-a71deb1f0007</uuid>
+</filter>