From patchwork Fri Jul 1 15:58:32 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lucas Meneghel Rodrigues X-Patchwork-Id: 936472 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p61FwmVI003149 for ; Fri, 1 Jul 2011 15:58:48 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755632Ab1GAP6q (ORCPT ); Fri, 1 Jul 2011 11:58:46 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42269 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752863Ab1GAP6p (ORCPT ); Fri, 1 Jul 2011 11:58:45 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p61Fwi2K031028 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 1 Jul 2011 11:58:44 -0400 Received: from freedom.redhat.com (vpn-11-206.rdu.redhat.com [10.11.11.206]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p61Fwfjl021859; Fri, 1 Jul 2011 11:58:43 -0400 From: Lucas Meneghel Rodrigues To: autotest@test.kernel.org Cc: kvm@vger.kernel.org, Lucas Meneghel Rodrigues Subject: [PATCH] virt: Add more flexible way to specify comm ports host -> guest Date: Fri, 1 Jul 2011 12:58:32 -0300 Message-Id: <1309535912-4084-1-git-send-email-lmr@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Fri, 01 Jul 2011 15:58:48 +0000 (UTC) When running the virt guest windows tests using the (now default) autotest private bridge, noticed that some ports needed for host and guest communication weren't specified. So, add a config file knob to allow people to specify additional ports to be added to the default firewall configuration. The config tracks some important ports used on tests, such as the remote shell ports and remote shell file transfer ports. Signed-off-by: Lucas Meneghel Rodrigues --- client/tests/kvm/tests_base.cfg.sample | 3 ++ client/virt/virt_test_setup.py | 47 +++++++++++++++++++++---------- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/client/tests/kvm/tests_base.cfg.sample b/client/tests/kvm/tests_base.cfg.sample index 5313da1..1a86265 100644 --- a/client/tests/kvm/tests_base.cfg.sample +++ b/client/tests/kvm/tests_base.cfg.sample @@ -64,6 +64,9 @@ bridge = private # be a specific bridge # name, such as 'virbr0' #bridge = virbr0 +# If you need more ports to be available for comm between host and guest, +# please add them here +priv_bridge_ports = 53 67 run_tcpdump = yes # Misc diff --git a/client/virt/virt_test_setup.py b/client/virt/virt_test_setup.py index 6e2d477..1539cac 100644 --- a/client/virt/virt_test_setup.py +++ b/client/virt/virt_test_setup.py @@ -308,21 +308,38 @@ class PrivateBridgeConfig(object): self.subnet = params.get("priv_subnet", '192.168.58') self.ip_version = params.get("bridge_ip_version", "ipv4") self.dhcp_server_pid = None - self.iptables_rules = [ - "INPUT 1 -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.brname, - "INPUT 2 -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.brname, - "INPUT 3 -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.brname, - "INPUT 4 -i %s -p tcp -m tcp --dport 67 -j ACCEPT" % self.brname, - "INPUT 5 -i %s -p tcp -m tcp --dport 12323 -j ACCEPT" % self.brname, - "FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT", - "FORWARD 2 -d %s.0/24 -o %s -m state --state RELATED,ESTABLISHED " - "-j ACCEPT" % (self.subnet, self.brname), - "FORWARD 3 -s %s.0/24 -i %s -j ACCEPT" % (self.subnet, self.brname), - "FORWARD 4 -i %s -o %s -j ACCEPT" % (self.brname, self.brname), - ("FORWARD 5 -o %s -j REJECT --reject-with icmp-port-unreachable" % - self.brname), - ("FORWARD 6 -i %s -j REJECT --reject-with icmp-port-unreachable" % - self.brname)] + ports = params.get("priv_bridge_ports", '53 67').split() + s_port = params.get("guest_port_remote_shell", "10022") + if s_port not in ports: + ports.append(s_port) + ft_port = params.get("guest_port_file_transfer", "10023") + if ft_port not in ports: + ports.append(ft_port) + u_port = params.get("guest_port_unattended_install", "13323") + if u_port not in ports: + ports.append(u_port) + self.iptables_rules = self._assemble_iptables_rules(ports) + + + def _assemble_iptables_rules(self, port_list): + rules = [] + index = 0 + for port in port_list: + index += 1 + rules.append("INPUT %s -i %s -p tcp -m tcp --dport %s -j ACCEPT" % + (index, self.brname, port)) + index += 1 + rules.append("INPUT %s -i %s -p udp -m udp --dport %s -j ACCEPT" % + (index, self.brname, port)) + rules.append("FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT") + rules.append("FORWARD 2 -d %s.0/24 -o %s -m state " + "--state RELATED,ESTABLISHED -j ACCEPT" % + (self.subnet, self.brname)) + rules.append("FORWARD 3 -s %s.0/24 -i %s -j ACCEPT" % + (self.subnet, self.brname)) + rules.append("FORWARD 4 -i %s -o %s -j ACCEPT" % + (self.brname, self.brname)) + return rules def _add_bridge(self):