tests: xml: add realistic XML tests files

This patch refresh current XML testfiles with some realworld
expressions extracted from rules. The nft instruction itself is added
as a comment for future references.

All XMl files are now indented with tabs instead of spaces. Also, a
bunch of new realworld rules with mixed expressions are added.

I used this command to get the XML formatted with tabs:

$ export XMLLINT_INDENT=$'\t'
$ xmllint --format file.xml

The xmllint tool is included in the libxml2-utils package (at least on
debian systems).

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 122 insertions, 0 deletions

diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml
new file mode 100644
index 0000000..249160e
--- /dev/null
+++ b/tests/xmlfiles/39-rule-real.xml
@@ -0,0 +1,122 @@
+<rule family="ip6" table="filter" chain="test" handle="31" version="0">
+	<rule_flags>0</rule_flags>
+	<expr type="meta">
+		<dreg>1</dreg>
+		<key>iifname</key>
+	</expr>
+	<expr type="cmp">
+		<sreg>1</sreg>
+		<op>eq</op>
+		<cmpdata>
+			<data_reg type="value">
+				<len>16</len>
+				<data0>0x00000000</data0>
+				<data1>0x00000000</data1>
+				<data2>0x6f620000</data2>
+				<data3>0x0030646e</data3>
+			</data_reg>
+		</cmpdata>
+	</expr>
+	<expr type="meta">
+		<dreg>1</dreg>
+		<key>oifname</key>
+	</expr>
+	<expr type="cmp">
+		<sreg>1</sreg>
+		<op>eq</op>
+		<cmpdata>
+			<data_reg type="value">
+				<len>16</len>
+				<data0>0x00000000</data0>
+				<data1>0x62000000</data1>
+				<data2>0x31646e6f</data2>
+				<data3>0x0037322e</data3>
+			</data_reg>
+		</cmpdata>
+	</expr>
+	<expr type="payload">
+		<dreg>1</dreg>
+		<offset>8</offset>
+		<len>16</len>
+		<base>network</base>
+	</expr>
+	<expr type="cmp">
+		<sreg>1</sreg>
+		<op>eq</op>
+		<cmpdata>
+			<data_reg type="value">
+				<len>16</len>
+				<data0>0xc09a002a</data0>
+				<data1>0x2700cac1</data1>
+				<data2>0x00000000</data2>
+				<data3>0x50010000</data3>
+			</data_reg>
+		</cmpdata>
+	</expr>
+	<expr type="payload">
+		<dreg>1</dreg>
+		<offset>6</offset>
+		<len>1</len>
+		<base>network</base>
+	</expr>
+	<expr type="cmp">
+		<sreg>1</sreg>
+		<op>eq</op>
+		<cmpdata>
+			<data_reg type="value">
+				<len>1</len>
+				<data0>0x00000011</data0>
+			</data_reg>
+		</cmpdata>
+	</expr>
+	<expr type="payload">
+		<dreg>1</dreg>
+		<offset>2</offset>
+		<len>2</len>
+		<base>transport</base>
+	</expr>
+	<expr type="cmp">
+		<sreg>1</sreg>
+		<op>eq</op>
+		<cmpdata>
+			<data_reg type="value">
+				<len>2</len>
+				<data0>0x00003500</data0>
+			</data_reg>
+		</cmpdata>
+	</expr>
+	<expr type="ct">
+		<dreg>1</dreg>
+		<key>status</key>
+		<dir>0</dir>
+	</expr>
+	<expr type="cmp">
+		<sreg>1</sreg>
+		<op>eq</op>
+		<cmpdata>
+			<data_reg type="value">
+				<len>4</len>
+				<data0>0x00000001</data0>
+			</data_reg>
+		</cmpdata>
+	</expr>
+	<expr type="counter">
+		<pkts>0</pkts>
+		<bytes>0</bytes>
+	</expr>
+	<expr type="log">
+		<prefix>dns_drop</prefix>
+		<group>2</group>
+		<snaplen>0</snaplen>
+		<qthreshold>0</qthreshold>
+	</expr>
+	<expr type="immediate">
+		<dreg>0</dreg>
+		<immediatedata>
+			<data_reg type="verdict">
+				<verdict>drop</verdict>
+			</data_reg>
+		</immediatedata>
+	</expr>
+</rule>
+<!-- nft add rule ip6 filter test meta iifname "bond0" meta oifname "bond1.27" ip6 saddr 2a00:9ac0:c1ca:27::150 udp dport 53 ct status expected counter log prefix dns_drop group 2 drop -->