# neutron-rootwrap command filters to support functional testing.  It
# is NOT intended to be used outside of a test environment.
#
# This file should be owned by (and only-writeable by) the root user

[Filters]
# enable ping from namespace
ping_filter: CommandFilter, ping, root
ping6_filter: CommandFilter, ping6, root
ping_kill: KillFilter, root, ping, -2

# enable curl from namespace
curl_filter: RegExpFilter, /usr/bin/curl, root, curl, --max-time, \d+, -D-, http://[0-9a-z:./-]+
ncat_filter: CommandFilter, ncat, root
ncat_kill: KillFilter, root, ncat, -9
ss_filter: CommandFilter, ss, root

# enable neutron-linuxbridge-cleanup from namespace
lb_cleanup_filter: RegExpFilter, neutron-linuxbridge-cleanup, root, neutron-linuxbridge-cleanup, --config-file, .*

# enable dhclient from namespace
dhclient_filter: CommandFilter, dhclient, root
dhclient_kill: KillFilter, root, dhclient, -9

# Actually, dhclient is used for test dhcp-agent and runs
# in dhcp-agent namespace. If in that namespace resolv.conf file not exist
# dhclient will override system /etc/resolv.conf
# Filters below are limit functions mkdir, rm and touch
# only to create and delete file resolv.conf in the namespace
mkdir_filter: RegExpFilter, /bin/mkdir, root, mkdir, -p, /etc/netns/qdhcp-[0-9a-z./-]+
rm_filter: RegExpFilter, /bin/rm, root, rm, -r, /etc/netns/qdhcp-[0-9a-z./-]+
touch_filter: RegExpFilter, /bin/touch, root, touch, /etc/netns/qdhcp-[0-9a-z./-]+/resolv.conf
touch_filter2: RegExpFilter, /usr/bin/touch, root, touch, /etc/netns/qdhcp-[0-9a-z./-]+/resolv.conf

# needed by test_ovs_flows which runs ovs-appctl ofproto/trace
ovstrace_filter: RegExpFilter, ovs-appctl, root, ovs-appctl, ofproto/trace, .*, .*

# needed for TestGetRootHelperChildPid
bash_filter: RegExpFilter, /bin/bash, root, bash, -c, \(sleep 100\)
sleep_kill: KillFilter, root, sleep, -9

#needed by test_netns_cleanup
process_spawn: EnvFilter, env, root, PATH=, python
ip_exec: IpNetnsExecFilter, ip, root
ps: CommandFilter, ps, root
pid_kill: RegExpFilter, kill, root, kill, -\d+, .*

#needed to set up fullstack 'multinode' environment
rabbitmqctl: CommandFilter, rabbitmqctl, root
linuxbridge_agent: CommandFilter, neutron-linuxbridge-agent, root
dhcp_agent: CommandFilter, dhcp_agent.py, root
ovs_agent: CommandFilter, ovs_agent.py, root
l3_agent: CommandFilter, l3_agent.py, root

#needed to capture and analyze traffic in fullstack tests (f.e. in DSCP scenarios)
tcpdump: CommandFilter, tcpdump, root