|
 |
136e2c |
From 5915c23835a7b3a8249aea10130fff5d1cff0b38 Mon Sep 17 00:00:00 2001
|
|
|
136e2c |
From: Eric Garver <eric@garver.life>
|
|
|
136e2c |
Date: Thu, 31 Oct 2019 13:06:53 -0400
|
|
|
136e2c |
Subject: [PATCH 122/122] chore: tests: rename IF_IPV6_SUPPORTED to
|
|
|
136e2c |
IF_HOST_SUPPORTS_IPV6_RULES
|
|
|
136e2c |
|
|
|
136e2c |
It more accurately describes what it's checking for.
|
|
|
136e2c |
|
|
|
136e2c |
(cherry picked from commit ba594ac365acc86fc6bbe398883f51fbf3d85df0)
|
|
|
136e2c |
(cherry picked from commit b239f28c73f2701182b1fa13f0667cb9d686a379)
|
|
|
136e2c |
---
|
|
|
136e2c |
src/tests/firewall-cmd.at | 20 ++++++++++----------
|
|
|
136e2c |
src/tests/functions.at | 4 ++--
|
|
|
136e2c |
src/tests/regression/gh258.at | 2 +-
|
|
|
136e2c |
src/tests/regression/gh335.at | 6 +++---
|
|
|
136e2c |
src/tests/regression/rhbz1734765.at | 4 ++--
|
|
|
136e2c |
5 files changed, 18 insertions(+), 18 deletions(-)
|
|
|
136e2c |
|
|
|
136e2c |
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
|
|
|
136e2c |
index e9d5b6d1abc0..21ba2e5aec45 100644
|
|
|
136e2c |
--- a/src/tests/firewall-cmd.at
|
|
|
136e2c |
+++ b/src/tests/firewall-cmd.at
|
|
|
136e2c |
@@ -199,7 +199,7 @@ sources: $1
|
|
|
136e2c |
|
|
|
136e2c |
check_zone_source([1.2.3.4])
|
|
|
136e2c |
check_zone_source([192.168.1.0/24])
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
check_zone_source([3ffe:501:ffff::/64])
|
|
|
136e2c |
check_zone_source([dead:beef::babe])
|
|
|
136e2c |
])
|
|
|
136e2c |
@@ -294,7 +294,7 @@ FWD_START_TEST([user services])
|
|
|
136e2c |
FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address
|
|
|
136e2c |
FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore)
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore)
|
|
|
136e2c |
@@ -520,7 +520,7 @@ FWD_START_TEST([forward ports])
|
|
|
136e2c |
FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore)
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
136e2c |
dnl this should only affect IPv6, so verify that.
|
|
|
136e2c |
NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl
|
|
|
136e2c |
@@ -567,7 +567,7 @@ FWD_START_TEST([forward ports])
|
|
|
136e2c |
FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore)
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
136e2c |
@@ -688,7 +688,7 @@ FWD_START_TEST([ipset])
|
|
|
136e2c |
FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore)
|
|
|
136e2c |
FWD_RELOAD
|
|
|
136e2c |
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore)
|
|
|
136e2c |
FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore)
|
|
|
136e2c |
FWD_RELOAD
|
|
|
136e2c |
@@ -968,7 +968,7 @@ FWD_START_TEST([rich rules good])
|
|
|
136e2c |
rich_rule_test([rule protocol value="sctp" log])
|
|
|
136e2c |
rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept])
|
|
|
136e2c |
rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop])
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"])
|
|
|
136e2c |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop])
|
|
|
136e2c |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"])
|
|
|
136e2c |
@@ -983,7 +983,7 @@ FWD_START_TEST([rich rules good])
|
|
|
136e2c |
rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade])
|
|
|
136e2c |
rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"])
|
|
|
136e2c |
rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"])
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"])
|
|
|
136e2c |
rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"])
|
|
|
136e2c |
])
|
|
|
136e2c |
@@ -1014,7 +1014,7 @@ FWD_START_TEST([rich rules bad])
|
|
|
136e2c |
rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port
|
|
|
136e2c |
rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute
|
|
|
136e2c |
rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
rich_rule_test([family="ipv6" accept], 122) dnl no rule
|
|
|
136e2c |
rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family
|
|
|
136e2c |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit
|
|
|
136e2c |
@@ -1135,7 +1135,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90'
|
|
|
136e2c |
])
|
|
|
136e2c |
FWD_CHECK([--check-config], 111, ignore, ignore)
|
|
|
136e2c |
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
AT_DATA([./helpers/foobar.xml], [dnl
|
|
|
136e2c |
|
|
|
136e2c |
<helper family="ipv6" module="nf_conntrack_ftp">
|
|
|
136e2c |
@@ -1386,7 +1386,7 @@ WARNING: Invalid rule: Invalid log level
|
|
|
136e2c |
])
|
|
|
136e2c |
FWD_CHECK([--check-config], 28, ignore, ignore)
|
|
|
136e2c |
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
AT_DATA([./zones/foobar.xml], [dnl
|
|
|
136e2c |
|
|
|
136e2c |
<zone>
|
|
|
136e2c |
diff --git a/src/tests/functions.at b/src/tests/functions.at
|
|
|
136e2c |
index a84a22c3da4b..d663716cb138 100644
|
|
|
136e2c |
--- a/src/tests/functions.at
|
|
|
136e2c |
+++ b/src/tests/functions.at
|
|
|
136e2c |
@@ -140,7 +140,7 @@ m4_define([FWD_START_TEST], [
|
|
|
136e2c |
|
|
|
136e2c |
m4_define([FWD_END_TEST], [
|
|
|
136e2c |
m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
|
|
|
136e2c |
- IF_IPV6_SUPPORTED([], [
|
|
|
136e2c |
+ IF_HOST_SUPPORTS_IP6TABLES([], [
|
|
|
136e2c |
sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log
|
|
|
136e2c |
])
|
|
|
136e2c |
sed -i "/modprobe: ERROR:/d" ./firewalld.log
|
|
|
136e2c |
@@ -442,7 +442,7 @@ m4_define([IF_HOST_SUPPORTS_IPV6], [
|
|
|
136e2c |
fi
|
|
|
136e2c |
])
|
|
|
136e2c |
|
|
|
136e2c |
-m4_define([IF_IPV6_SUPPORTED], [
|
|
|
136e2c |
+m4_define([IF_HOST_SUPPORTS_IPV6_RULES], [
|
|
|
136e2c |
m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [
|
|
|
136e2c |
m4_if(nftables, FIREWALL_BACKEND, [$1], [
|
|
|
136e2c |
IF_HOST_SUPPORTS_IP6TABLES([$1], [$2])
|
|
|
136e2c |
diff --git a/src/tests/regression/gh258.at b/src/tests/regression/gh258.at
|
|
|
136e2c |
index a4b86e8a006f..5671c37ba432 100644
|
|
|
136e2c |
--- a/src/tests/regression/gh258.at
|
|
|
136e2c |
+++ b/src/tests/regression/gh258.at
|
|
|
136e2c |
@@ -2,7 +2,7 @@ FWD_START_TEST([zone dispatch layout])
|
|
|
136e2c |
AT_KEYWORDS(zone gh258 gh441 rhbz1713823)
|
|
|
136e2c |
|
|
|
136e2c |
FWD_CHECK([--zone=work --add-source="1.2.3.0/24"], 0, ignore)
|
|
|
136e2c |
-IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([--zone=public --add-source="dead:beef::/54"], 0, ignore)
|
|
|
136e2c |
])
|
|
|
136e2c |
FWD_CHECK([--zone=work --add-interface=dummy0], 0, ignore)
|
|
|
136e2c |
diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at
|
|
|
136e2c |
index d3c2b225a2df..c5ed4919b015 100644
|
|
|
136e2c |
--- a/src/tests/regression/gh335.at
|
|
|
136e2c |
+++ b/src/tests/regression/gh335.at
|
|
|
136e2c |
@@ -9,7 +9,7 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor
|
|
|
136e2c |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
136e2c |
FWD_RELOAD
|
|
|
136e2c |
|
|
|
136e2c |
-IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
136e2c |
IF_HOST_SUPPORTS_IPV6([
|
|
|
136e2c |
NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
136e2c |
@@ -31,7 +31,7 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor
|
|
|
136e2c |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
136e2c |
FWD_RELOAD
|
|
|
136e2c |
|
|
|
136e2c |
-IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
136e2c |
IF_HOST_SUPPORTS_IPV6([
|
|
|
136e2c |
NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
136e2c |
@@ -58,7 +58,7 @@ FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protoc
|
|
|
136e2c |
NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
136e2c |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
136e2c |
|
|
|
136e2c |
-IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"'])
|
|
|
136e2c |
NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
136e2c |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
136e2c |
diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at
|
|
|
136e2c |
index de8e1ab40598..276c1e433025 100644
|
|
|
136e2c |
--- a/src/tests/regression/rhbz1734765.at
|
|
|
136e2c |
+++ b/src/tests/regression/rhbz1734765.at
|
|
|
136e2c |
@@ -26,7 +26,7 @@ FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"])
|
|
|
136e2c |
FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"])
|
|
|
136e2c |
FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"])
|
|
|
136e2c |
FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"])
|
|
|
136e2c |
-IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"])
|
|
|
136e2c |
FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"])
|
|
|
136e2c |
FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"])
|
|
|
136e2c |
@@ -61,7 +61,7 @@ NFT_LIST_SET([ipsetv6], 0, [dnl
|
|
|
136e2c |
|
|
|
136e2c |
FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"])
|
|
|
136e2c |
FWD_CHECK([-q --zone=public --add-source="20.20.20.20"])
|
|
|
136e2c |
-IF_IPV6_SUPPORTED([
|
|
|
136e2c |
+IF_HOST_SUPPORTS_IPV6_RULES([
|
|
|
136e2c |
FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"])
|
|
|
136e2c |
FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"])
|
|
|
136e2c |
FWD_CHECK([-q --zone=foobar_012 --add-source ipset:ipsetv6])
|
|
|
136e2c |
--
|
|
|
136e2c |
2.23.0
|
|
|
136e2c |
|