rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/firewalld-0.7-0034-tests-functions-normalize-nft-list-rule-output.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   21c891623aedfc93c402340bdbb20138c7b6dcba
  2.   SOURCES
  3.   firewalld-0.7-0034-tests-functions-normalize-nft-list-rule-output.patch
Blob History Raw
21c891 
From 9142be6d529e2aa9bc17bc2c3ae37a81d7ca8b98 Mon Sep 17 00:00:00 2001
21c891 
From: Eric Garver <e@erig.me>
21c891 
Date: Fri, 7 Dec 2018 09:34:27 -0500
21c891 
Subject: [PATCH 34/34] tests/functions: normalize nft list rule output
21c891
21c891 
nftables commit 6dd848339444 ("src: meta: always prefix 'meta' for
21c891 
almost all tokens") made the "mark" output always be prefixd by "meta".
21c891 
To be compatible with old nft version, strip the meta keyword.
21c891
21c891 
Fix test cases as well.
21c891
21c891 
(cherry picked from commit 3e56d69f5702bbf326dd6701e329aa1e98071b7a)
21c891 
---
21c891 
 src/tests/firewall-cmd.at | 42 +++++++++++++++++++--------------------
21c891 
 src/tests/functions.at    |  6 +++++-
21c891 
 2 files changed, 26 insertions(+), 22 deletions(-)
21c891
21c891 
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
21c891 
index d408f31bd6b8..baef4d6dc7ef 100644
21c891 
--- a/src/tests/firewall-cmd.at
21c891 
+++ b/src/tests/firewall-cmd.at
21c891 
@@ -1046,8 +1046,8 @@ FWD_START_TEST([rich rules priority])
21c891 
     NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl
21c891 
         table inet firewalld {
21c891 
         chain filter_IN_public_pre {
21c891 
-        ct state new,untracked meta mark 0x00000069 accept
21c891 
-        ct state new,untracked meta mark 0x00000066 accept
21c891 
+        ct state new,untracked mark 0x00000069 accept
21c891 
+        ct state new,untracked mark 0x00000066 accept
21c891 
         ip saddr 10.1.0.0/16 drop
21c891 
         }
21c891 
         }
21c891 
@@ -1057,23 +1057,23 @@ FWD_START_TEST([rich rules priority])
21c891 
         chain filter_IN_public_allow {
21c891 
         tcp dport 22 ct state new,untracked accept
21c891 
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
21c891 
-        ct state new,untracked meta mark 0x00000064 accept
21c891 
-        ct state new,untracked meta mark 0x00000068 accept
21c891 
+        ct state new,untracked mark 0x00000064 accept
21c891 
+        ct state new,untracked mark 0x00000068 accept
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
     NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl
21c891 
         table inet firewalld {
21c891 
         chain filter_FWDI_public_pre {
21c891 
-        ct state new,untracked meta mark 0x0000006a accept
21c891 
-        ct state new,untracked meta mark 0x00000067 accept
21c891 
+        ct state new,untracked mark 0x0000006a accept
21c891 
+        ct state new,untracked mark 0x00000067 accept
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
     NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl
21c891 
         table inet firewalld {
21c891 
         chain filter_FWDI_public_allow {
21c891 
-        ct state new,untracked meta mark 0x00000065 accept
21c891 
+        ct state new,untracked mark 0x00000065 accept
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
@@ -1094,16 +1094,16 @@ FWD_START_TEST([rich rules priority])
21c891 
     NFT_LIST_RULES([ip], [nat_PRE_public_pre], 0, [dnl
21c891 
         table ip firewalld {
21c891 
         chain nat_PRE_public_pre {
21c891 
-        meta l4proto tcp meta mark 0x00000066 redirect to :80
21c891 
-        meta l4proto tcp meta mark 0x00000067 dnat to 10.1.1.1:80
21c891 
+        meta l4proto tcp mark 0x00000066 redirect to :80
21c891 
+        meta l4proto tcp mark 0x00000067 dnat to 10.1.1.1:80
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
     NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl
21c891 
         table ip firewalld {
21c891 
         chain nat_PRE_public_allow {
21c891 
-        meta l4proto tcp meta mark 0x00000064 redirect to :22
21c891 
-        meta l4proto tcp meta mark 0x00000065 dnat to 10.1.1.1:22
21c891 
+        meta l4proto tcp mark 0x00000064 redirect to :22
21c891 
+        meta l4proto tcp mark 0x00000065 dnat to 10.1.1.1:22
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
@@ -1124,15 +1124,15 @@ FWD_START_TEST([rich rules priority])
21c891 
     NFT_LIST_RULES([ip6], [nat_PRE_public_pre], 0,
21c891 
         [[table ip6 firewalld {
21c891 
         chain nat_PRE_public_pre {
21c891 
-        meta l4proto tcp meta mark 0x00000069 redirect to :99
21c891 
-        meta l4proto tcp meta mark 0x0000006a dnat to [1234::4321]:9999
21c891 
+        meta l4proto tcp mark 0x00000069 redirect to :99
21c891 
+        meta l4proto tcp mark 0x0000006a dnat to [1234::4321]:9999
21c891 
         }
21c891 
         }
21c891 
     ]])
21c891 
     NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl
21c891 
         table ip6 firewalld {
21c891 
         chain nat_PRE_public_allow {
21c891 
-        meta l4proto tcp meta mark 0x00000068 redirect to :90
21c891 
+        meta l4proto tcp mark 0x00000068 redirect to :90
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
@@ -1151,19 +1151,19 @@ FWD_START_TEST([rich rules priority])
21c891 
     NFT_LIST_RULES([inet], [mangle_PRE_public_pre], 0, [dnl
21c891 
         table inet firewalld {
21c891 
         chain mangle_PRE_public_pre {
21c891 
-        meta nfproto ipv6 tcp dport 999 meta mark set 0x00000069
21c891 
-        meta nfproto ipv6 tcp dport 9999 meta mark set 0x0000006a
21c891 
-        meta nfproto ipv4 tcp dport 8888 meta mark set 0x00000066
21c891 
-        meta nfproto ipv4 tcp dport 8080 meta mark set 0x00000067
21c891 
+        meta nfproto ipv6 tcp dport 999 mark set 0x00000069
21c891 
+        meta nfproto ipv6 tcp dport 9999 mark set 0x0000006a
21c891 
+        meta nfproto ipv4 tcp dport 8888 mark set 0x00000066
21c891 
+        meta nfproto ipv4 tcp dport 8080 mark set 0x00000067
21c891 
         }
21c891 
         }
21c891 
     ])
21c891 
     NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl
21c891 
         table inet firewalld {
21c891 
         chain mangle_PRE_public_allow {
21c891 
-        meta nfproto ipv4 tcp dport 222 meta mark set 0x00000064
21c891 
-        meta nfproto ipv4 tcp dport 2222 meta mark set 0x00000065
21c891 
-        meta nfproto ipv6 tcp dport 9090 meta mark set 0x00000068
21c891 
+        meta nfproto ipv4 tcp dport 222 mark set 0x00000064
21c891 
+        meta nfproto ipv4 tcp dport 2222 mark set 0x00000065
21c891 
+        meta nfproto ipv6 tcp dport 9090 mark set 0x00000068
21c891 
         }
21c891 
         }
21c891 
     ])], [
21c891 
diff --git a/src/tests/functions.at b/src/tests/functions.at
21c891 
index 9bb9aac30dee..080e44a73383 100644
21c891 
--- a/src/tests/functions.at
21c891 
+++ b/src/tests/functions.at
21c891 
@@ -250,9 +250,13 @@ m4_define([IP6TABLES_LIST_RULES], [
21c891 
 ])
21c891
21c891 
 m4_define([NFT_LIST_RULES], [
21c891 
+    dnl nftables commit 6dd848339444 change list output to show "meta mark"
21c891 
+    dnl instead of just "mark".
21c891 
+    m4_define([NFT_LIST_RULES_NORMALIZE], [sed -e 's/meta mark/mark/g'])
21c891 
     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
21c891 
-        NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
21c891 
+        NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
21c891 
     ])
21c891 
+    m4_undefine([NFT_LIST_RULES_NORMALIZE])
21c891 
 ])
21c891
21c891 
 m4_define([IPSET_LIST_SET], [
21c891 
--
21c891 
2.18.0
21c891

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation