Blob Blame History Raw
From 9142be6d529e2aa9bc17bc2c3ae37a81d7ca8b98 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Fri, 7 Dec 2018 09:34:27 -0500
Subject: [PATCH 34/34] tests/functions: normalize nft list rule output

nftables commit 6dd848339444 ("src: meta: always prefix 'meta' for
almost all tokens") made the "mark" output always be prefixd by "meta".
To be compatible with old nft version, strip the meta keyword.

Fix test cases as well.

(cherry picked from commit 3e56d69f5702bbf326dd6701e329aa1e98071b7a)
---
 src/tests/firewall-cmd.at | 42 +++++++++++++++++++--------------------
 src/tests/functions.at    |  6 +++++-
 2 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
index d408f31bd6b8..baef4d6dc7ef 100644
--- a/src/tests/firewall-cmd.at
+++ b/src/tests/firewall-cmd.at
@@ -1046,8 +1046,8 @@ FWD_START_TEST([rich rules priority])
     NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl
         table inet firewalld {
         chain filter_IN_public_pre {
-        ct state new,untracked meta mark 0x00000069 accept
-        ct state new,untracked meta mark 0x00000066 accept
+        ct state new,untracked mark 0x00000069 accept
+        ct state new,untracked mark 0x00000066 accept
         ip saddr 10.1.0.0/16 drop
         }
         }
@@ -1057,23 +1057,23 @@ FWD_START_TEST([rich rules priority])
         chain filter_IN_public_allow {
         tcp dport 22 ct state new,untracked accept
         ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
-        ct state new,untracked meta mark 0x00000064 accept
-        ct state new,untracked meta mark 0x00000068 accept
+        ct state new,untracked mark 0x00000064 accept
+        ct state new,untracked mark 0x00000068 accept
         }
         }
     ])
     NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl
         table inet firewalld {
         chain filter_FWDI_public_pre {
-        ct state new,untracked meta mark 0x0000006a accept
-        ct state new,untracked meta mark 0x00000067 accept
+        ct state new,untracked mark 0x0000006a accept
+        ct state new,untracked mark 0x00000067 accept
         }
         }
     ])
     NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl
         table inet firewalld {
         chain filter_FWDI_public_allow {
-        ct state new,untracked meta mark 0x00000065 accept
+        ct state new,untracked mark 0x00000065 accept
         }
         }
     ])
@@ -1094,16 +1094,16 @@ FWD_START_TEST([rich rules priority])
     NFT_LIST_RULES([ip], [nat_PRE_public_pre], 0, [dnl
         table ip firewalld {
         chain nat_PRE_public_pre {
-        meta l4proto tcp meta mark 0x00000066 redirect to :80
-        meta l4proto tcp meta mark 0x00000067 dnat to 10.1.1.1:80
+        meta l4proto tcp mark 0x00000066 redirect to :80
+        meta l4proto tcp mark 0x00000067 dnat to 10.1.1.1:80
         }
         }
     ])
     NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl
         table ip firewalld {
         chain nat_PRE_public_allow {
-        meta l4proto tcp meta mark 0x00000064 redirect to :22
-        meta l4proto tcp meta mark 0x00000065 dnat to 10.1.1.1:22
+        meta l4proto tcp mark 0x00000064 redirect to :22
+        meta l4proto tcp mark 0x00000065 dnat to 10.1.1.1:22
         }
         }
     ])
@@ -1124,15 +1124,15 @@ FWD_START_TEST([rich rules priority])
     NFT_LIST_RULES([ip6], [nat_PRE_public_pre], 0,
         [[table ip6 firewalld {
         chain nat_PRE_public_pre {
-        meta l4proto tcp meta mark 0x00000069 redirect to :99
-        meta l4proto tcp meta mark 0x0000006a dnat to [1234::4321]:9999
+        meta l4proto tcp mark 0x00000069 redirect to :99
+        meta l4proto tcp mark 0x0000006a dnat to [1234::4321]:9999
         }
         }
     ]])
     NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl
         table ip6 firewalld {
         chain nat_PRE_public_allow {
-        meta l4proto tcp meta mark 0x00000068 redirect to :90
+        meta l4proto tcp mark 0x00000068 redirect to :90
         }
         }
     ])
@@ -1151,19 +1151,19 @@ FWD_START_TEST([rich rules priority])
     NFT_LIST_RULES([inet], [mangle_PRE_public_pre], 0, [dnl
         table inet firewalld {
         chain mangle_PRE_public_pre {
-        meta nfproto ipv6 tcp dport 999 meta mark set 0x00000069
-        meta nfproto ipv6 tcp dport 9999 meta mark set 0x0000006a
-        meta nfproto ipv4 tcp dport 8888 meta mark set 0x00000066
-        meta nfproto ipv4 tcp dport 8080 meta mark set 0x00000067
+        meta nfproto ipv6 tcp dport 999 mark set 0x00000069
+        meta nfproto ipv6 tcp dport 9999 mark set 0x0000006a
+        meta nfproto ipv4 tcp dport 8888 mark set 0x00000066
+        meta nfproto ipv4 tcp dport 8080 mark set 0x00000067
         }
         }
     ])
     NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl
         table inet firewalld {
         chain mangle_PRE_public_allow {
-        meta nfproto ipv4 tcp dport 222 meta mark set 0x00000064
-        meta nfproto ipv4 tcp dport 2222 meta mark set 0x00000065
-        meta nfproto ipv6 tcp dport 9090 meta mark set 0x00000068
+        meta nfproto ipv4 tcp dport 222 mark set 0x00000064
+        meta nfproto ipv4 tcp dport 2222 mark set 0x00000065
+        meta nfproto ipv6 tcp dport 9090 mark set 0x00000068
         }
         }
     ])], [
diff --git a/src/tests/functions.at b/src/tests/functions.at
index 9bb9aac30dee..080e44a73383 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
@@ -250,9 +250,13 @@ m4_define([IP6TABLES_LIST_RULES], [
 ])
 
 m4_define([NFT_LIST_RULES], [
+    dnl nftables commit 6dd848339444 change list output to show "meta mark"
+    dnl instead of just "mark".
+    m4_define([NFT_LIST_RULES_NORMALIZE], [sed -e 's/meta mark/mark/g'])
     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
-        NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
+        NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7])
     ])
+    m4_undefine([NFT_LIST_RULES_NORMALIZE])
 ])
 
 m4_define([IPSET_LIST_SET], [
-- 
2.18.0