From 66d724ebcec91ba653cfabbaa0ea8893f7cde875 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Tue, 14 May 2019 08:58:37 -0400 Subject: [PATCH 45/73] test: pass IPTABLES make variables down to autotest (cherry picked from commit 8533c488a30de680769d61a08bc5f404716b04ee) (cherry picked from commit 9de0a22a6046a162389617fd775a8c4a79ea6afa) --- src/tests/Makefile.am | 7 ++++++- src/tests/functions.at | 4 ++-- src/tests/regression/icmp_block_in_forward_chain.at | 4 ++-- src/tests/regression/rhbz1514043.at | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am index a30ce4d5d607..2a5645ba81d8 100644 --- a/src/tests/Makefile.am +++ b/src/tests/Makefile.am @@ -15,7 +15,11 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ - echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])'; \ + echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' && \ + echo 'm4_define([IPTABLES],[$(IPTABLES)])' && \ + echo 'm4_define([IPTABLES_RESTORE],[$(IPTABLES_RESTORE)])' && \ + echo 'm4_define([IP6TABLES],[$(IP6TABLES)])' && \ + echo 'm4_define([IP6TABLES_RESTORE],[$(IP6TABLES_RESTORE)])' ; \ } > "$@" check-local: atconfig $(TESTSUITE) @@ -31,6 +35,7 @@ installcheck-local: atconfig $(TESTSUITE) clean-local: test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean + -rm $(srcdir)/package.m4 AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te AUTOTEST = $(AUTOM4TE) --language=autotest diff --git a/src/tests/functions.at b/src/tests/functions.at index 0dcda6311a75..c246c08bc378 100644 --- a/src/tests/functions.at +++ b/src/tests/functions.at @@ -232,13 +232,13 @@ m4_define([EBTABLES_LIST_RULES], [ m4_define([IPTABLES_LIST_RULES], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([IP6TABLES_LIST_RULES], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ - NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) diff --git a/src/tests/regression/icmp_block_in_forward_chain.at b/src/tests/regression/icmp_block_in_forward_chain.at index 77f3f274bc5a..3c8766a2b23b 100644 --- a/src/tests/regression/icmp_block_in_forward_chain.at +++ b/src/tests/regression/icmp_block_in_forward_chain.at @@ -2,8 +2,8 @@ FWD_START_TEST([ICMP block present FORWARD chain]) FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) m4_if(iptables, FIREWALL_BACKEND, [ - NS_CHECK([iptables -L IN_public_deny | grep "host-prohibited"], 0, ignore) - NS_CHECK([iptables -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) + NS_CHECK([IPTABLES -L IN_public_deny | grep "host-prohibited"], 0, ignore) + NS_CHECK([IPTABLES -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) ], [ NS_CHECK([nft list chain inet firewalld filter_IN_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) NS_CHECK([nft list chain inet firewalld filter_FWDI_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at index a7368dbd9eeb..a9750a584898 100644 --- a/src/tests/regression/rhbz1514043.at +++ b/src/tests/regression/rhbz1514043.at @@ -7,7 +7,7 @@ services: dhcpv6-client samba ssh ]) dnl check that log denied actually took effect m4_if(iptables, FIREWALL_BACKEND, [ - NS_CHECK([iptables -t filter -L | grep "FINAL_REJECT:"], 0, ignore) + NS_CHECK([IPTABLES -t filter -L | grep "FINAL_REJECT:"], 0, ignore) ], [ NS_CHECK([nft list chain inet firewalld filter_INPUT | grep "FINAL_REJECT"], 0, ignore) NS_CHECK([nft list chain inet firewalld filter_FORWARD | grep "FINAL_REJECT"], 0, ignore) -- 2.20.1