1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-21 22:03:49 +03:00

tests: fix broken nftables test data so that individual tests are successful

When the chain names and table name used by the nftables firewall
backend were changed in commit
958aa7f274904eb8e4678a43eac845044f0dcc38, I forgot to change the test
data file base.nftables, which has the extra "list" and "add
chain/table" commands that are generated for the first test case of
networkxml2firewalltest.c. When the full set of tests is run, the
first test will be an iptables test case, so those extra commands
won't be added to any of the nftables cases, and so the data in
base.nftables never matches, and the tests are all successful.

However, if the test are limited with, e.g. VIR_TEST_RANGE=2 (test #2
will be the nftables version of the 1st test case), then the commands
to add nftables table/chains *will* be generated in the test output,
and so the test will fail. Because I was only running the entire test
series after the initial commits of nftables tests, I didn't notice
this. Until now.

base.nftables has now been updated to reflect the current names for
chains/table, and running individual test cases is once again
successful.

Fixes: 958aa7f274904eb8e4678a43eac845044f0dcc38
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Laine Stump <laine@redhat.com>
This commit is contained in:
Laine Stump 2024-06-12 15:25:46 -04:00 committed by Daniel P. Berrangé
parent 3a9095976e
commit aabf279ca0

View File

@ -2,255 +2,137 @@ nft \
list \ list \
table \ table \
ip \ ip \
libvirt libvirt_network
nft \ nft \
add \ add \
table \ table \
ip \ ip \
libvirt libvirt_network
nft \ nft \
add \ add \
chain \ chain \
ip \ ip \
libvirt \ libvirt_network \
INPUT \ forward \
'{ type filter hook input priority 0; policy accept; }'
nft \
add \
chain \
ip \
libvirt \
FORWARD \
'{ type filter hook forward priority 0; policy accept; }' '{ type filter hook forward priority 0; policy accept; }'
nft \ nft \
add \ add \
chain \ chain \
ip \ ip \
libvirt \ libvirt_network \
OUTPUT \ guest_output
'{ type filter hook output priority 0; policy accept; }'
nft \
add \
chain \
ip \
libvirt \
LIBVIRT_INP
nft \ nft \
insert \ insert \
rule \ rule \
ip \ ip \
libvirt \ libvirt_network \
INPUT \ forward \
counter \ counter \
jump \ jump \
LIBVIRT_INP guest_output
nft \ nft \
add \ add \
chain \ chain \
ip \ ip \
libvirt \ libvirt_network \
LIBVIRT_OUT guest_input
nft \ nft \
insert \ insert \
rule \ rule \
ip \ ip \
libvirt \ libvirt_network \
OUTPUT \ forward \
counter \ counter \
jump \ jump \
LIBVIRT_OUT guest_input
nft \ nft \
add \ add \
chain \ chain \
ip \ ip \
libvirt \ libvirt_network \
LIBVIRT_FWO guest_cross
nft \ nft \
insert \ insert \
rule \ rule \
ip \ ip \
libvirt \ libvirt_network \
FORWARD \ forward \
counter \ counter \
jump \ jump \
LIBVIRT_FWO guest_cross
nft \ nft \
add \ add \
chain \ chain \
ip \ ip \
libvirt \ libvirt_network \
LIBVIRT_FWI guest_nat \
nft \
insert \
rule \
ip \
libvirt \
FORWARD \
counter \
jump \
LIBVIRT_FWI
nft \
add \
chain \
ip \
libvirt \
LIBVIRT_FWX
nft \
insert \
rule \
ip \
libvirt \
FORWARD \
counter \
jump \
LIBVIRT_FWX
nft \
add \
chain \
ip \
libvirt \
POSTROUTING \
'{ type nat hook postrouting priority 100; policy accept; }' '{ type nat hook postrouting priority 100; policy accept; }'
nft \ nft \
add \
chain \
ip \
libvirt \
LIBVIRT_PRT
nft \
insert \
rule \
ip \
libvirt \
POSTROUTING \
counter \
jump \
LIBVIRT_PRT
nft \
list \ list \
table \ table \
ip6 \ ip6 \
libvirt libvirt_network
nft \ nft \
add \ add \
table \ table \
ip6 \ ip6 \
libvirt libvirt_network
nft \ nft \
add \ add \
chain \ chain \
ip6 \ ip6 \
libvirt \ libvirt_network \
INPUT \ forward \
'{ type filter hook input priority 0; policy accept; }'
nft \
add \
chain \
ip6 \
libvirt \
FORWARD \
'{ type filter hook forward priority 0; policy accept; }' '{ type filter hook forward priority 0; policy accept; }'
nft \ nft \
add \ add \
chain \ chain \
ip6 \ ip6 \
libvirt \ libvirt_network \
OUTPUT \ guest_output
'{ type filter hook output priority 0; policy accept; }'
nft \
add \
chain \
ip6 \
libvirt \
LIBVIRT_INP
nft \ nft \
insert \ insert \
rule \ rule \
ip6 \ ip6 \
libvirt \ libvirt_network \
INPUT \ forward \
counter \ counter \
jump \ jump \
LIBVIRT_INP guest_output
nft \ nft \
add \ add \
chain \ chain \
ip6 \ ip6 \
libvirt \ libvirt_network \
LIBVIRT_OUT guest_input
nft \ nft \
insert \ insert \
rule \ rule \
ip6 \ ip6 \
libvirt \ libvirt_network \
OUTPUT \ forward \
counter \ counter \
jump \ jump \
LIBVIRT_OUT guest_input
nft \ nft \
add \ add \
chain \ chain \
ip6 \ ip6 \
libvirt \ libvirt_network \
LIBVIRT_FWO guest_cross
nft \ nft \
insert \ insert \
rule \ rule \
ip6 \ ip6 \
libvirt \ libvirt_network \
FORWARD \ forward \
counter \ counter \
jump \ jump \
LIBVIRT_FWO guest_cross
nft \ nft \
add \ add \
chain \ chain \
ip6 \ ip6 \
libvirt \ libvirt_network \
LIBVIRT_FWI guest_nat \
nft \
insert \
rule \
ip6 \
libvirt \
FORWARD \
counter \
jump \
LIBVIRT_FWI
nft \
add \
chain \
ip6 \
libvirt \
LIBVIRT_FWX
nft \
insert \
rule \
ip6 \
libvirt \
FORWARD \
counter \
jump \
LIBVIRT_FWX
nft \
add \
chain \
ip6 \
libvirt \
POSTROUTING \
'{ type nat hook postrouting priority 100; policy accept; }' '{ type nat hook postrouting priority 100; policy accept; }'
nft \
add \
chain \
ip6 \
libvirt \
LIBVIRT_PRT
nft \
insert \
rule \
ip6 \
libvirt \
POSTROUTING \
counter \
jump \
LIBVIRT_PRT