test-firewall-util: skip if iptables nat table does not exist

2025-01-27 14:03:43 +03:00 · 2021-04-02 02:49:37 -07:00 · 2021-04-02 02:49:37 -07:00 · afbcd90552
commit afbcd90552
parent 9d5ae3a121
3 changed files with 27 additions and 6 deletions
--- a/src/shared/firewall-util-iptables.c
+++ b/src/shared/firewall-util-iptables.c
@ -102,9 +102,9 @@ int fw_iptables_add_masquerade(
        if (!source || source_prefixlen == 0)
                return -EINVAL;

-        h = iptc_init("nat");
-        if (!h)
-                return -errno;
+        r = fw_iptables_init_nat(&h);
+        if (r < 0)
+                return r;

        sz = XT_ALIGN(sizeof(struct ipt_entry)) +
             XT_ALIGN(sizeof(struct ipt_entry_target)) +
@ -192,9 +192,9 @@ int fw_iptables_add_local_dnat(
        if (remote_port <= 0)
                return -EINVAL;

-        h = iptc_init("nat");
-        if (!h)
-                return -errno;
+        r = fw_iptables_init_nat(&h);
+        if (r < 0)
+                return r;

        sz = XT_ALIGN(sizeof(struct ipt_entry)) +
             XT_ALIGN(sizeof(struct ipt_entry_match)) +
@ -348,3 +348,16 @@ int fw_iptables_add_local_dnat(

        return 0;
 }
+
+int fw_iptables_init_nat(struct xtc_handle **ret) {
+        _cleanup_(iptc_freep) struct xtc_handle *h = NULL;
+
+        h = iptc_init("nat");
+        if (!h)
+                return log_debug_errno(errno, "Failed to init \"nat\" table: %s", iptc_strerror(errno));
+
+        if (ret)
+                *ret = TAKE_PTR(h);
+
+        return 0;
+}
--- a/src/shared/firewall-util-private.h
+++ b/src/shared/firewall-util-private.h
@ -46,6 +46,7 @@ int fw_nftables_add_local_dnat(
                const union in_addr_union *previous_remote);

 #if HAVE_LIBIPTC
+struct xtc_handle;

 int fw_iptables_add_masquerade(
                bool add,
@ -61,4 +62,6 @@ int fw_iptables_add_local_dnat(
                const union in_addr_union *remote,
                uint16_t remote_port,
                const union in_addr_union *previous_remote);
+
+int fw_iptables_init_nat(struct xtc_handle **ret);
 #endif
--- a/src/test/test-firewall-util.c
+++ b/src/test/test-firewall-util.c
@ -102,6 +102,11 @@ int main(int argc, char *argv[]) {
        if (ctx->backend == FW_BACKEND_NONE)
                return EXIT_TEST_SKIP;

+#if HAVE_LIBIPTC
+        if (ctx->backend == FW_BACKEND_IPTABLES && fw_iptables_init_nat(NULL) < 0)
+                return EXIT_TEST_SKIP;
+#endif
+
        if (test_v4(ctx) && ctx->backend == FW_BACKEND_NFTABLES)
                test_v6(ctx);