nwfilter cleanups for legacy platforms

[libvirt PATCH 0/2] nwfilter cleanups for legacy platforms

Daniel P. Berrangé posted 2 patches 2 years, 1 month ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20220308175242.771524-1-berrange@redhat.com

Test syntax-check failed

src/nwfilter/nwfilter_ebiptables_driver.c     |  128 +-
.../ah-ipv6-linux.args                        |   54 +-
tests/nwfilterxml2firewalldata/ah-linux.args  |   54 +-
.../all-ipv6-linux.args                       |   54 +-
tests/nwfilterxml2firewalldata/all-linux.args |   54 +-
.../comment-linux.args                        |   90 +-
.../conntrack-linux.args                      |   18 +-
.../esp-ipv6-linux.args                       |   54 +-
tests/nwfilterxml2firewalldata/esp-linux.args |   54 +-
.../example-1-linux.args                      |   54 +-
.../example-2-linux.args                      |   28 +-
.../hex-data-linux.args                       |   36 +-
.../icmp-direction-linux.args                 |   12 +-
.../icmp-direction2-linux.args                |   12 +-
.../icmp-direction3-linux.args                |   18 +-
.../nwfilterxml2firewalldata/icmp-linux.args  |   12 +-
.../icmpv6-linux.args                         |   16 +-
.../nwfilterxml2firewalldata/igmp-linux.args  |   54 +-
.../nwfilterxml2firewalldata/ipset-linux.args |   72 +-
.../nwfilterxml2firewalldata/iter1-linux.args |   54 +-
.../nwfilterxml2firewalldata/iter2-linux.args | 1026 +++++++++++------
.../nwfilterxml2firewalldata/iter3-linux.args |   90 +-
.../sctp-ipv6-linux.args                      |   54 +-
.../nwfilterxml2firewalldata/sctp-linux.args  |   54 +-
.../target-linux.args                         |   36 +-
.../target2-linux.args                        |   18 +-
.../tcp-ipv6-linux.args                       |   54 +-
tests/nwfilterxml2firewalldata/tcp-linux.args |   18 +-
.../udp-ipv6-linux.args                       |   54 +-
tests/nwfilterxml2firewalldata/udp-linux.args |   54 +-
.../udplite-ipv6-linux.args                   |   54 +-
.../udplite-linux.args                        |   54 +-
32 files changed, 1570 insertions(+), 924 deletions(-)

Expand all Fold all

[libvirt PATCH 0/2] nwfilter cleanups for legacy platforms

Posted by Daniel P. Berrangé 2 years, 1 month ago

We have a couple of compatibility hacks to cope with changes
in iptables userspace and kernel. These were very long ago
so not relevant to our current build platforms. Removing
them makes the code clearer.

The tests have churn because we were never properly testing
this aspect in the past

Daniel P. Berrangé (2):
  nwfilter: drop support for legacy iptables match syntax
  nwfilter: drop support for legacy iptables conntrack direction

 src/nwfilter/nwfilter_ebiptables_driver.c     |  128 +-
 .../ah-ipv6-linux.args                        |   54 +-
 tests/nwfilterxml2firewalldata/ah-linux.args  |   54 +-
 .../all-ipv6-linux.args                       |   54 +-
 tests/nwfilterxml2firewalldata/all-linux.args |   54 +-
 .../comment-linux.args                        |   90 +-
 .../conntrack-linux.args                      |   18 +-
 .../esp-ipv6-linux.args                       |   54 +-
 tests/nwfilterxml2firewalldata/esp-linux.args |   54 +-
 .../example-1-linux.args                      |   54 +-
 .../example-2-linux.args                      |   28 +-
 .../hex-data-linux.args                       |   36 +-
 .../icmp-direction-linux.args                 |   12 +-
 .../icmp-direction2-linux.args                |   12 +-
 .../icmp-direction3-linux.args                |   18 +-
 .../nwfilterxml2firewalldata/icmp-linux.args  |   12 +-
 .../icmpv6-linux.args                         |   16 +-
 .../nwfilterxml2firewalldata/igmp-linux.args  |   54 +-
 .../nwfilterxml2firewalldata/ipset-linux.args |   72 +-
 .../nwfilterxml2firewalldata/iter1-linux.args |   54 +-
 .../nwfilterxml2firewalldata/iter2-linux.args | 1026 +++++++++++------
 .../nwfilterxml2firewalldata/iter3-linux.args |   90 +-
 .../sctp-ipv6-linux.args                      |   54 +-
 .../nwfilterxml2firewalldata/sctp-linux.args  |   54 +-
 .../target-linux.args                         |   36 +-
 .../target2-linux.args                        |   18 +-
 .../tcp-ipv6-linux.args                       |   54 +-
 tests/nwfilterxml2firewalldata/tcp-linux.args |   18 +-
 .../udp-ipv6-linux.args                       |   54 +-
 tests/nwfilterxml2firewalldata/udp-linux.args |   54 +-
 .../udplite-ipv6-linux.args                   |   54 +-
 .../udplite-linux.args                        |   54 +-
 32 files changed, 1570 insertions(+), 924 deletions(-)

-- 
2.35.1

Re: [libvirt PATCH 0/2] nwfilter cleanups for legacy platforms

Posted by Laine Stump 2 years, 1 month ago

On 3/8/22 12:52 PM, Daniel P. Berrangé wrote:
> We have a couple of compatibility hacks to cope with changes
> in iptables userspace and kernel. These were very long ago
> so not relevant to our current build platforms. Removing
> them makes the code clearer.
> 
> The tests have churn because we were never properly testing
> this aspect in the past
> 
> Daniel P. Berrangé (2):
>    nwfilter: drop support for legacy iptables match syntax
>    nwfilter: drop support for legacy iptables conntrack direction

Reviewed-by: Laine Stump <laine@redhat.com>

for both.