From nobody Mon Feb 9 17:57:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639338527; cv=none; d=zohomail.com; s=zohoarc; b=VvxRJVrd3MXUParHp08CvbH1fwttyCbAUidrMOsNYeFHD8VCxVWTvI3dkf/dQOPGd0e60e5ANVQiDxlubEIycDHJ+AKEWh5eyphnidcu6QCBATOLdemHVg5v1rCz9neuhHlbYT0qwdsWltykmks08KSk3C85i6lUSjZshFB5mIA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639338527; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QjjRp7369puIJ3cr/YuQ2e12m/yR74QqkMtCuyd4r6A=; b=lwyqDUtU12qEOtDIWq5zivgoAUHHZbcy0MEOjtvIVbowpktwlgJNWHMlEQQz1wDjki2zOiKmiFl4awn3KZmMFXRspHqSiDF9eV3DyGajKoZUkyYxtJDPvf+LCSiXzHWAwZ9I6+NKGMtvCipXtnbBRWnCUMkwZTkAzSVLcAPkg8A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1639338527881213.727265343; Sun, 12 Dec 2021 11:48:47 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-412-QbyKsWSiOtyLsqf7QW6IBw-1; Sun, 12 Dec 2021 14:48:43 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A03F22F31; Sun, 12 Dec 2021 19:48:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A78D2B88B; Sun, 12 Dec 2021 19:48:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9E83F1809CB9; Sun, 12 Dec 2021 19:48:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BCJmZ6X018853 for ; Sun, 12 Dec 2021 14:48:35 -0500 Received: by smtp.corp.redhat.com (Postfix) id 3FE925BE03; Sun, 12 Dec 2021 19:48:35 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.2.16.52]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0C1725D6D7 for ; Sun, 12 Dec 2021 19:48:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639338526; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=QjjRp7369puIJ3cr/YuQ2e12m/yR74QqkMtCuyd4r6A=; b=GPa7uFMrq/a0/N47yPOJ4AbGg6b8WT8YlmV8jkIHFjoZll0r9TE1f0ie+Oov9x/YEKsDUA EIpp4zZqMCAG4KjcYfREOHlZMIEjlJCDXsi+5aIc7nI2A+56Ls3GwUSOCVJa5KGmXOp5g/ 1r9u+Mqc9finon3CMHkWZauPRYmLVfo= X-MC-Unique: QbyKsWSiOtyLsqf7QW6IBw-1 From: Laine Stump To: libvir-list@redhat.com Subject: [libvirt PATCH 04/12] tests: remove firewalld backend tests from virfirewalltest.c Date: Sun, 12 Dec 2021 14:48:22 -0500 Message-Id: <20211212194830.292379-5-laine@redhat.com> In-Reply-To: <20211212194830.292379-1-laine@redhat.com> References: <20211212194830.292379-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639338529025100002 Content-Type: text/plain; charset="utf-8" When libvirt added support for firewalld, all iptables/ebtables rules were added via the firewalld "passthrough" API when firewalld was enabled (the "firewalld backend"), or run directly by libvirt when firewalld was disabled (the so-called "direct backend"). virfirewalltest.c dutifully ran each test twice, once with the each backend enabled. But commit b19863640d changed the code to *always* directly run iptables/ebtables commands, and never use the firewalld passthrough API, effectively making the direct and firewalld backends identical, except that when libvirt receives notice that firewalld has restarted or reloaded its rules, the firewalld backend sends an extra "iptables -V" command via firewalld's passthrough API (and waits for a response) prior to running all the rest of the iptables commands directly; this assures that a newly-restarted firewalld has finished its work on the filter tables before libvirt starts messing with it. (Because this code is only executed in response to an event from dbus, it isn't tested in the unit tests). In spite of this, we still go through all the virfirewall tests twice though - once for the direct backend, and once for the firewalld backend, even though these take the same codepath. In commit b19863640d I had left this double-testing in thinking that someday we might go back to actually doing something useful with the firewalld backend in the course of adding support for native nftables, but I've now realized that for the case of nftables we will be *even more* divorced from firewalld, so there is really no point in keeping this code around any longer. (It's likely/probable that the tests will be done twice again in the future, but it will be enough different that it is better to remove this code and re-implement from scratch when adding the nftables backend, rather than trying to directly modify the existing code and end up with something even more confusing). This patch eliminates all the test duplication in virfirewalltest.c, including mocking dbus, which is unnecessary since none of the tests use dbus (for now we ensure that by explicitly setting the virfirewall backend to DIRECT before any of the tests have run. Eventually the concept of a "firewalld backend" will disappear completely, but that's for another patch.) Signed-off-by: Laine Stump --- tests/virfirewalltest.c | 293 +++------------------------------------- 1 file changed, 20 insertions(+), 273 deletions(-) diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index c6f4ca05e2..e6c41d89fa 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -35,10 +35,6 @@ =20 # define VIR_FROM_THIS VIR_FROM_FIREWALL =20 -static bool fwDisabled =3D true; -static virBuffer *fwBuf; -static bool fwError; - # define TEST_FILTER_TABLE_LIST \ "Chain INPUT (policy ACCEPT)\n" \ "target prot opt source destination\n" \ @@ -62,124 +58,9 @@ static bool fwError; "Chain POSTROUTING (policy ACCEPT)\n" \ "target prot opt source destination\n" =20 -VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync, - GVariant *, - GDBusConnection *, connection, - const gchar *, bus_name, - const gchar *, object_path, - const gchar *, interface_name, - const gchar *, method_name, - GVariant *, parameters, - const GVariantType *, reply_type, - GDBusCallFlags, flags, - gint, timeout_msec, - GCancellable *, cancellable, - GError **, error) -{ - GVariant *reply =3D NULL; - g_autoptr(GVariant) params =3D parameters; - - if (params) - g_variant_ref_sink(params); - - VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync); - - if (STREQ(bus_name, "org.freedesktop.DBus") && - STREQ(method_name, "ListNames")) { - GVariantBuilder builder; - - g_variant_builder_init(&builder, G_VARIANT_TYPE("(as)")); - g_variant_builder_open(&builder, G_VARIANT_TYPE("as")); - - g_variant_builder_add(&builder, "s", "org.foo.bar.wizz"); - - if (!fwDisabled) - g_variant_builder_add(&builder, "s", VIR_FIREWALL_FIREWALLD_SE= RVICE); - - g_variant_builder_close(&builder); - - reply =3D g_variant_builder_end(&builder); - } else if (STREQ(bus_name, VIR_FIREWALL_FIREWALLD_SERVICE) && - STREQ(method_name, "passthrough")) { - g_autoptr(GVariantIter) iter =3D NULL; - static const size_t maxargs =3D 5; - g_auto(GStrv) args =3D NULL; - size_t nargs =3D 0; - char *type =3D NULL; - char *item =3D NULL; - bool isAdd =3D false; - bool doError =3D false; - - g_variant_get(params, "(&sas)", &type, &iter); - - args =3D g_new0(char *, maxargs); - - if (fwBuf) { - if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IPTABLES); - else if (STREQ(type, "ipv6")) - virBufferAddLit(fwBuf, IP6TABLES); - else - virBufferAddLit(fwBuf, EBTABLES); - } - - while (g_variant_iter_loop(iter, "s", &item)) { - /* Fake failure on the command with this IP addr */ - if (STREQ(item, "-A")) { - isAdd =3D true; - } else if (isAdd && STREQ(item, "192.168.122.255")) { - doError =3D true; - } - - if (nargs < maxargs) - args[nargs] =3D g_strdup(item); - nargs++; - - if (fwBuf) { - virBufferAddLit(fwBuf, " "); - virBufferEscapeShell(fwBuf, item); - } - } - - if (fwBuf) - virBufferAddLit(fwBuf, "\n"); - - if (doError) { - if (error) - *error =3D g_dbus_error_new_for_dbus_error("org.firewalld.= error", - "something bad ha= ppened"); - } else { - if (nargs =3D=3D 2 && - STREQ(type, "ipv4") && - STREQ(args[0], "-w") && - STREQ(args[1], "-L")) { - reply =3D g_variant_new("(s)", TEST_FILTER_TABLE_LIST); - } else if (nargs =3D=3D 4 && - STREQ(type, "ipv4") && - STREQ(args[0], "-w") && - STREQ(args[1], "-t") && - STREQ(args[2], "nat") && - STREQ(args[3], "-L")) { - reply =3D g_variant_new("(s)", TEST_NAT_TABLE_LIST); - } else { - reply =3D g_variant_new("(s)", "success"); - } - } - } else { - reply =3D g_variant_new("()"); - } - - return reply; -} - -struct testFirewallData { - virFirewallBackend tryBackend; - virFirewallBackend expectBackend; - bool fwDisabled; -}; =20 static int -testFirewallSingleGroup(const void *opaque) +testFirewallSingleGroup(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf =3D VIR_BUFFER_INITIALIZER; g_autoptr(virFirewall) fw =3D virFirewallNew(); @@ -188,18 +69,10 @@ testFirewallSingleGroup(const void *opaque) const char *expected =3D IPTABLES " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; - g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; + g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, NULL, NULL= ); - else - fwBuf =3D &cmdbuf; + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, NULL, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -226,13 +99,12 @@ testFirewallSingleGroup(const void *opaque) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 =20 static int -testFirewallRemoveRule(const void *opaque) +testFirewallRemoveRule(const void *opaque G_GNUC_UNUSED) { g_auto(virBuffer) cmdbuf =3D VIR_BUFFER_INITIALIZER; g_autoptr(virFirewall) fw =3D virFirewallNew(); @@ -241,19 +113,10 @@ testFirewallRemoveRule(const void *opaque) const char *expected =3D IPTABLES " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; virFirewallRule *fwrule; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, NULL, NULL= ); - else - fwBuf =3D &cmdbuf; + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, NULL, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -286,7 +149,6 @@ testFirewallRemoveRule(const void *opaque) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -303,18 +165,9 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSE= D) IPTABLES " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n" IPTABLES " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -A OUTPUT --jump DROP\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, NULL, NULL= ); - else - fwBuf =3D &cmdbuf; + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, NULL, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -353,7 +206,6 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -391,20 +243,9 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_= UNUSED) IPTABLES " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" IPTABLES " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -A OUTPUT --jump DROP\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llRollbackHook, NULL); - } else { - fwBuf =3D &cmdbuf; - fwError =3D true; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallRo= llbackHook, NULL); =20 virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS= ); =20 @@ -443,7 +284,6 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_U= NUSED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -460,20 +300,9 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_U= NUSED) IPTABLES " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" IPTABLES " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -A OUTPUT --jump DROP\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llRollbackHook, NULL); - } else { - fwBuf =3D &cmdbuf; - fwError =3D true; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallRo= llbackHook, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -511,7 +340,6 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UN= USED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -526,20 +354,9 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSE= D) const char *expected =3D IPTABLES " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llRollbackHook, NULL); - } else { - fwBuf =3D &cmdbuf; - fwError =3D true; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallRo= llbackHook, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -573,7 +390,6 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -590,20 +406,9 @@ testFirewallSingleRollback(const void *opaque G_GNUC_U= NUSED) IPTABLES " -w -D INPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES " -w -D INPUT --source 192.168.122.255 --jump REJECT\n" IPTABLES " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llRollbackHook, NULL); - } else { - fwError =3D true; - fwBuf =3D &cmdbuf; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallRo= llbackHook, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -654,7 +459,6 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UN= USED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -670,20 +474,9 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNU= SED) IPTABLES " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" IPTABLES " -w -D INPUT --source 192.168.122.255 --jump REJECT\n" IPTABLES " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llRollbackHook, NULL); - } else { - fwBuf =3D &cmdbuf; - fwError =3D true; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallRo= llbackHook, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -738,7 +531,6 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUS= ED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -758,20 +550,9 @@ testFirewallChainedRollback(const void *opaque G_GNUC_= UNUSED) IPTABLES " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n" IPTABLES " -w -D INPUT --source 192.168.122.255 --jump REJECT\n" IPTABLES " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; - - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llRollbackHook, NULL); - } else { - fwBuf =3D &cmdbuf; - fwError =3D true; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallRo= llbackHook, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -852,7 +633,6 @@ testFirewallChainedRollback(const void *opaque G_GNUC_U= NUSED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -952,22 +732,12 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) IPTABLES " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n" IPTABLES " -w -A INPUT --source 192.168.122.128 --jump REJECT\n" IPTABLES " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"; - const struct testFirewallData *data =3D opaque; g_autoptr(virCommandDryRunToken) dryRunToken =3D virCommandDryRunToken= New(); =20 expectedLineNum =3D 0; expectedLineError =3D false; - fwDisabled =3D data->fwDisabled; - if (virFirewallSetBackend(data->tryBackend) < 0) - goto cleanup; =20 - if (data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_DIRECT || - data->expectBackend =3D=3D VIR_FIREWALL_BACKEND_FIREWALLD) { - virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewa= llQueryHook, NULL); - } else { - fwBuf =3D &cmdbuf; - fwError =3D true; - } + virCommandSetDryRun(dryRunToken, &cmdbuf, false, false, testFirewallQu= eryHook, NULL); =20 virFirewallStartTransaction(fw, 0); =20 @@ -1030,7 +800,6 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) =20 ret =3D 0; cleanup: - fwBuf =3D NULL; return ret; } =20 @@ -1040,40 +809,15 @@ mymain(void) { int ret =3D 0; =20 -# define RUN_TEST_DIRECT(name, method) \ - do { \ - struct testFirewallData data; \ - data.tryBackend =3D VIR_FIREWALL_BACKEND_AUTOMATIC; \ - data.expectBackend =3D VIR_FIREWALL_BACKEND_DIRECT; \ - data.fwDisabled =3D true; \ - if (virTestRun(name " auto direct", method, &data) < 0) \ - ret =3D -1; \ - data.tryBackend =3D VIR_FIREWALL_BACKEND_DIRECT; \ - data.expectBackend =3D VIR_FIREWALL_BACKEND_DIRECT; \ - data.fwDisabled =3D true; \ - if (virTestRun(name " manual direct", method, &data) < 0) \ - ret =3D -1; \ - } while (0) + if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) + return EXIT_FAILURE; =20 -# define RUN_TEST_FIREWALLD(name, method) \ +# define RUN_TEST(name, method) \ do { \ - struct testFirewallData data; \ - data.tryBackend =3D VIR_FIREWALL_BACKEND_AUTOMATIC; \ - data.expectBackend =3D VIR_FIREWALL_BACKEND_FIREWALLD; \ - data.fwDisabled =3D false; \ - if (virTestRun(name " auto firewalld", method, &data) < 0) \ - ret =3D -1; \ - data.tryBackend =3D VIR_FIREWALL_BACKEND_FIREWALLD; \ - data.expectBackend =3D VIR_FIREWALL_BACKEND_FIREWALLD; \ - data.fwDisabled =3D false; \ - if (virTestRun(name " manual firewalld", method, &data) < 0) \ + if (virTestRun(name, method, NULL) < 0) \ ret =3D -1; \ } while (0) =20 -# define RUN_TEST(name, method) \ - RUN_TEST_DIRECT(name, method); \ - RUN_TEST_FIREWALLD(name, method) - RUN_TEST("single group", testFirewallSingleGroup); RUN_TEST("remove rule", testFirewallRemoveRule); RUN_TEST("many groups", testFirewallManyGroups); @@ -1088,8 +832,11 @@ mymain(void) return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } =20 +# if 0 VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virgdbus"), VIR_TEST_MOCK("virfirewall")) +# endif +VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virfirewall")) =20 #else /* ! defined (__linux__) */ =20 --=20 2.33.1