From nobody Mon Sep 16 19:11:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1718220386881348.91039588025956; Wed, 12 Jun 2024 12:26:26 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 963BADAC; Wed, 12 Jun 2024 15:26:25 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 5EE2ECD1; Wed, 12 Jun 2024 15:26:01 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5A33ACBC; Wed, 12 Jun 2024 15:25:59 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CC882BA3 for ; Wed, 12 Jun 2024 15:25:58 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-410-82T_shJ9N56tfiurHE3DDw-1; Wed, 12 Jun 2024 15:25:56 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 96A131956095 for ; Wed, 12 Jun 2024 19:25:55 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.32.123]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2387F1956050 for ; Wed, 12 Jun 2024 19:25:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: *** X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1718220358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=a3+WZTvT8nYgUyCIlgchTEw/nqCE3ZRWSjYCO8j5Zrc=; b=VDkM6ydpEw1SaPx/wtgEwRYuUKOivvFbUnttS5BsyIJkHZEQII7txmPGFNKpVDiqcjbMvO Gf+46UmMpf7dnYxbwf/Lbuxw4Myyb0DJs4wKXtwnt0buJY/Is6vg/3mPBsuu4w/WBVDmB1 SilEjnWWykem1EWPJ/rSDmaqSV46IrQ= X-MC-Unique: 82T_shJ9N56tfiurHE3DDw-1 From: Laine Stump To: devel@lists.libvirt.org Subject: [PATCH] tests: fix broken nftables test data so that individual tests are successful Date: Wed, 12 Jun 2024 15:25:46 -0400 Message-ID: <20240612192554.215616-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: OKMA2YJESWY42D5B2XOAER3BUUGYK27F X-Message-ID-Hash: OKMA2YJESWY42D5B2XOAER3BUUGYK27F X-MailFrom: laine@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1718220387770100001 Content-Type: text/plain; charset="utf-8"; x-default="true" When the chain names and table name used by the nftables firewall backend were changed in commit 958aa7f274904eb8e4678a43eac845044f0dcc38, I forgot to change the test data file base.nftables, which has the extra "list" and "add chain/table" commands that are generated for the first test case of networkxml2firewalltest.c. When the full set of tests is run, the first test will be an iptables test case, so those extra commands won't be added to any of the nftables cases, and so the data in base.nftables never matches, and the tests are all successful. However, if the test are limited with, e.g. VIR_TEST_RANGE=3D2 (test #2 will be the nftables version of the 1st test case), then the commands to add nftables table/chains *will* be generated in the test output, and so the test will fail. Because I was only running the entire test series after the initial commits of nftables tests, I didn't notice this. Until now. base.nftables has now been updated to reflect the current names for chains/table, and running individual test cases is once again successful. Fixes: 958aa7f274904eb8e4678a43eac845044f0dcc38 Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Michal Privoznik --- tests/networkxml2firewalldata/base.nftables | 202 ++++---------------- 1 file changed, 42 insertions(+), 160 deletions(-) diff --git a/tests/networkxml2firewalldata/base.nftables b/tests/networkxml= 2firewalldata/base.nftables index 4f1f475a85..a064318739 100644 --- a/tests/networkxml2firewalldata/base.nftables +++ b/tests/networkxml2firewalldata/base.nftables @@ -2,255 +2,137 @@ nft \ list \ table \ ip \ -libvirt +libvirt_network nft \ add \ table \ ip \ -libvirt +libvirt_network nft \ add \ chain \ ip \ -libvirt \ -INPUT \ -'{ type filter hook input priority 0; policy accept; }' -nft \ -add \ -chain \ -ip \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ '{ type filter hook forward priority 0; policy accept; }' nft \ add \ chain \ ip \ -libvirt \ -OUTPUT \ -'{ type filter hook output priority 0; policy accept; }' -nft \ -add \ -chain \ -ip \ -libvirt \ -LIBVIRT_INP -nft \ -insert \ -rule \ -ip \ -libvirt \ -INPUT \ -counter \ -jump \ -LIBVIRT_INP -nft \ -add \ -chain \ -ip \ -libvirt \ -LIBVIRT_OUT -nft \ -insert \ -rule \ -ip \ -libvirt \ -OUTPUT \ -counter \ -jump \ -LIBVIRT_OUT -nft \ -add \ -chain \ -ip \ -libvirt \ -LIBVIRT_FWO +libvirt_network \ +guest_output nft \ insert \ rule \ ip \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ counter \ jump \ -LIBVIRT_FWO +guest_output nft \ add \ chain \ ip \ -libvirt \ -LIBVIRT_FWI +libvirt_network \ +guest_input nft \ insert \ rule \ ip \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ counter \ jump \ -LIBVIRT_FWI +guest_input nft \ add \ chain \ ip \ -libvirt \ -LIBVIRT_FWX +libvirt_network \ +guest_cross nft \ insert \ rule \ ip \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ counter \ jump \ -LIBVIRT_FWX +guest_cross nft \ add \ chain \ ip \ -libvirt \ -POSTROUTING \ +libvirt_network \ +guest_nat \ '{ type nat hook postrouting priority 100; policy accept; }' nft \ -add \ -chain \ -ip \ -libvirt \ -LIBVIRT_PRT -nft \ -insert \ -rule \ -ip \ -libvirt \ -POSTROUTING \ -counter \ -jump \ -LIBVIRT_PRT -nft \ list \ table \ ip6 \ -libvirt +libvirt_network nft \ add \ table \ ip6 \ -libvirt +libvirt_network nft \ add \ chain \ ip6 \ -libvirt \ -INPUT \ -'{ type filter hook input priority 0; policy accept; }' -nft \ -add \ -chain \ -ip6 \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ '{ type filter hook forward priority 0; policy accept; }' nft \ add \ chain \ ip6 \ -libvirt \ -OUTPUT \ -'{ type filter hook output priority 0; policy accept; }' -nft \ -add \ -chain \ -ip6 \ -libvirt \ -LIBVIRT_INP -nft \ -insert \ -rule \ -ip6 \ -libvirt \ -INPUT \ -counter \ -jump \ -LIBVIRT_INP -nft \ -add \ -chain \ -ip6 \ -libvirt \ -LIBVIRT_OUT -nft \ -insert \ -rule \ -ip6 \ -libvirt \ -OUTPUT \ -counter \ -jump \ -LIBVIRT_OUT -nft \ -add \ -chain \ -ip6 \ -libvirt \ -LIBVIRT_FWO +libvirt_network \ +guest_output nft \ insert \ rule \ ip6 \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ counter \ jump \ -LIBVIRT_FWO +guest_output nft \ add \ chain \ ip6 \ -libvirt \ -LIBVIRT_FWI +libvirt_network \ +guest_input nft \ insert \ rule \ ip6 \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ counter \ jump \ -LIBVIRT_FWI +guest_input nft \ add \ chain \ ip6 \ -libvirt \ -LIBVIRT_FWX +libvirt_network \ +guest_cross nft \ insert \ rule \ ip6 \ -libvirt \ -FORWARD \ +libvirt_network \ +forward \ counter \ jump \ -LIBVIRT_FWX +guest_cross nft \ add \ chain \ ip6 \ -libvirt \ -POSTROUTING \ +libvirt_network \ +guest_nat \ '{ type nat hook postrouting priority 100; policy accept; }' -nft \ -add \ -chain \ -ip6 \ -libvirt \ -LIBVIRT_PRT -nft \ -insert \ -rule \ -ip6 \ -libvirt \ -POSTROUTING \ -counter \ -jump \ -LIBVIRT_PRT --=20 2.45.2