1. Patchew
  2. Libvirt
  3. View series

[PATCH 0/5] nwfilter: add nwfilter nftables driver

Dion Bosschieter posted 5 patches 1 month, 1 week ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20251031120546.942126-1-dionbosschieter@gmail.com
There is a newer version of this series
po/POTFILES                                   |    2 +
src/nwfilter/meson.build                      |    2 +
src/nwfilter/nwfilter_driver.c                |   49 +-
src/nwfilter/nwfilter_ebiptables_driver.c     |  262 +-
src/nwfilter/nwfilter_gentech_driver.c        |   60 +-
src/nwfilter/nwfilter_gentech_driver.h        |    4 +-
src/nwfilter/nwfilter_nftables_driver.c       | 2374 +++++++++++
src/nwfilter/nwfilter_nftables_driver.h       |   28 +
src/nwfilter/nwfilter_tech_driver.c           |  250 ++
src/nwfilter/nwfilter_tech_driver.h           |   50 +-
tests/meson.build                             |    4 +-
tests/nwfilternftablestest.c                  |  428 ++
.../ah-ipv6-linux.args                        |    0
.../ah-linux.args                             |    0
.../all-ipv6-linux.args                       |    0
.../all-linux.args                            |    0
.../arp-linux.args                            |    0
.../comment-linux.args                        |    0
.../conntrack-linux.args                      |    0
.../esp-ipv6-linux.args                       |    0
.../esp-linux.args                            |    0
.../example-1-linux.args                      |    0
.../example-2-linux.args                      |    0
.../hex-data-linux.args                       |    0
.../icmp-direction-linux.args                 |    0
.../icmp-direction2-linux.args                |    0
.../icmp-direction3-linux.args                |    0
.../icmp-linux.args                           |    0
.../icmpv6-linux.args                         |    0
.../igmp-linux.args                           |    0
.../ip-linux.args                             |    0
.../ipset-linux.args                          |    0
.../ipt-no-macspoof-linux.args                |    0
.../ipv6-linux.args                           |    0
.../iter1-linux.args                          |    0
.../iter2-linux.args                          |    0
.../iter3-linux.args                          |    0
.../mac-linux.args                            |    0
.../rarp-linux.args                           |    0
.../sctp-ipv6-linux.args                      |    0
.../sctp-linux.args                           |    0
.../stp-linux.args                            |    0
.../target-linux.args                         |    0
.../target2-linux.args                        |    0
.../tcp-ipv6-linux.args                       |    0
.../tcp-linux.args                            |    0
.../udp-ipv6-linux.args                       |    0
.../udp-linux.args                            |    0
.../udplite-ipv6-linux.args                   |    0
.../udplite-linux.args                        |    0
.../vlan-linux.args                           |    0
...ltest.c => nwfilterxml2ebipfirewalltest.c} |    4 +-
.../ah-ipv6-linux.args                        |  304 ++
.../nwfilterxml2nftfirewalldata/ah-linux.args |  298 ++
.../all-ipv6-linux.args                       |  286 ++
.../all-linux.args                            |  280 ++
.../arp-linux.args                            |  215 +
tests/nwfilterxml2nftfirewalldata/arp.xml     |   27 +
.../comment-linux.args                        |  483 +++
.../conntrack-linux.args                      |  198 +
.../esp-ipv6-linux.args                       |  304 ++
.../esp-linux.args                            |  298 ++
.../example-1-linux.args                      |  266 ++
.../example-2-linux.args                      |  348 ++
.../hex-data-linux.args                       |  357 ++
.../icmp-direction-linux.args                 |  238 ++
.../icmp-direction2-linux.args                |  238 ++
.../icmp-direction3-linux.args                |  184 +
.../icmp-linux.args                           |  252 ++
.../icmpv6-linux.args                         |  322 ++
.../igmp-linux.args                           |  298 ++
.../nwfilterxml2nftfirewalldata/ip-linux.args |  198 +
.../ipt-no-macspoof-linux.args                |  169 +
.../ipv6-linux.args                           |  474 +++
.../iter1-linux.args                          |  298 ++
.../iter2-linux.args                          | 3598 +++++++++++++++++
.../iter3-linux.args                          |  418 ++
.../mac-linux.args                            |  180 +
.../rarp-linux.args                           |  215 +
.../sctp-ipv6-linux.args                      |  314 ++
.../sctp-linux.args                           |  314 ++
.../target-linux.args                         |  452 +++
.../target2-linux.args                        |  316 ++
.../tcp-ipv6-linux.args                       |  314 ++
.../tcp-linux.args                            |  468 +++
.../udp-ipv6-linux.args                       |  314 ++
.../udp-linux.args                            |  314 ++
.../udplite-ipv6-linux.args                   |  304 ++
.../udplite-linux.args                        |  298 ++
.../vlan-linux.args                           |  264 ++
tests/nwfilterxml2nftfirewalltest.c           |  438 ++
91 files changed, 18066 insertions(+), 307 deletions(-)
create mode 100644 src/nwfilter/nwfilter_nftables_driver.c
create mode 100644 src/nwfilter/nwfilter_nftables_driver.h
create mode 100644 src/nwfilter/nwfilter_tech_driver.c
create mode 100644 tests/nwfilternftablestest.c
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ah-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ah-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/all-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/all-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/arp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/comment-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/conntrack-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/esp-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/esp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/example-1-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/example-2-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/hex-data-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-direction-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-direction2-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-direction3-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmpv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/igmp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ip-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ipset-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ipt-no-macspoof-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/iter1-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/iter2-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/iter3-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/mac-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/rarp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/sctp-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/sctp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/stp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/target-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/target2-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/tcp-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/tcp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udp-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udp-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udplite-ipv6-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udplite-linux.args (100%)
rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/vlan-linux.args (100%)
rename tests/{nwfilterxml2firewalltest.c => nwfilterxml2ebipfirewalltest.c} (99%)
create mode 100755 tests/nwfilterxml2nftfirewalldata/ah-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/ah-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/all-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/all-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/arp-linux.args
create mode 100644 tests/nwfilterxml2nftfirewalldata/arp.xml
create mode 100755 tests/nwfilterxml2nftfirewalldata/comment-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/conntrack-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/esp-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/esp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/example-1-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/example-2-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/hex-data-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-direction-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-direction2-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-direction3-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/icmpv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/igmp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/ip-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/ipt-no-macspoof-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/iter1-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/iter2-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/iter3-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/mac-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/rarp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/sctp-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/sctp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/target-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/target2-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/tcp-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/tcp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/udp-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/udp-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/udplite-ipv6-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/udplite-linux.args
create mode 100755 tests/nwfilterxml2nftfirewalldata/vlan-linux.args
create mode 100644 tests/nwfilterxml2nftfirewalltest.c
[PATCH 0/5] nwfilter: add nwfilter nftables driver
Posted by Dion Bosschieter 1 month, 1 week ago 
This series aims to implement nftables as a backend driver for
the nwfilter feature. The idea is that eventually it will replace
the ebiptables driver and provide an easy way for users to switch
from one driver to another.

The first 2 patches are moving of functions and renames, meant to decouple
nwfilter from the currently only existing ebiptables driver.

The 3rd patch introduces the new nwfilter driver. After which nwfilter allows
users to choose it in the 4th patch.

The last patch introduces unit testing of the new nftables driver.

- Implemented very basic nwfilter.conf reading and choosing a nwfilter
  driver based on the name of the drivers (nftables/ebiptables).
  Defaults to the ebiptables driver.
- Resolves issue https://gitlab.com/libvirt/libvirt/-/issues/603
  benchmarks showed that the amount of iifname jumps for each
  interface with is the cause for this.
  Switched the nftables driver towards a vmap (verdict map) so we
  can have 1 rule that jumps to the correct root input/output chain
  per interface. Which improves throughput as when the number of
  interface check and jump rules increases the throughput decreases.
  The issue describes the interface matching works using the interface
  name and the majority of the effort is the strncpy, this commit also
  switches nftables to an interface_index compare instead.
  However, just using the interface_index is not enough, the amount of
  oif and iif jump rules causes quite a performance issue,
  the vmap instead solves this.
- Split rules into separate tables: "libvirt-nwfilter-ethernet" and
  "libvirt-nwfilter-other" to preserve existing firewall behavior.
- Reworked chain logic for clarity with root -input/-output chains per
  interface. input in the VM interface is filtered in the -input
  chain(s), output out of the VM inteface is filtered in the -output
  chain(s).
- Stuck with prerouting and postrouting as hooks for input / output
  on the -ethernet and -other table. This makes it easier to merge
  the tables in the future. Saving management of two tables and
  decreasing the amount of tables a packet sees. Currently ebtables
  filtering happens via PREROUTING and POSTROUTING hooks, while
  ip/ip6tables filtering happens in the output/forward hooks.
- Stuck with 2 tables for compatibility reasons with eb iptables,
  unifying into 1 table will break users firewall definitions, which
  depend on being able to do accepts on ethernet rules
  (which currently get defined via ebtables) and additional filtering
  via the ip rules (which currently get defined via ip(6)tables).
  The nwfilter_nftables_driver keeps splitting the ethernet and
  non ethernet (other) rules in seperate tables
  "libvirt-nwfilter-ethernet" and "libvirt-nwfilter-other".
- Rewrote chain logic, so it is easier to understand,
  input in the VM interface is filtered in the -input
  chain(s), output out of the VM inteface is filtered in the -output
  chain(s). -ethernet and -other table follow the same style and
  hook in the same way.
- Simplified conntrack handling: rules with accept+conntrack are
  duplicated to the opposite chain for symmetric behavior, to support
  the existing ebiptables logic.
- Firewall updates continue use tmp names for atomic replacement.

Unsupported nwfilter features (for now):
- STP filtering
- Gratuitous ARP filtering
- IPSets (potential future support via nft sets)
- Reject due to filtering in pre/postrouting, using drop instead
  of reject, copying logic from existing ebiptables ebtables actions

Future improvements:
- Use `nft -f` for atomic rule application.
- Optional single-table mode via nwfilter.conf.
- Optimize boot phase with chain hash comparison.

Dion Bosschieter (5):
  nwfilter: rename ebiptables unit tests and data files
  nwfilter: move shared nwfilter driver functions into
    nwfilter_tech_driver.c
  nwfilter: add nwfilter nftables driver
  nwfilter: allow use of nftables nwfilter driver via nwfilter.conf
  nwfilter: add unit tests and test data for nwfilter nftables driver

 po/POTFILES                                   |    2 +
 src/nwfilter/meson.build                      |    2 +
 src/nwfilter/nwfilter_driver.c                |   49 +-
 src/nwfilter/nwfilter_ebiptables_driver.c     |  262 +-
 src/nwfilter/nwfilter_gentech_driver.c        |   60 +-
 src/nwfilter/nwfilter_gentech_driver.h        |    4 +-
 src/nwfilter/nwfilter_nftables_driver.c       | 2374 +++++++++++
 src/nwfilter/nwfilter_nftables_driver.h       |   28 +
 src/nwfilter/nwfilter_tech_driver.c           |  250 ++
 src/nwfilter/nwfilter_tech_driver.h           |   50 +-
 tests/meson.build                             |    4 +-
 tests/nwfilternftablestest.c                  |  428 ++
 .../ah-ipv6-linux.args                        |    0
 .../ah-linux.args                             |    0
 .../all-ipv6-linux.args                       |    0
 .../all-linux.args                            |    0
 .../arp-linux.args                            |    0
 .../comment-linux.args                        |    0
 .../conntrack-linux.args                      |    0
 .../esp-ipv6-linux.args                       |    0
 .../esp-linux.args                            |    0
 .../example-1-linux.args                      |    0
 .../example-2-linux.args                      |    0
 .../hex-data-linux.args                       |    0
 .../icmp-direction-linux.args                 |    0
 .../icmp-direction2-linux.args                |    0
 .../icmp-direction3-linux.args                |    0
 .../icmp-linux.args                           |    0
 .../icmpv6-linux.args                         |    0
 .../igmp-linux.args                           |    0
 .../ip-linux.args                             |    0
 .../ipset-linux.args                          |    0
 .../ipt-no-macspoof-linux.args                |    0
 .../ipv6-linux.args                           |    0
 .../iter1-linux.args                          |    0
 .../iter2-linux.args                          |    0
 .../iter3-linux.args                          |    0
 .../mac-linux.args                            |    0
 .../rarp-linux.args                           |    0
 .../sctp-ipv6-linux.args                      |    0
 .../sctp-linux.args                           |    0
 .../stp-linux.args                            |    0
 .../target-linux.args                         |    0
 .../target2-linux.args                        |    0
 .../tcp-ipv6-linux.args                       |    0
 .../tcp-linux.args                            |    0
 .../udp-ipv6-linux.args                       |    0
 .../udp-linux.args                            |    0
 .../udplite-ipv6-linux.args                   |    0
 .../udplite-linux.args                        |    0
 .../vlan-linux.args                           |    0
 ...ltest.c => nwfilterxml2ebipfirewalltest.c} |    4 +-
 .../ah-ipv6-linux.args                        |  304 ++
 .../nwfilterxml2nftfirewalldata/ah-linux.args |  298 ++
 .../all-ipv6-linux.args                       |  286 ++
 .../all-linux.args                            |  280 ++
 .../arp-linux.args                            |  215 +
 tests/nwfilterxml2nftfirewalldata/arp.xml     |   27 +
 .../comment-linux.args                        |  483 +++
 .../conntrack-linux.args                      |  198 +
 .../esp-ipv6-linux.args                       |  304 ++
 .../esp-linux.args                            |  298 ++
 .../example-1-linux.args                      |  266 ++
 .../example-2-linux.args                      |  348 ++
 .../hex-data-linux.args                       |  357 ++
 .../icmp-direction-linux.args                 |  238 ++
 .../icmp-direction2-linux.args                |  238 ++
 .../icmp-direction3-linux.args                |  184 +
 .../icmp-linux.args                           |  252 ++
 .../icmpv6-linux.args                         |  322 ++
 .../igmp-linux.args                           |  298 ++
 .../nwfilterxml2nftfirewalldata/ip-linux.args |  198 +
 .../ipt-no-macspoof-linux.args                |  169 +
 .../ipv6-linux.args                           |  474 +++
 .../iter1-linux.args                          |  298 ++
 .../iter2-linux.args                          | 3598 +++++++++++++++++
 .../iter3-linux.args                          |  418 ++
 .../mac-linux.args                            |  180 +
 .../rarp-linux.args                           |  215 +
 .../sctp-ipv6-linux.args                      |  314 ++
 .../sctp-linux.args                           |  314 ++
 .../target-linux.args                         |  452 +++
 .../target2-linux.args                        |  316 ++
 .../tcp-ipv6-linux.args                       |  314 ++
 .../tcp-linux.args                            |  468 +++
 .../udp-ipv6-linux.args                       |  314 ++
 .../udp-linux.args                            |  314 ++
 .../udplite-ipv6-linux.args                   |  304 ++
 .../udplite-linux.args                        |  298 ++
 .../vlan-linux.args                           |  264 ++
 tests/nwfilterxml2nftfirewalltest.c           |  438 ++
 91 files changed, 18066 insertions(+), 307 deletions(-)
 create mode 100644 src/nwfilter/nwfilter_nftables_driver.c
 create mode 100644 src/nwfilter/nwfilter_nftables_driver.h
 create mode 100644 src/nwfilter/nwfilter_tech_driver.c
 create mode 100644 tests/nwfilternftablestest.c
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ah-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ah-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/all-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/all-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/arp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/comment-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/conntrack-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/esp-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/esp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/example-1-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/example-2-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/hex-data-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-direction-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-direction2-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-direction3-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/icmpv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/igmp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ip-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ipset-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ipt-no-macspoof-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/iter1-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/iter2-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/iter3-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/mac-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/rarp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/sctp-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/sctp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/stp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/target-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/target2-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/tcp-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/tcp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udp-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udp-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udplite-ipv6-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/udplite-linux.args (100%)
 rename tests/{nwfilterxml2firewalldata => nwfilterxml2ebipfirewalldata}/vlan-linux.args (100%)
 rename tests/{nwfilterxml2firewalltest.c => nwfilterxml2ebipfirewalltest.c} (99%)
 create mode 100755 tests/nwfilterxml2nftfirewalldata/ah-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/ah-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/all-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/all-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/arp-linux.args
 create mode 100644 tests/nwfilterxml2nftfirewalldata/arp.xml
 create mode 100755 tests/nwfilterxml2nftfirewalldata/comment-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/conntrack-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/esp-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/esp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/example-1-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/example-2-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/hex-data-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-direction-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-direction2-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-direction3-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/icmp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/icmpv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/igmp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/ip-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/ipt-no-macspoof-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/iter1-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/iter2-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/iter3-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/mac-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/rarp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/sctp-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/sctp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/target-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/target2-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/tcp-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/tcp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/udp-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/udp-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/udplite-ipv6-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/udplite-linux.args
 create mode 100755 tests/nwfilterxml2nftfirewalldata/vlan-linux.args
 create mode 100644 tests/nwfilterxml2nftfirewalltest.c

-- 
2.43.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.