From nobody Sun Feb 8 23:32:05 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1617808456; cv=none; d=zohomail.com; s=zohoarc; b=N8H1HnNewEDQEQNL7gpZqk9ITWKJVaKgc77GCmRDQbWmHg0ISH5rscrMSSDI4dBZlftOVVHd0xfTMAbwqGIdLVM+awLRRecd5OsjzyA/ax4QSiauY2tbWubXKyQQPI4n7dFdvbHF33BPLEoi9ltqO0BBy8PgMBTxUwM7vEya/ZA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1617808456; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=P3k1bU1ahUOjC0F0ezRJW8wCUf6jnNk6jmQCw3fxs88=; b=k+oDTTmHts8CSyGB1J+4UqClukSLvKDnJmOEToRHH2867YLm/vAb4zy0ej0Oq15pxPorzBJgnJk/Bwxpq2FYkHIgN57/END2S6DgmR1m2e29is1+xanprLbVMbhUIsIW1QkTLqCsPLQoq2CaslMOLoJW0HduUp4YbvB0l8ZAqlw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1617808456714651.7625634549211; Wed, 7 Apr 2021 08:14:16 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-425-RtVRHHVYPw6mEqFyPGobvw-1; Wed, 07 Apr 2021 11:13:04 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EC196100A902; Wed, 7 Apr 2021 15:12:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C31B4610A8; Wed, 7 Apr 2021 15:12:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 842B55534B; Wed, 7 Apr 2021 15:12:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 137FAe2k032195 for ; Wed, 7 Apr 2021 11:10:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id B5C6B19D9D; Wed, 7 Apr 2021 15:10:40 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.33]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1BD2D196E3 for ; Wed, 7 Apr 2021 15:10:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617808455; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=P3k1bU1ahUOjC0F0ezRJW8wCUf6jnNk6jmQCw3fxs88=; b=WInN1ceAth4JoCI0Xqv0gX7wOi9HQLs/PlHKGxXdRFYVOphdI4QYUmx5OqwFk2D+djC4JG IHVhDJrRqmq6Tp6aljFCa//uWjJHOIkliqjB0GkQblaQ7LfvWIxUbzqy9BJE9+euKp6IMS WhXW0KdtI7uWbKiHDegCJxsqxP3FUvQ= X-MC-Unique: RtVRHHVYPw6mEqFyPGobvw-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 22/24] nwfilterxml2firewalldata: Use internal wrapping to wrap output files Date: Wed, 7 Apr 2021 17:09:45 +0200 Message-Id: <81da90a9e2ff799b73d7050b7d51aec4a88d3c77.1617807877.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" As with previous commits use virCommandSetDryRun to invoke virCommandToString so that it returns pre-wrapped string. Since virCommand is better aware of where the arguments terminate we can see an improvement where comments are no longer line-wrapped. The changes to the 'commonRules' strings were done with the following regex: s/ -/ \\\\\\n-/ Signed-off-by: Peter Krempa --- build-aux/syntax-check.mk | 2 +- .../comment-linux.args | 9 +- .../target-linux.args | 81 ++++------ tests/nwfilterxml2firewalltest.c | 148 +++++++++--------- 4 files changed, 105 insertions(+), 135 deletions(-) diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk index 1c2ea1c98a..bfff8abece 100644 --- a/build-aux/syntax-check.mk +++ b/build-aux/syntax-check.mk @@ -1713,7 +1713,7 @@ sc_header-ifdef: $(PYTHON) $(top_srcdir)/scripts/header-ifdef.py sc_test-wrap-argv: - $(AM_V_GEN)$(VC_LIST) | $(GREP) -v -E 'qemuxml2argvdata' \ + $(AM_V_GEN)$(VC_LIST) | $(GREP) -v -E 'qemuxml2argvdata|nwfilterxml2firew= alldata' \ |$(GREP) -E '\.(ldargs|args)' | $(RUNUTF8) xargs \ $(PYTHON) $(top_srcdir)/scripts/test-wrap-argv.py --check diff --git a/tests/nwfilterxml2firewalldata/comment-linux.args b/tests/nwfi= lterxml2firewalldata/comment-linux.args index 6233ccf9f5..c014538f09 100644 --- a/tests/nwfilterxml2firewalldata/comment-linux.args +++ b/tests/nwfilterxml2firewalldata/comment-linux.args @@ -195,8 +195,7 @@ ip6tables \ -m state \ --state ESTABLISHED \ -m comment \ ---comment 'tmp=3D`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm \ --f ${tmp}' \ +--comment 'tmp=3D`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f $= {tmp}' \ -j RETURN ip6tables \ -w \ @@ -205,8 +204,7 @@ ip6tables \ -m state \ --state NEW,ESTABLISHED \ -m comment \ ---comment 'tmp=3D`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm \ --f ${tmp}' \ +--comment 'tmp=3D`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f $= {tmp}' \ -j ACCEPT ip6tables \ -w \ @@ -215,6 +213,5 @@ ip6tables \ -m state \ --state ESTABLISHED \ -m comment \ ---comment 'tmp=3D`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm \ --f ${tmp}' \ +--comment 'tmp=3D`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f $= {tmp}' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/target-linux.args b/tests/nwfil= terxml2firewalldata/target-linux.args index 5216c709dd..abb01debf9 100644 --- a/tests/nwfilterxml2firewalldata/target-linux.args +++ b/tests/nwfilterxml2firewalldata/target-linux.args @@ -52,8 +52,7 @@ iptables \ -m state \ --state NEW,ESTABLISHED \ -m comment \ ---comment 'accept rule \ --- dir out' \ +--comment 'accept rule -- dir out' \ -j RETURN iptables \ -w \ @@ -65,8 +64,7 @@ iptables \ -m state \ --state ESTABLISHED \ -m comment \ ---comment 'accept rule \ --- dir out' \ +--comment 'accept rule -- dir out' \ -j ACCEPT iptables \ -w \ @@ -80,8 +78,7 @@ iptables \ -m state \ --state NEW,ESTABLISHED \ -m comment \ ---comment 'accept rule \ --- dir out' \ +--comment 'accept rule -- dir out' \ -j RETURN iptables \ -w \ @@ -93,8 +90,7 @@ iptables \ -m dscp \ --dscp 2 \ -m comment \ ---comment 'drop rule \ --- dir out' \ +--comment 'drop rule -- dir out' \ -j DROP iptables \ -w \ @@ -104,8 +100,7 @@ iptables \ -m dscp \ --dscp 2 \ -m comment \ ---comment 'drop rule \ --- dir out' \ +--comment 'drop rule -- dir out' \ -j DROP iptables \ -w \ @@ -117,8 +112,7 @@ iptables \ -m dscp \ --dscp 2 \ -m comment \ ---comment 'drop rule \ --- dir out' \ +--comment 'drop rule -- dir out' \ -j DROP iptables \ -w \ @@ -130,8 +124,7 @@ iptables \ -m dscp \ --dscp 2 \ -m comment \ ---comment 'reject rule \ --- dir out' \ +--comment 'reject rule -- dir out' \ -j REJECT iptables \ -w \ @@ -141,8 +134,7 @@ iptables \ -m dscp \ --dscp 2 \ -m comment \ ---comment 'reject rule \ --- dir out' \ +--comment 'reject rule -- dir out' \ -j REJECT iptables \ -w \ @@ -154,8 +146,7 @@ iptables \ -m dscp \ --dscp 2 \ -m comment \ ---comment 'reject rule \ --- dir out' \ +--comment 'reject rule -- dir out' \ -j REJECT iptables \ -w \ @@ -167,8 +158,7 @@ iptables \ -m state \ --state ESTABLISHED \ -m comment \ ---comment 'accept rule \ --- dir in' \ +--comment 'accept rule -- dir in' \ -j RETURN iptables \ -w \ @@ -182,8 +172,7 @@ iptables \ -m state \ --state NEW,ESTABLISHED \ -m comment \ ---comment 'accept rule \ --- dir in' \ +--comment 'accept rule -- dir in' \ -j ACCEPT iptables \ -w \ @@ -195,8 +184,7 @@ iptables \ -m state \ --state ESTABLISHED \ -m comment \ ---comment 'accept rule \ --- dir in' \ +--comment 'accept rule -- dir in' \ -j RETURN iptables \ -w \ @@ -206,8 +194,7 @@ iptables \ -m dscp \ --dscp 33 \ -m comment \ ---comment 'drop rule \ --- dir in' \ +--comment 'drop rule -- dir in' \ -j DROP iptables \ -w \ @@ -219,8 +206,7 @@ iptables \ -m dscp \ --dscp 33 \ -m comment \ ---comment 'drop rule \ --- dir in' \ +--comment 'drop rule -- dir in' \ -j DROP iptables \ -w \ @@ -230,8 +216,7 @@ iptables \ -m dscp \ --dscp 33 \ -m comment \ ---comment 'drop rule \ --- dir in' \ +--comment 'drop rule -- dir in' \ -j DROP iptables \ -w \ @@ -241,8 +226,7 @@ iptables \ -m dscp \ --dscp 33 \ -m comment \ ---comment 'reject rule \ --- dir in' \ +--comment 'reject rule -- dir in' \ -j REJECT iptables \ -w \ @@ -254,8 +238,7 @@ iptables \ -m dscp \ --dscp 33 \ -m comment \ ---comment 'reject rule \ --- dir in' \ +--comment 'reject rule -- dir in' \ -j REJECT iptables \ -w \ @@ -265,78 +248,68 @@ iptables \ -m dscp \ --dscp 33 \ -m comment \ ---comment 'reject rule \ --- dir in' \ +--comment 'reject rule -- dir in' \ -j REJECT iptables \ -w \ -A FJ-vnet0 \ -p all \ -m comment \ ---comment 'accept rule \ --- dir inout' \ +--comment 'accept rule -- dir inout' \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p all \ -m comment \ ---comment 'accept rule \ --- dir inout' \ +--comment 'accept rule -- dir inout' \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p all \ -m comment \ ---comment 'accept rule \ --- dir inout' \ +--comment 'accept rule -- dir inout' \ -j RETURN iptables \ -w \ -A FJ-vnet0 \ -p all \ -m comment \ ---comment 'drop rule \ --- dir inout' \ +--comment 'drop rule -- dir inout' \ -j DROP iptables \ -w \ -A FP-vnet0 \ -p all \ -m comment \ ---comment 'drop rule \ --- dir inout' \ +--comment 'drop rule -- dir inout' \ -j DROP iptables \ -w \ -A HJ-vnet0 \ -p all \ -m comment \ ---comment 'drop rule \ --- dir inout' \ +--comment 'drop rule -- dir inout' \ -j DROP iptables \ -w \ -A FJ-vnet0 \ -p all \ -m comment \ ---comment 'reject rule \ --- dir inout' \ +--comment 'reject rule -- dir inout' \ -j REJECT iptables \ -w \ -A FP-vnet0 \ -p all \ -m comment \ ---comment 'reject rule \ --- dir inout' \ +--comment 'reject rule -- dir inout' \ -j REJECT iptables \ -w \ -A HJ-vnet0 \ -p all \ -m comment \ ---comment 'reject rule \ --- dir inout' \ +--comment 'reject rule -- dir inout' \ -j REJECT diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewallt= est.c index b974f9cb1a..93c73c7714 100644 --- a/tests/nwfilterxml2firewalltest.c +++ b/tests/nwfilterxml2firewalltest.c @@ -58,90 +58,90 @@ struct _virNWFilterInst { static const char *commonRules[] =3D { /* Dropping ebtables rules */ - "ebtables --concurrent -t nat -D PREROUTING -i vnet0 -j libvirt-J-vnet= 0\n" - "ebtables --concurrent -t nat -D POSTROUTING -o vnet0 -j libvirt-P-vne= t0\n" - "ebtables --concurrent -t nat -L libvirt-J-vnet0\n" - "ebtables --concurrent -t nat -L libvirt-P-vnet0\n" - "ebtables --concurrent -t nat -F libvirt-J-vnet0\n" - "ebtables --concurrent -t nat -X libvirt-J-vnet0\n" - "ebtables --concurrent -t nat -F libvirt-P-vnet0\n" - "ebtables --concurrent -t nat -X libvirt-P-vnet0\n", + "ebtables \\\n--concurrent \\\n-t nat \\\n-D PREROUTING \\\n-i vnet0 \= \\n-j libvirt-J-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-D POSTROUTING \\\n-o vnet0 = \\\n-j libvirt-P-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-L libvirt-J-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-L libvirt-P-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-F libvirt-J-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-X libvirt-J-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-F libvirt-P-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-X libvirt-P-vnet0\n", /* Creating ebtables chains */ - "ebtables --concurrent -t nat -N libvirt-J-vnet0\n" - "ebtables --concurrent -t nat -N libvirt-P-vnet0\n", + "ebtables \\\n--concurrent \\\n-t nat \\\n-N libvirt-J-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-N libvirt-P-vnet0\n", /* Dropping iptables rules */ - "iptables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev-= out vnet0 -g FP-vnet0\n" - "iptables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet0= \n" - "iptables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" - "iptables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vn= et0\n" - "iptables -w -F FP-vnet0\n" - "iptables -w -X FP-vnet0\n" - "iptables -w -F FJ-vnet0\n" - "iptables -w -X FJ-vnet0\n" - "iptables -w -F HJ-vnet0\n" - "iptables -w -X HJ-vnet0\n", + "iptables \\\n-w \\\n-D libvirt-out \\\n-m physdev \\\n--physdev-is-br= idged \\\n--physdev-out vnet0 \\\n-g FP-vnet0\n" + "iptables \\\n-w \\\n-D libvirt-out \\\n-m physdev \\\n--physdev-out v= net0 \\\n-g FP-vnet0\n" + "iptables \\\n-w \\\n-D libvirt-in \\\n-m physdev \\\n--physdev-in vne= t0 \\\n-g FJ-vnet0\n" + "iptables \\\n-w \\\n-D libvirt-host-in \\\n-m physdev \\\n--physdev-i= n vnet0 \\\n-g HJ-vnet0\n" + "iptables \\\n-w \\\n-F FP-vnet0\n" + "iptables \\\n-w \\\n-X FP-vnet0\n" + "iptables \\\n-w \\\n-F FJ-vnet0\n" + "iptables \\\n-w \\\n-X FJ-vnet0\n" + "iptables \\\n-w \\\n-F HJ-vnet0\n" + "iptables \\\n-w \\\n-X HJ-vnet0\n", /* Creating iptables chains */ - "iptables -w -N libvirt-in\n" - "iptables -w -N libvirt-out\n" - "iptables -w -N libvirt-in-post\n" - "iptables -w -N libvirt-host-in\n" - "iptables -w -D FORWARD -j libvirt-in\n" - "iptables -w -D FORWARD -j libvirt-out\n" - "iptables -w -D FORWARD -j libvirt-in-post\n" - "iptables -w -D INPUT -j libvirt-host-in\n" - "iptables -w -I FORWARD 1 -j libvirt-in\n" - "iptables -w -I FORWARD 2 -j libvirt-out\n" - "iptables -w -I FORWARD 3 -j libvirt-in-post\n" - "iptables -w -I INPUT 1 -j libvirt-host-in\n" - "iptables -w -N FP-vnet0\n" - "iptables -w -N FJ-vnet0\n" - "iptables -w -N HJ-vnet0\n" - "iptables -w -A libvirt-out -m physdev --physdev-is-bridged --physdev-= out vnet0 -g FP-vnet0\n" - "iptables -w -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\n" - "iptables -w -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-vn= et0\n" - "iptables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEP= T\n" - "iptables -w -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCEP= T\n", + "iptables \\\n-w \\\n-N libvirt-in\n" + "iptables \\\n-w \\\n-N libvirt-out\n" + "iptables \\\n-w \\\n-N libvirt-in-post\n" + "iptables \\\n-w \\\n-N libvirt-host-in\n" + "iptables \\\n-w \\\n-D FORWARD \\\n-j libvirt-in\n" + "iptables \\\n-w \\\n-D FORWARD \\\n-j libvirt-out\n" + "iptables \\\n-w \\\n-D FORWARD \\\n-j libvirt-in-post\n" + "iptables \\\n-w \\\n-D INPUT \\\n-j libvirt-host-in\n" + "iptables \\\n-w \\\n-I FORWARD 1 \\\n-j libvirt-in\n" + "iptables \\\n-w \\\n-I FORWARD 2 \\\n-j libvirt-out\n" + "iptables \\\n-w \\\n-I FORWARD 3 \\\n-j libvirt-in-post\n" + "iptables \\\n-w \\\n-I INPUT 1 \\\n-j libvirt-host-in\n" + "iptables \\\n-w \\\n-N FP-vnet0\n" + "iptables \\\n-w \\\n-N FJ-vnet0\n" + "iptables \\\n-w \\\n-N HJ-vnet0\n" + "iptables \\\n-w \\\n-A libvirt-out \\\n-m physdev \\\n--physdev-is-br= idged \\\n--physdev-out vnet0 \\\n-g FP-vnet0\n" + "iptables \\\n-w \\\n-A libvirt-in \\\n-m physdev \\\n--physdev-in vne= t0 \\\n-g FJ-vnet0\n" + "iptables \\\n-w \\\n-A libvirt-host-in \\\n-m physdev \\\n--physdev-i= n vnet0 \\\n-g HJ-vnet0\n" + "iptables \\\n-w \\\n-D libvirt-in-post \\\n-m physdev \\\n--physdev-i= n vnet0 \\\n-j ACCEPT\n" + "iptables \\\n-w \\\n-A libvirt-in-post \\\n-m physdev \\\n--physdev-i= n vnet0 \\\n-j ACCEPT\n", /* Dropping ip6tables rules */ - "ip6tables -w -D libvirt-out -m physdev --physdev-is-bridged --physdev= -out vnet0 -g FP-vnet0\n" - "ip6tables -w -D libvirt-out -m physdev --physdev-out vnet0 -g FP-vnet= 0\n" - "ip6tables -w -D libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\= n" - "ip6tables -w -D libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-v= net0\n" - "ip6tables -w -F FP-vnet0\n" - "ip6tables -w -X FP-vnet0\n" - "ip6tables -w -F FJ-vnet0\n" - "ip6tables -w -X FJ-vnet0\n" - "ip6tables -w -F HJ-vnet0\n" - "ip6tables -w -X HJ-vnet0\n", + "ip6tables \\\n-w \\\n-D libvirt-out \\\n-m physdev \\\n--physdev-is-b= ridged \\\n--physdev-out vnet0 \\\n-g FP-vnet0\n" + "ip6tables \\\n-w \\\n-D libvirt-out \\\n-m physdev \\\n--physdev-out = vnet0 \\\n-g FP-vnet0\n" + "ip6tables \\\n-w \\\n-D libvirt-in \\\n-m physdev \\\n--physdev-in vn= et0 \\\n-g FJ-vnet0\n" + "ip6tables \\\n-w \\\n-D libvirt-host-in \\\n-m physdev \\\n--physdev-= in vnet0 \\\n-g HJ-vnet0\n" + "ip6tables \\\n-w \\\n-F FP-vnet0\n" + "ip6tables \\\n-w \\\n-X FP-vnet0\n" + "ip6tables \\\n-w \\\n-F FJ-vnet0\n" + "ip6tables \\\n-w \\\n-X FJ-vnet0\n" + "ip6tables \\\n-w \\\n-F HJ-vnet0\n" + "ip6tables \\\n-w \\\n-X HJ-vnet0\n", /* Creating ip6tables chains */ - "ip6tables -w -N libvirt-in\n" - "ip6tables -w -N libvirt-out\n" - "ip6tables -w -N libvirt-in-post\n" - "ip6tables -w -N libvirt-host-in\n" - "ip6tables -w -D FORWARD -j libvirt-in\n" - "ip6tables -w -D FORWARD -j libvirt-out\n" - "ip6tables -w -D FORWARD -j libvirt-in-post\n" - "ip6tables -w -D INPUT -j libvirt-host-in\n" - "ip6tables -w -I FORWARD 1 -j libvirt-in\n" - "ip6tables -w -I FORWARD 2 -j libvirt-out\n" - "ip6tables -w -I FORWARD 3 -j libvirt-in-post\n" - "ip6tables -w -I INPUT 1 -j libvirt-host-in\n" - "ip6tables -w -N FP-vnet0\n" - "ip6tables -w -N FJ-vnet0\n" - "ip6tables -w -N HJ-vnet0\n" - "ip6tables -w -A libvirt-out -m physdev --physdev-is-bridged --physdev= -out vnet0 -g FP-vnet0\n" - "ip6tables -w -A libvirt-in -m physdev --physdev-in vnet0 -g FJ-vnet0\= n" - "ip6tables -w -A libvirt-host-in -m physdev --physdev-in vnet0 -g HJ-v= net0\n" - "ip6tables -w -D libvirt-in-post -m physdev --physdev-in vnet0 -j ACCE= PT\n" - "ip6tables -w -A libvirt-in-post -m physdev --physdev-in vnet0 -j ACCE= PT\n", + "ip6tables \\\n-w \\\n-N libvirt-in\n" + "ip6tables \\\n-w \\\n-N libvirt-out\n" + "ip6tables \\\n-w \\\n-N libvirt-in-post\n" + "ip6tables \\\n-w \\\n-N libvirt-host-in\n" + "ip6tables \\\n-w \\\n-D FORWARD \\\n-j libvirt-in\n" + "ip6tables \\\n-w \\\n-D FORWARD \\\n-j libvirt-out\n" + "ip6tables \\\n-w \\\n-D FORWARD \\\n-j libvirt-in-post\n" + "ip6tables \\\n-w \\\n-D INPUT \\\n-j libvirt-host-in\n" + "ip6tables \\\n-w \\\n-I FORWARD 1 \\\n-j libvirt-in\n" + "ip6tables \\\n-w \\\n-I FORWARD 2 \\\n-j libvirt-out\n" + "ip6tables \\\n-w \\\n-I FORWARD 3 \\\n-j libvirt-in-post\n" + "ip6tables \\\n-w \\\n-I INPUT 1 \\\n-j libvirt-host-in\n" + "ip6tables \\\n-w \\\n-N FP-vnet0\n" + "ip6tables \\\n-w \\\n-N FJ-vnet0\n" + "ip6tables \\\n-w \\\n-N HJ-vnet0\n" + "ip6tables \\\n-w \\\n-A libvirt-out \\\n-m physdev \\\n--physdev-is-b= ridged \\\n--physdev-out vnet0 \\\n-g FP-vnet0\n" + "ip6tables \\\n-w \\\n-A libvirt-in \\\n-m physdev \\\n--physdev-in vn= et0 \\\n-g FJ-vnet0\n" + "ip6tables \\\n-w \\\n-A libvirt-host-in \\\n-m physdev \\\n--physdev-= in vnet0 \\\n-g HJ-vnet0\n" + "ip6tables \\\n-w \\\n-D libvirt-in-post \\\n-m physdev \\\n--physdev-= in vnet0 \\\n-j ACCEPT\n" + "ip6tables \\\n-w \\\n-A libvirt-in-post \\\n-m physdev \\\n--physdev-= in vnet0 \\\n-j ACCEPT\n", /* Inserting ebtables rules */ - "ebtables --concurrent -t nat -A PREROUTING -i vnet0 -j libvirt-J-vnet= 0\n" - "ebtables --concurrent -t nat -A POSTROUTING -o vnet0 -j libvirt-P-vne= t0\n", + "ebtables \\\n--concurrent \\\n-t nat \\\n-A PREROUTING \\\n-i vnet0 \= \\n-j libvirt-J-vnet0\n" + "ebtables \\\n--concurrent \\\n-t nat \\\n-A POSTROUTING \\\n-o vnet0 = \\\n-j libvirt-P-vnet0\n", }; @@ -375,7 +375,7 @@ static int testCompareXMLToArgvFiles(const char *xml, memset(&inst, 0, sizeof(inst)); - virCommandSetDryRun(dryRunToken, &buf, false, true, NULL, NULL); + virCommandSetDryRun(dryRunToken, &buf, true, true, NULL, NULL); if (!vars) goto cleanup; @@ -395,7 +395,7 @@ static int testCompareXMLToArgvFiles(const char *xml, testRemoveCommonRules(actualargv); - if (virTestCompareToFile(actualargv, cmdline) < 0) + if (virTestCompareToFileFull(actualargv, cmdline, false) < 0) goto cleanup; ret =3D 0; --=20 2.30.2