On 11/1/18 8:52 AM, Daniel P. Berrangé wrote:
> The networkxml2firewalltest sets virCommand to dry run mode but doesn't
> provide a callback to fill in stdout/stderr. As a result when the
> firewall code queries rules it gets a NULL output and so never triggers
> the callback to process output.
>
> We only need to return an empty string to make the firewall code work
> and thus trigger adding of the libvirt private chains to the builtin
> chains.
Well, technically it's only adding the jump to the private chains, not
the chains themselves (although I mentioned earlier that I think this
should change).
>
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
Reviewed-by: Laine Stump <laine@xxxxxxxxx>
but shouldn't this just be squashed in with the patch that originally
changed the code to add the chains?
> ---
> .../nat-default-linux.args | 48 +++++++++++++++++++
> .../nat-ipv6-linux.args | 48 +++++++++++++++++++
> .../nat-many-ips-linux.args | 48 +++++++++++++++++++
> .../nat-no-dhcp-linux.args | 48 +++++++++++++++++++
> .../nat-tftp-linux.args | 48 +++++++++++++++++++
> .../route-default-linux.args | 48 +++++++++++++++++++
> tests/networkxml2firewalltest.c | 16 ++++++-
> 7 files changed, 303 insertions(+), 1 deletion(-)
>
> diff --git a/tests/networkxml2firewalldata/nat-default-linux.args b/tests/networkxml2firewalldata/nat-default-linux.args
> index 69995181ad..e7d71817c7 100644
> --- a/tests/networkxml2firewalldata/nat-default-linux.args
> +++ b/tests/networkxml2firewalldata/nat-default-linux.args
> @@ -72,6 +72,54 @@ ip6tables \
> --list POSTROUTING
> iptables \
> --table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +iptables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +iptables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +ip6tables \
> +--table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +ip6tables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +ip6tables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +iptables \
> +--table filter \
> --insert INP_libvirt \
> --in-interface virbr0 \
> --protocol tcp \
> diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.args b/tests/networkxml2firewalldata/nat-ipv6-linux.args
> index f93d8face2..620ebb8d14 100644
> --- a/tests/networkxml2firewalldata/nat-ipv6-linux.args
> +++ b/tests/networkxml2firewalldata/nat-ipv6-linux.args
> @@ -72,6 +72,54 @@ ip6tables \
> --list POSTROUTING
> iptables \
> --table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +iptables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +iptables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +ip6tables \
> +--table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +ip6tables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +ip6tables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +iptables \
> +--table filter \
> --insert INP_libvirt \
> --in-interface virbr0 \
> --protocol tcp \
> diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.args b/tests/networkxml2firewalldata/nat-many-ips-linux.args
> index faae4b881c..7c378b8c7e 100644
> --- a/tests/networkxml2firewalldata/nat-many-ips-linux.args
> +++ b/tests/networkxml2firewalldata/nat-many-ips-linux.args
> @@ -72,6 +72,54 @@ ip6tables \
> --list POSTROUTING
> iptables \
> --table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +iptables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +iptables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +ip6tables \
> +--table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +ip6tables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +ip6tables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +iptables \
> +--table filter \
> --insert INP_libvirt \
> --in-interface virbr0 \
> --protocol tcp \
> diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.args b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
> index cb0d908506..afa8c3a0ca 100644
> --- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
> +++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.args
> @@ -72,6 +72,54 @@ ip6tables \
> --list POSTROUTING
> iptables \
> --table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +iptables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +iptables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +ip6tables \
> +--table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +ip6tables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +ip6tables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +iptables \
> +--table filter \
> --insert INP_libvirt \
> --in-interface virbr0 \
> --protocol tcp \
> diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.args b/tests/networkxml2firewalldata/nat-tftp-linux.args
> index 1243bd1c2d..a45ba545c2 100644
> --- a/tests/networkxml2firewalldata/nat-tftp-linux.args
> +++ b/tests/networkxml2firewalldata/nat-tftp-linux.args
> @@ -72,6 +72,54 @@ ip6tables \
> --list POSTROUTING
> iptables \
> --table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +iptables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +iptables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +ip6tables \
> +--table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +ip6tables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +ip6tables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +iptables \
> +--table filter \
> --insert INP_libvirt \
> --in-interface virbr0 \
> --protocol tcp \
> diff --git a/tests/networkxml2firewalldata/route-default-linux.args b/tests/networkxml2firewalldata/route-default-linux.args
> index 624e589aae..859a342e7d 100644
> --- a/tests/networkxml2firewalldata/route-default-linux.args
> +++ b/tests/networkxml2firewalldata/route-default-linux.args
> @@ -72,6 +72,54 @@ ip6tables \
> --list POSTROUTING
> iptables \
> --table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +iptables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +iptables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +iptables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +ip6tables \
> +--table filter \
> +--insert INPUT \
> +--jump INP_libvirt
> +ip6tables \
> +--table filter \
> +--insert OUTPUT \
> +--jump OUT_libvirt
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_out
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_in
> +ip6tables \
> +--table filter \
> +--insert FORWARD \
> +--jump FWD_libvirt_cross
> +ip6tables \
> +--table nat \
> +--insert POSTROUTING \
> +--jump PRT_libvirt
> +iptables \
> +--table filter \
> --insert INP_libvirt \
> --in-interface virbr0 \
> --protocol tcp \
> diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c
> index 505ff0c740..5e3d8906c5 100644
> --- a/tests/networkxml2firewalltest.c
> +++ b/tests/networkxml2firewalltest.c
> @@ -44,6 +44,20 @@ static const char *abs_top_srcdir;
> # error "test case not ported to this platform"
> # endif
>
> +static void
> +testCommandDryRun(const char *const*args ATTRIBUTE_UNUSED,
> + const char *const*env ATTRIBUTE_UNUSED,
> + const char *input ATTRIBUTE_UNUSED,
> + char **output,
> + char **error,
> + int *status,
> + void *opaque ATTRIBUTE_UNUSED)
> +{
> + *status = 0;
> + ignore_value(VIR_STRDUP_QUIET(*output, ""));
> + ignore_value(VIR_STRDUP_QUIET(*error, ""));
> +}
> +
> static int testCompareXMLToArgvFiles(const char *xml,
> const char *cmdline)
> {
> @@ -53,7 +67,7 @@ static int testCompareXMLToArgvFiles(const char *xml,
> virNetworkDefPtr def = NULL;
> int ret = -1;
>
> - virCommandSetDryRun(&buf, NULL, NULL);
> + virCommandSetDryRun(&buf, testCommandDryRun, NULL);
>
> if (!(def = virNetworkDefParseFile(xml)))
> goto cleanup;
Attachment:
pEpkey.asc
Description: application/pgp-keys
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
