iptables version 1.4.16 and later automatically convert -m state --state ...
to -m conntrack --ctstate ... In the test cases we will then only see 'ctstate'
and convert that back to the older 'state' before comparing actual against
expected output.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
---
scripts/nwfilter/nwfilter2vmtest.sh | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -32,6 +32,9 @@ FLAG_FORCE_CLEAN="$((1<<5))"
# netfilter at some point. We probe for it.
IPTABLES_CTRDIR_CORRECTED=0
+# starting with iptables v1.4.16 -m state becomes -m ctstate
+IPTABLES_USE_CTSTATE=0
+
failctr=0
passctr=0
attachfailctr=0
@@ -114,6 +117,16 @@ probeIptablesCtdir() {
fi
}
+probeIptablesCtstate() {
+ rev=$(iptables --version | \
+ sed -n 's/.*v\([[:digit:]].\)/\1/p' |
+ gawk -F. '{print $1 * 1000000 + $2 * 1000 + $3 }')
+ # 1.4.16 or later uses ctstate
+ if [ $rev -ge 1004016 ]; then
+ IPTABLES_USE_CTSTATE=1
+ fi
+}
+
checkExpectedOutput() {
xmlfile="$1"
fwallfile="$2"
@@ -181,6 +194,11 @@ checkExpectedOutput() {
sed -i "s/ctdir _REPLY/ctdir REPLY/" ${tmpfile}
fi
+ if [ $IPTABLES_USE_CTSTATE -ne 0 ]; then
+ #change ctstate tback o state
+ sed -i "s/ctstate/state/" ${tmpfile}
+ fi
+
diff -w ${tmpfile} ${tmpfile2} >/dev/null
if [ $? -ne 0 ]; then
@@ -574,6 +592,7 @@ main() {
exit 1;
else
probeIptablesCtdir
+ probeIptablesCtstate
fi
if [ $(($flags & $FLAG_TAP_TEST)) -ne 0 ]; then
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list