From 7c1e62b4933f2b110dcedc411b4381c00abe799f Mon Sep 17 00:00:00 2001

From: Eric Garver <eric@garver.life>

Date: Thu, 3 Jun 2021 11:27:11 -0400

Subject: [PATCH 34/36] test(zone): verify overlapping ports don't halt zone

 loading

We can warn about the overlapping ports, but don't completely error out.

Coverage: rhbz 1914935

(cherry picked from commit 012a87a343673c7699f48fa6af973c890be08671)

(cherry picked from commit 50e4c979283eee83bf0c707184cd0ca9bf112e85)

---

 src/tests/regression/regression.at  |  1 +

 src/tests/regression/rhbz1914935.at | 64 +++++++++++++++++++++++++++++

 2 files changed, 65 insertions(+)

 create mode 100644 src/tests/regression/rhbz1914935.at

diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at

index 2a5ad9ef995a..aadd948a459f 100644

--- a/src/tests/regression/regression.at

+++ b/src/tests/regression/regression.at

@@ -41,3 +41,4 @@ m4_include([regression/gh703.at])

 m4_include([regression/ipset_netmask_allowed.at])

 m4_include([regression/rhbz1940928.at])

 m4_include([regression/rhbz1936896.at])

+m4_include([regression/rhbz1914935.at])

diff --git a/src/tests/regression/rhbz1914935.at b/src/tests/regression/rhbz1914935.at

new file mode 100644

index 000000000000..5b110ea4cf4d

--- /dev/null

+++ b/src/tests/regression/rhbz1914935.at

@@ -0,0 +1,64 @@

+FWD_START_TEST([zone overlapping ports])

+AT_KEYWORDS(zone port rhbz1914935)

+

+AT_CHECK([mkdir -p ./zones])

+

+AT_DATA([./zones/foobar.xml], [dnl

+

+<zone>

+<port port="1024-65535" protocol="tcp" />

+<port port="1234" protocol="tcp" />

+<port port="2000-3000" protocol="tcp" />

+</zone>

+])

+FWD_RELOAD

+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])

+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])

+FWD_CHECK([--zone foobar --list-ports], 0, [dnl

+1024-65535/tcp

+])

+

+AT_DATA([./zones/foobar.xml], [dnl

+

+<zone>

+<source-port port="1024-65535" protocol="tcp" />

+<source-port port="1234" protocol="tcp" />

+<source-port port="2000-3000" protocol="tcp" />

+</zone>

+])

+FWD_RELOAD

+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])

+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])

+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl

+1024-65535/tcp

+])

+

+dnl this one partially overlaps so it should not throw a warning.

+AT_DATA([./zones/foobar.xml], [dnl

+

+<zone>

+<port port="1024-2000" protocol="tcp" />

+<port port="1500-2500" protocol="tcp" />

+</zone>

+])

+FWD_RELOAD

+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)

+FWD_CHECK([--zone foobar --list-ports], 0, [dnl

+1024-2500/tcp

+])

+

+dnl this one partially overlaps so it should not throw a warning.

+AT_DATA([./zones/foobar.xml], [dnl

+

+<zone>

+<source-port port="1024-2000" protocol="tcp" />

+<source-port port="1500-2500" protocol="tcp" />

+</zone>

+])

+FWD_RELOAD

+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)

+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl

+1024-2500/tcp

+])

+

+FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d'])

-- 

2.27.0