|
 |
1dfe16 |
From 2b76468d515858e27a1c50b9b27864adbb1bb96f Mon Sep 17 00:00:00 2001
|
|
|
1dfe16 |
From: Eric Garver <eric@garver.life>
|
|
|
1dfe16 |
Date: Mon, 13 May 2019 14:00:21 -0400
|
|
|
1dfe16 |
Subject: [PATCH 37/37] fix: tests: guard occurrences of IPv6
|
|
|
1dfe16 |
|
|
|
1dfe16 |
Since we can run without IPv6 support we need to skip test areas that
|
|
|
1dfe16 |
explicitly use IPv6.
|
|
|
1dfe16 |
|
|
|
1dfe16 |
(cherry picked from commit bcb33e448abbf3a2a3a8721c257ad48bfc18dd9d)
|
|
|
1dfe16 |
(cherry picked from commit 9344ff8c7ce3e55a2296ca3d565b51d9a52065c4)
|
|
|
1dfe16 |
---
|
|
|
1dfe16 |
src/tests/firewall-cmd.at | 30 +++++++++++++++++++++++++----
|
|
|
1dfe16 |
src/tests/regression/gh335.at | 6 ++++++
|
|
|
1dfe16 |
src/tests/regression/rhbz1594657.at | 2 ++
|
|
|
1dfe16 |
3 files changed, 34 insertions(+), 4 deletions(-)
|
|
|
1dfe16 |
|
|
|
1dfe16 |
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
|
|
|
1dfe16 |
index bcbfe9639ef1..a3844151aeb3 100644
|
|
|
1dfe16 |
--- a/src/tests/firewall-cmd.at
|
|
|
1dfe16 |
+++ b/src/tests/firewall-cmd.at
|
|
|
1dfe16 |
@@ -199,8 +199,10 @@ sources: $1
|
|
|
1dfe16 |
|
|
|
1dfe16 |
check_zone_source([1.2.3.4])
|
|
|
1dfe16 |
check_zone_source([192.168.1.0/24])
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
check_zone_source([3ffe:501:ffff::/64])
|
|
|
1dfe16 |
check_zone_source([dead:beef::babe])
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
m4_undefine([check_zone_source])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
@@ -292,10 +294,12 @@ FWD_START_TEST([user services])
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore)
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 1, ignore)
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
FWD_CHECK([--permanent --zone=public --add-service=foobar], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore)
|
|
|
1dfe16 |
@@ -447,10 +451,12 @@ FWD_START_TEST([forward ports])
|
|
|
1dfe16 |
FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore)
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore)
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
FWD_CHECK([--add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--query-forward-port=port=100:proto=tcp:toport=200], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore)
|
|
|
1dfe16 |
@@ -473,10 +479,12 @@ FWD_START_TEST([forward ports])
|
|
|
1dfe16 |
FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore)
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore)
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
FWD_CHECK([--permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --query-forward-port=port=100:proto=tcp:toport=200], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore)
|
|
|
1dfe16 |
@@ -592,12 +600,14 @@ FWD_START_TEST([ipset])
|
|
|
1dfe16 |
FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore)
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore)
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
FWD_CHECK([--ipset=foobar --add-entry=12:34:56:78:90:ac], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore)
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
FWD_END_TEST([-e '/ERROR: INVALID_ENTRY: invalid address/d'])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
FWD_START_TEST([user helpers])
|
|
|
1dfe16 |
@@ -733,11 +743,13 @@ FWD_START_TEST([direct passthrough])
|
|
|
1dfe16 |
FWD_CHECK([--direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 1, ignore, ignore)
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl
|
|
|
1dfe16 |
FWD_CHECK([--direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64"], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64"], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64"], 0, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore, ignore)
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv5 -nvL], 111, ignore, ignore)
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv4], 2, ignore, ignore)
|
|
|
1dfe16 |
@@ -868,21 +880,25 @@ FWD_START_TEST([rich rules good])
|
|
|
1dfe16 |
rich_rule_test([rule protocol value="sctp" log])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop])
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"])
|
|
|
1dfe16 |
+ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"])
|
|
|
1dfe16 |
+ rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept])
|
|
|
1dfe16 |
+ rich_rule_test([rule family="ipv6" masquerade])
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"])
|
|
|
1dfe16 |
- rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" source address="192.168.1.0/24" masquerade])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept])
|
|
|
1dfe16 |
- rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade])
|
|
|
1dfe16 |
- rich_rule_test([rule family="ipv6" masquerade])
|
|
|
1dfe16 |
rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"])
|
|
|
1dfe16 |
rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"])
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"])
|
|
|
1dfe16 |
rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"])
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"])
|
|
|
1dfe16 |
FWD_END_TEST
|
|
|
1dfe16 |
FWD_START_TEST([rich rules audit])
|
|
|
1dfe16 |
@@ -897,7 +913,6 @@ FWD_START_TEST([rich rules bad])
|
|
|
1dfe16 |
FWD_CHECK([--permanent --add-rich-rule='$1'], $2, ignore, ignore)
|
|
|
1dfe16 |
])
|
|
|
1dfe16 |
rich_rule_test([], 122) dnl empty
|
|
|
1dfe16 |
- rich_rule_test([family="ipv6" accept], 122) dnl no rule
|
|
|
1dfe16 |
rich_rule_test([name="dns" accept], 122) dnl no rule
|
|
|
1dfe16 |
rich_rule_test([protocol value="ah" reject], 122) dnl no rule
|
|
|
1dfe16 |
rich_rule_test([rule protocol value="ah" reject type="icmp-host-prohibited"], 122) dnl reject type needs specific family
|
|
|
1dfe16 |
@@ -911,8 +926,11 @@ FWD_START_TEST([rich rules bad])
|
|
|
1dfe16 |
rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port
|
|
|
1dfe16 |
rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute
|
|
|
1dfe16 |
rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
+ rich_rule_test([family="ipv6" accept], 122) dnl no rule
|
|
|
1dfe16 |
rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
rich_rule_test([rule protocol value="esp"], 122) dnl no action/log/audit
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" masquerade drop], 122) dnl masquerade & action
|
|
|
1dfe16 |
rich_rule_test([rule family="ipv4" icmp-block name="redirect" accept], 122) dnl icmp-block & action
|
|
|
1dfe16 |
@@ -1029,6 +1047,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90'
|
|
|
1dfe16 |
])
|
|
|
1dfe16 |
FWD_CHECK([--check-config], 111, ignore, ignore)
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
AT_DATA([./helpers/foobar.xml], [dnl
|
|
|
1dfe16 |
|
|
|
1dfe16 |
<helper family="ipv6" module="nf_conntrack_ftp">
|
|
|
1dfe16 |
@@ -1036,6 +1055,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90'
|
|
|
1dfe16 |
</helper>
|
|
|
1dfe16 |
])
|
|
|
1dfe16 |
FWD_CHECK([--check-config], 103, ignore, ignore)
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
AT_CHECK([rm ./helpers/foobar.xml])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
dnl icmptype
|
|
|
1dfe16 |
@@ -1278,6 +1298,7 @@ WARNING: Invalid rule: Invalid log level
|
|
|
1dfe16 |
])
|
|
|
1dfe16 |
FWD_CHECK([--check-config], 28, ignore, ignore)
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+ IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
AT_DATA([./zones/foobar.xml], [dnl
|
|
|
1dfe16 |
|
|
|
1dfe16 |
<zone>
|
|
|
1dfe16 |
@@ -1292,6 +1313,7 @@ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl
|
|
|
1dfe16 |
WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept
|
|
|
1dfe16 |
WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept
|
|
|
1dfe16 |
])])
|
|
|
1dfe16 |
+ ])
|
|
|
1dfe16 |
AT_CHECK([rm ./zones/foobar.xml])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
FWD_END_TEST([-e '/ERROR:/d'dnl
|
|
|
1dfe16 |
diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at
|
|
|
1dfe16 |
index 901e2fa04f69..54cc4c66e163 100644
|
|
|
1dfe16 |
--- a/src/tests/regression/gh335.at
|
|
|
1dfe16 |
+++ b/src/tests/regression/gh335.at
|
|
|
1dfe16 |
@@ -7,12 +7,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
+])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
@@ -21,12 +23,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"'])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_RELOAD
|
|
|
1dfe16 |
+])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
dnl following tests should _not_ enable IP forwarding
|
|
|
1dfe16 |
NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore])
|
|
|
1dfe16 |
@@ -40,8 +44,10 @@ FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protoc
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+IF_IPV6_SUPPORTED([
|
|
|
1dfe16 |
FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"'])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore])
|
|
|
1dfe16 |
+])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
FWD_END_TEST
|
|
|
1dfe16 |
diff --git a/src/tests/regression/rhbz1594657.at b/src/tests/regression/rhbz1594657.at
|
|
|
1dfe16 |
index c01a34012875..33b7bafe6b08 100644
|
|
|
1dfe16 |
--- a/src/tests/regression/rhbz1594657.at
|
|
|
1dfe16 |
+++ b/src/tests/regression/rhbz1594657.at
|
|
|
1dfe16 |
@@ -6,7 +6,9 @@ FWD_CHECK([--direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT], 13,
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv4 -t filter -L dummy_chain], 13, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv4 -t filter -L INPUT], 0, [ignore])
|
|
|
1dfe16 |
|
|
|
1dfe16 |
+m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv6 -t filter -L dummy_chain], 13, [ignore], [ignore])
|
|
|
1dfe16 |
FWD_CHECK([--direct --passthrough ipv6 -t filter -L INPUT], 0, [ignore])
|
|
|
1dfe16 |
+])
|
|
|
1dfe16 |
FWD_END_TEST
|
|
|
1dfe16 |
--
|
|
|
1dfe16 |
2.20.1
|
|
|
1dfe16 |
|