From 571c32c466f0516d0543926828ce49b004ce584f Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 11 May 2020 17:19:12 -0400
Subject: [PATCH 25/45] test(functions): add macro
IF_HOST_SUPPORTS_NFT_RULE_INDEX
(cherry picked from commit 735eb589b2a18129b2b8a9d4dfe8b9375757619a)
(cherry picked from commit cda25d11a9e333ee5cdd9d7e084e7075cb1550bb)
---
src/tests/functions.at | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/tests/functions.at b/src/tests/functions.at
index 8f5ceba4d3f2..f83720595d2f 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
@@ -598,3 +598,27 @@ m4_define([NMCLI_CHECK], [
NS_CHECK([PIPESTATUS0([nmcli $1], [TRIM_WHITESPACE])],
[$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6])
])
+
+m4_define([IF_HOST_SUPPORTS_NFT_RULE_INDEX], [
+ m4_if(nftables, FIREWALL_BACKEND, [
+ AT_DATA([./nft_rule_index.nft], [
+ add table inet firewalld_check_rule_index
+ add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; }
+ add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept
+ add rule inet firewalld_check_rule_index foobar accept
+ insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept
+])
+ NS_CHECK([nft -f ./nft_rule_index.nft])
+
+ if test "$( NS_CMD([nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | TRIM_WHITESPACE]) )" = "udp dport 4321 accept"; then
+ :
+ $1
+ else
+ :
+ $2
+ fi
+
+ NS_CHECK([rm ./nft_rule_index.nft])
+ NS_CHECK([nft delete table inet firewalld_check_rule_index])
+ ], [$1])
+])
--
2.27.0