From acab71f6c84fe5a9539768a5e45ab157e549eb31 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Wed, 28 Aug 2019 08:52:44 -0400 Subject: [PATCH 96/99] fix: tests: ignore errors about setting ipv6 forwarding On a host with ipv6.disable=1 the proc files and sysctls for setting IPv6 forwarding will not be available, but nftables and iptables-nft still allow creating rules that match IPv6. Instead of guarding all our test cases for silly reasons (disabling IPv6), let's just ignore the errors about setting IPv6 forwarding. This only affects tests that explicitly use IPv6 (often rich rules) via masquerading/forward-ports. (cherry picked from commit b28611dee5a2e3a07521aa0fc499b1f70ad81d3b) (cherry picked from commit 49dd9bcd29ca7948a514373aaf86f682cc13f5e7) --- src/tests/firewall-cmd.at | 4 ++-- src/tests/regression/gh335.at | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at index 590194103a7e..2977cd6b5332 100644 --- a/src/tests/firewall-cmd.at +++ b/src/tests/firewall-cmd.at @@ -580,7 +580,7 @@ FWD_START_TEST([forward ports]) FWD_CHECK([--permanent --query-forward-port port=100:proto=tcp:toport=200], 1, ignore) FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99], 1, ignore) FWD_CHECK([--permanent --list-forward-ports], 0, ignore) -FWD_END_TEST +FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([ICMP block]) FWD_CHECK([--list-icmp-blocks], 0, ignore) @@ -988,7 +988,7 @@ FWD_START_TEST([rich rules good]) rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) ]) rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) -FWD_END_TEST +FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([rich rules audit]) CHECK_LOG_AUDIT rich_rule_test([rule service name="ftp" audit limit value="1/m" accept]) diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at index 97d8b88e493c..cf307ef35365 100644 --- a/src/tests/regression/gh335.at +++ b/src/tests/regression/gh335.at @@ -64,4 +64,4 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignor NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) ]) -FWD_END_TEST +FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) -- 2.20.1