From c7ba9d153c381c244bf5ac0abfa4043f187486b8 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Thu, 30 May 2019 17:12:48 -0400 Subject: [PATCH 79/79] chore: tests/functions: change list macros to only expand for backend The macros now check for FIREWALL_BACKEND before attempting to list the rules. This means we don't need to guard them inside the actual test cases. Also introduces _ALWAYS variants that always expand regardless of the current backend under test. (cherry picked from commit cb43b6cd99d952ae31614a7c46b2df13b670fea3) (cherry picked from commit 7054a3d092978e165980a4c8d4e1407f01d88bd7) --- src/tests/functions.at | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/src/tests/functions.at b/src/tests/functions.at index b6831f61d806..571f780a007c 100644 --- a/src/tests/functions.at +++ b/src/tests/functions.at @@ -237,13 +237,19 @@ m4_define([EBTABLES_LIST_RULES], [ m4_undefine([EBTABLES_LIST_RULES_NORMALIZE]) ]) -m4_define([IPTABLES_LIST_RULES], [ +m4_define([IPTABLES_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) -m4_define([IP6TABLES_LIST_RULES], [ +m4_define([IPTABLES_LIST_RULES], [ + m4_if(iptables, FIREWALL_BACKEND, [ + IPTABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) + ]) +]) + +m4_define([IP6TABLES_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [ NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) @@ -251,7 +257,13 @@ m4_define([IP6TABLES_LIST_RULES], [ ]) ]) -m4_define([NFT_LIST_RULES], [ +m4_define([IP6TABLES_LIST_RULES], [ + m4_if(iptables, FIREWALL_BACKEND, [ + IP6TABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) + ]) +]) + +m4_define([NFT_LIST_RULES_ALWAYS], [ dnl nftables commit 6dd848339444 change list output to show "meta mark" dnl instead of just "mark". m4_define([NFT_LIST_RULES_NORMALIZE], [dnl @@ -267,6 +279,12 @@ m4_define([NFT_LIST_RULES], [ m4_undefine([NFT_LIST_RULES_NORMALIZE]) ]) +m4_define([NFT_LIST_RULES], [ + m4_if(nftables, FIREWALL_BACKEND, [ + NFT_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) + ]) +]) + m4_define([IPSET_LIST_SET], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([ipset list $1 | TRIM_WHITESPACE |dnl @@ -276,12 +294,18 @@ m4_define([IPSET_LIST_SET], [ ]) ]) -m4_define([NFT_LIST_SET], [ +m4_define([NFT_LIST_SET_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([nft NFT_NUMERIC_ARGS list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) ]) +m4_define([NFT_LIST_SET], [ + m4_if(nftables, FIREWALL_BACKEND, [ + NFT_LIST_SET_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6]) + ]) +]) + m4_define([DBUS_CHECK], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 org.fedoraproject.FirewallD1.$2 $3], -- 2.20.1