From 571c32c466f0516d0543926828ce49b004ce584f Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 11 May 2020 17:19:12 -0400 Subject: [PATCH 25/45] test(functions): add macro IF_HOST_SUPPORTS_NFT_RULE_INDEX (cherry picked from commit 735eb589b2a18129b2b8a9d4dfe8b9375757619a) (cherry picked from commit cda25d11a9e333ee5cdd9d7e084e7075cb1550bb) --- src/tests/functions.at | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/tests/functions.at b/src/tests/functions.at index 8f5ceba4d3f2..f83720595d2f 100644 --- a/src/tests/functions.at +++ b/src/tests/functions.at @@ -598,3 +598,27 @@ m4_define([NMCLI_CHECK], [ NS_CHECK([PIPESTATUS0([nmcli $1], [TRIM_WHITESPACE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) + +m4_define([IF_HOST_SUPPORTS_NFT_RULE_INDEX], [ + m4_if(nftables, FIREWALL_BACKEND, [ + AT_DATA([./nft_rule_index.nft], [ + add table inet firewalld_check_rule_index + add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } + add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept + add rule inet firewalld_check_rule_index foobar accept + insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept +]) + NS_CHECK([nft -f ./nft_rule_index.nft]) + + if test "$( NS_CMD([nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | TRIM_WHITESPACE]) )" = "udp dport 4321 accept"; then + : + $1 + else + : + $2 + fi + + NS_CHECK([rm ./nft_rule_index.nft]) + NS_CHECK([nft delete table inet firewalld_check_rule_index]) + ], [$1]) +]) -- 2.27.0