firewalld/SOURCES/0034-test-zone-verify-overlapping-ports-don-t-halt-zone-l.patch

From 7c1e62b4933f2b110dcedc411b4381c00abe799f Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 3 Jun 2021 11:27:11 -0400
Subject: [PATCH 34/36] test(zone): verify overlapping ports don't halt zone
 loading

We can warn about the overlapping ports, but don't completely error out.

Coverage: rhbz 1914935
(cherry picked from commit 012a87a343673c7699f48fa6af973c890be08671)
(cherry picked from commit 50e4c979283eee83bf0c707184cd0ca9bf112e85)
---
 src/tests/regression/regression.at  |  1 +
 src/tests/regression/rhbz1914935.at | 64 +++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 src/tests/regression/rhbz1914935.at

diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index 2a5ad9ef995a..aadd948a459f 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -41,3 +41,4 @@ m4_include([regression/gh703.at])
 m4_include([regression/ipset_netmask_allowed.at])
 m4_include([regression/rhbz1940928.at])
 m4_include([regression/rhbz1936896.at])
+m4_include([regression/rhbz1914935.at])
diff --git a/src/tests/regression/rhbz1914935.at b/src/tests/regression/rhbz1914935.at
new file mode 100644
index 000000000000..5b110ea4cf4d
--- /dev/null
+++ b/src/tests/regression/rhbz1914935.at
@@ -0,0 +1,64 @@
+FWD_START_TEST([zone overlapping ports])
+AT_KEYWORDS(zone port rhbz1914935)
+
+AT_CHECK([mkdir -p ./zones])
+
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<port port="1024-65535" protocol="tcp" />
+<port port="1234" protocol="tcp" />
+<port port="2000-3000" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])
+FWD_CHECK([--zone foobar --list-ports], 0, [dnl
+1024-65535/tcp
+])
+
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<source-port port="1024-65535" protocol="tcp" />
+<source-port port="1234" protocol="tcp" />
+<source-port port="2000-3000" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])
+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl
+1024-65535/tcp
+])
+
+dnl this one partially overlaps so it should not throw a warning.
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<port port="1024-2000" protocol="tcp" />
+<port port="1500-2500" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)
+FWD_CHECK([--zone foobar --list-ports], 0, [dnl
+1024-2500/tcp
+])
+
+dnl this one partially overlaps so it should not throw a warning.
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<source-port port="1024-2000" protocol="tcp" />
+<source-port port="1500-2500" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)
+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl
+1024-2500/tcp
+])
+
+FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d'])
-- 
2.27.0
import firewalld-0.9.3-7.el8 2021-11-09 10:03:47 +00:00			`From 7c1e62b4933f2b110dcedc411b4381c00abe799f Mon Sep 17 00:00:00 2001`
			`From: Eric Garver <eric@garver.life>`
			`Date: Thu, 3 Jun 2021 11:27:11 -0400`
			`Subject: [PATCH 34/36] test(zone): verify overlapping ports don't halt zone`
			`loading`

			`We can warn about the overlapping ports, but don't completely error out.`

			`Coverage: rhbz 1914935`
			`(cherry picked from commit 012a87a343673c7699f48fa6af973c890be08671)`
			`(cherry picked from commit 50e4c979283eee83bf0c707184cd0ca9bf112e85)`
			`---`
			`src/tests/regression/regression.at \| 1 +`
			`src/tests/regression/rhbz1914935.at \| 64 +++++++++++++++++++++++++++++`
			`2 files changed, 65 insertions(+)`
			`create mode 100644 src/tests/regression/rhbz1914935.at`

			`diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at`
			`index 2a5ad9ef995a..aadd948a459f 100644`
			`--- a/src/tests/regression/regression.at`
			`+++ b/src/tests/regression/regression.at`
			`@@ -41,3 +41,4 @@ m4_include([regression/gh703.at])`
			`m4_include([regression/ipset_netmask_allowed.at])`
			`m4_include([regression/rhbz1940928.at])`
			`m4_include([regression/rhbz1936896.at])`
			`+m4_include([regression/rhbz1914935.at])`
			`diff --git a/src/tests/regression/rhbz1914935.at b/src/tests/regression/rhbz1914935.at`
			`new file mode 100644`
			`index 000000000000..5b110ea4cf4d`
			`--- /dev/null`
			`+++ b/src/tests/regression/rhbz1914935.at`
			`@@ -0,0 +1,64 @@`
			`+FWD_START_TEST([zone overlapping ports])`
			`+AT_KEYWORDS(zone port rhbz1914935)`
			`+`
			`+AT_CHECK([mkdir -p ./zones])`
			`+`
			`+AT_DATA([./zones/foobar.xml], [dnl`
			`+<?xml version="1.0" encoding="utf-8"?>`
			`+<zone>`
			`+<port port="1024-65535" protocol="tcp" />`
			`+<port port="1234" protocol="tcp" />`
			`+<port port="2000-3000" protocol="tcp" />`
			`+</zone>`
			`+])`
			`+FWD_RELOAD`
			`+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])`
			`+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])`
			`+FWD_CHECK([--zone foobar --list-ports], 0, [dnl`
			`+1024-65535/tcp`
			`+])`
			`+`
			`+AT_DATA([./zones/foobar.xml], [dnl`
			`+<?xml version="1.0" encoding="utf-8"?>`
			`+<zone>`
			`+<source-port port="1024-65535" protocol="tcp" />`
			`+<source-port port="1234" protocol="tcp" />`
			`+<source-port port="2000-3000" protocol="tcp" />`
			`+</zone>`
			`+])`
			`+FWD_RELOAD`
			`+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])`
			`+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])`
			`+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl`
			`+1024-65535/tcp`
			`+])`
			`+`
			`+dnl this one partially overlaps so it should not throw a warning.`
			`+AT_DATA([./zones/foobar.xml], [dnl`
			`+<?xml version="1.0" encoding="utf-8"?>`
			`+<zone>`
			`+<port port="1024-2000" protocol="tcp" />`
			`+<port port="1500-2500" protocol="tcp" />`
			`+</zone>`
			`+])`
			`+FWD_RELOAD`
			`+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)`
			`+FWD_CHECK([--zone foobar --list-ports], 0, [dnl`
			`+1024-2500/tcp`
			`+])`
			`+`
			`+dnl this one partially overlaps so it should not throw a warning.`
			`+AT_DATA([./zones/foobar.xml], [dnl`
			`+<?xml version="1.0" encoding="utf-8"?>`
			`+<zone>`
			`+<source-port port="1024-2000" protocol="tcp" />`
			`+<source-port port="1500-2500" protocol="tcp" />`
			`+</zone>`
			`+])`
			`+FWD_RELOAD`
			`+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)`
			`+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl`
			`+1024-2500/tcp`
			`+])`
			`+`
			`+FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d'])`
			`--`
			`2.27.0`