add missing patches
This commit is contained in:
Eric Garver
parent
d91d046f02
commit
0505b2f97d
@ -0,0 +1,28 @@
|
|||||||
|
From 6a2fd018666ab8c4877291f8f807a9943db74de3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Garver <eric@garver.life>
|
||||||
|
Date: Thu, 2 Apr 2020 14:42:22 -0400
|
||||||
|
Subject: [PATCH 2/4] fix: nftables: ipset: port ranges for non-default
|
||||||
|
protocols
|
||||||
|
|
||||||
|
Fixes: 2d1b0fe9fe74 ("fix: nftables: allow set intervals with concatenations")
|
||||||
|
(cherry picked from commit e80f4fccfc771128affdc578ed37842d5d469ca9)
|
||||||
|
---
|
||||||
|
src/firewall/core/nftables.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
||||||
|
index a9d5a45337bd..69ee63b32f8b 100644
|
||||||
|
--- a/src/firewall/core/nftables.py
|
||||||
|
+++ b/src/firewall/core/nftables.py
|
||||||
|
@@ -1680,7 +1680,7 @@ class nftables(object):
|
||||||
|
port_str = entry_tokens[i][index+1:]
|
||||||
|
|
||||||
|
try:
|
||||||
|
- index = entry_tokens[i].index("-")
|
||||||
|
+ index = port_str.index("-")
|
||||||
|
except ValueError:
|
||||||
|
fragment.append(port_str)
|
||||||
|
else:
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
@ -0,0 +1,43 @@
|
|||||||
|
From a2b8a09b929901e14620aa802fd423f958c56188 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Garver <eric@garver.life>
|
||||||
|
Date: Thu, 2 Apr 2020 14:38:45 -0400
|
||||||
|
Subject: [PATCH 3/4] test: ipset: verify port ranges for non-default protocol
|
||||||
|
|
||||||
|
(cherry picked from commit c0ad3a0b3340a27c34b33128f756f64acc3a771b)
|
||||||
|
---
|
||||||
|
src/tests/cli/firewall-cmd.at | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
|
||||||
|
index 806af74221b6..0c008bc0d666 100644
|
||||||
|
--- a/src/tests/cli/firewall-cmd.at
|
||||||
|
+++ b/src/tests/cli/firewall-cmd.at
|
||||||
|
@@ -739,6 +739,7 @@ FWD_START_TEST([ipset])
|
||||||
|
dnl multi dimensional set with non default protocol
|
||||||
|
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore)
|
||||||
|
FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore)
|
||||||
|
+ FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore)
|
||||||
|
FWD_RELOAD
|
||||||
|
FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore)
|
||||||
|
FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore)
|
||||||
|
@@ -748,6 +749,7 @@ FWD_START_TEST([ipset])
|
||||||
|
type ipv4_addr . inet_proto . inet_service
|
||||||
|
flags interval
|
||||||
|
elements = { 10.10.10.10 . sctp . 1234,
|
||||||
|
+ 10.10.10.10 . udp . 1000-1002,
|
||||||
|
20.20.20.20 . tcp . 8080 }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -765,6 +767,9 @@ FWD_START_TEST([ipset])
|
||||||
|
Type: hash:ip,port
|
||||||
|
Members:
|
||||||
|
10.10.10.10,sctp:1234
|
||||||
|
+ 10.10.10.10,udp:1000
|
||||||
|
+ 10.10.10.10,udp:1001
|
||||||
|
+ 10.10.10.10,udp:1002
|
||||||
|
20.20.20.20,tcp:8080
|
||||||
|
])
|
||||||
|
FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore)
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
@ -0,0 +1,50 @@
|
|||||||
|
From 2ab7f9e793a51c9aebe08fff6226c38159ae2312 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Garver <eric@garver.life>
|
||||||
|
Date: Thu, 2 Apr 2020 15:21:58 -0400
|
||||||
|
Subject: [PATCH 4/4] test: log: verify logging still works after truncate
|
||||||
|
|
||||||
|
The log policy we ship presumes firewalld opens log files in append
|
||||||
|
mode. This is because the logrotate policy uses "copytruncate". Lets
|
||||||
|
verify that it actually works as expected.
|
||||||
|
|
||||||
|
(cherry picked from commit e887c16512abd6a3051b0519ee9af344c9f08827)
|
||||||
|
---
|
||||||
|
src/tests/regression/gh599.at | 16 ++++++++++++++++
|
||||||
|
src/tests/regression/regression.at | 1 +
|
||||||
|
2 files changed, 17 insertions(+)
|
||||||
|
create mode 100644 src/tests/regression/gh599.at
|
||||||
|
|
||||||
|
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..472f228ba2a9
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/tests/regression/gh599.at
|
||||||
|
@@ -0,0 +1,16 @@
|
||||||
|
+FWD_START_TEST([writing to log after copytruncate])
|
||||||
|
+AT_KEYWORDS(gh599)
|
||||||
|
+
|
||||||
|
+AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])])
|
||||||
|
+AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])])
|
||||||
|
+
|
||||||
|
+dnl Verify we continue to write to the log file after it's truncated. That is,
|
||||||
|
+dnl simulate logrotate's copytruncate.
|
||||||
|
+NS_CHECK([truncate -s 0 ./firewalld.log])
|
||||||
|
+
|
||||||
|
+dnl generate some logs, anything will do since we have debug enabled.
|
||||||
|
+FWD_CHECK([--list-all], 0, [ignore], [ignore])
|
||||||
|
+
|
||||||
|
+NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"'])
|
||||||
|
+
|
||||||
|
+FWD_END_TEST
|
||||||
|
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
|
||||||
|
index 8042c3a27f89..2528ddd3fede 100644
|
||||||
|
--- a/src/tests/regression/regression.at
|
||||||
|
+++ b/src/tests/regression/regression.at
|
||||||
|
@@ -27,3 +27,4 @@ m4_include([regression/gh509.at])
|
||||||
|
m4_include([regression/gh567.at])
|
||||||
|
m4_include([regression/rhbz1779835.at])
|
||||||
|
m4_include([regression/gh330.at])
|
||||||
|
+m4_include([regression/gh599.at])
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user