firewalld/SOURCES/0034-test-zone-verify-overlapping-ports-don-t-halt-zone-l.patch
2021-12-02 16:38:13 +00:00

100 lines
3.2 KiB
Diff

From 7c1e62b4933f2b110dcedc411b4381c00abe799f Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 3 Jun 2021 11:27:11 -0400
Subject: [PATCH 34/36] test(zone): verify overlapping ports don't halt zone
loading
We can warn about the overlapping ports, but don't completely error out.
Coverage: rhbz 1914935
(cherry picked from commit 012a87a343673c7699f48fa6af973c890be08671)
(cherry picked from commit 50e4c979283eee83bf0c707184cd0ca9bf112e85)
---
src/tests/regression/regression.at | 1 +
src/tests/regression/rhbz1914935.at | 64 +++++++++++++++++++++++++++++
2 files changed, 65 insertions(+)
create mode 100644 src/tests/regression/rhbz1914935.at
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index 2a5ad9ef995a..aadd948a459f 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -41,3 +41,4 @@ m4_include([regression/gh703.at])
m4_include([regression/ipset_netmask_allowed.at])
m4_include([regression/rhbz1940928.at])
m4_include([regression/rhbz1936896.at])
+m4_include([regression/rhbz1914935.at])
diff --git a/src/tests/regression/rhbz1914935.at b/src/tests/regression/rhbz1914935.at
new file mode 100644
index 000000000000..5b110ea4cf4d
--- /dev/null
+++ b/src/tests/regression/rhbz1914935.at
@@ -0,0 +1,64 @@
+FWD_START_TEST([zone overlapping ports])
+AT_KEYWORDS(zone port rhbz1914935)
+
+AT_CHECK([mkdir -p ./zones])
+
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<port port="1024-65535" protocol="tcp" />
+<port port="1234" protocol="tcp" />
+<port port="2000-3000" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])
+FWD_CHECK([--zone foobar --list-ports], 0, [dnl
+1024-65535/tcp
+])
+
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<source-port port="1024-65535" protocol="tcp" />
+<source-port port="1234" protocol="tcp" />
+<source-port port="2000-3000" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'])
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'])
+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl
+1024-65535/tcp
+])
+
+dnl this one partially overlaps so it should not throw a warning.
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<port port="1024-2000" protocol="tcp" />
+<port port="1500-2500" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)
+FWD_CHECK([--zone foobar --list-ports], 0, [dnl
+1024-2500/tcp
+])
+
+dnl this one partially overlaps so it should not throw a warning.
+AT_DATA([./zones/foobar.xml], [dnl
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+<source-port port="1024-2000" protocol="tcp" />
+<source-port port="1500-2500" protocol="tcp" />
+</zone>
+])
+FWD_RELOAD
+FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1)
+FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl
+1024-2500/tcp
+])
+
+FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d'])
--
2.27.0