iptables-1.8.7-26.el9
- tests/shell: Assert non-verbose mode is silent - nft: Fix for non-verbose check command Resolves: rhbz#1989466
This commit is contained in:
		
							parent
							
								
									0c31aae58c
								
							
						
					
					
						commit
						17f0287b89
					
				
							
								
								
									
										31
									
								
								0023-nft-Fix-for-non-verbose-check-command.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								0023-nft-Fix-for-non-verbose-check-command.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,31 @@ | |||||||
|  | From 5b88835a68a886f58c230599a82a6588f6fc5214 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Phil Sutter <phil@nwl.cc> | ||||||
|  | Date: Tue, 3 Aug 2021 10:55:20 +0200 | ||||||
|  | Subject: [PATCH] nft: Fix for non-verbose check command | ||||||
|  | 
 | ||||||
|  | Check command was unconditionally verbose since v1.8.5. Make it respect | ||||||
|  | --verbose option again.
 | ||||||
|  | 
 | ||||||
|  | Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands") | ||||||
|  | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||||||
|  | (cherry picked from commit 57d1422dbbc41c36ed2e9f6c67aa040c65a429a0) | ||||||
|  | ---
 | ||||||
|  |  iptables/nft.c | 2 +- | ||||||
|  |  1 file changed, 1 insertion(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/iptables/nft.c b/iptables/nft.c
 | ||||||
|  | index 83054e528cae1..a470939db54fb 100644
 | ||||||
|  | --- a/iptables/nft.c
 | ||||||
|  | +++ b/iptables/nft.c
 | ||||||
|  | @@ -3126,7 +3126,7 @@ static int nft_prepare(struct nft_handle *h)
 | ||||||
|  |  		case NFT_COMPAT_RULE_CHECK: | ||||||
|  |  			assert_chain_exists(h, cmd->table, cmd->jumpto); | ||||||
|  |  			ret = nft_rule_check(h, cmd->chain, cmd->table, | ||||||
|  | -					     cmd->obj.rule, cmd->rulenum);
 | ||||||
|  | +					     cmd->obj.rule, cmd->verbose);
 | ||||||
|  |  			break; | ||||||
|  |  		case NFT_COMPAT_RULE_ZERO: | ||||||
|  |  			ret = nft_rule_zero_counters(h, cmd->chain, cmd->table, | ||||||
|  | -- 
 | ||||||
|  | 2.33.0 | ||||||
|  | 
 | ||||||
							
								
								
									
										39
									
								
								0024-tests-shell-Assert-non-verbose-mode-is-silent.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								0024-tests-shell-Assert-non-verbose-mode-is-silent.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,39 @@ | |||||||
|  | From 5d5c82f9bbdc8326132333f7713dfb5d457aafab Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Phil Sutter <phil@nwl.cc> | ||||||
|  | Date: Tue, 3 Aug 2021 11:32:34 +0200 | ||||||
|  | Subject: [PATCH] tests/shell: Assert non-verbose mode is silent | ||||||
|  | 
 | ||||||
|  | Unexpected output from iptables commands might mess up error-checking in | ||||||
|  | scripts for instance, so do a quick test of the most common commands. | ||||||
|  | 
 | ||||||
|  | Note: Test adds two rules to make sure flush command operates on a | ||||||
|  | non-empty chain. | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||||||
|  | (cherry picked from commit 8629c53f933a16f1d68d19fb163c879453a3dcf2) | ||||||
|  | ---
 | ||||||
|  |  .../shell/testcases/iptables/0002-verbose-output_0    | 11 +++++++++++ | ||||||
|  |  1 file changed, 11 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
 | ||||||
|  | index b1ef91f61f481..5d2af4c8d2ab2 100755
 | ||||||
|  | --- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
 | ||||||
|  | +++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
 | ||||||
|  | @@ -54,3 +54,14 @@ diff -u <(echo "Flushing chain \`foobar'") <($XT_MULTI iptables -v -F foobar)
 | ||||||
|  |  diff -u <(echo "Zeroing chain \`foobar'") <($XT_MULTI iptables -v -Z foobar) | ||||||
|  |   | ||||||
|  |  diff -u <(echo "Deleting chain \`foobar'") <($XT_MULTI iptables -v -X foobar) | ||||||
|  | +
 | ||||||
|  | +# make sure non-verbose mode is silent
 | ||||||
|  | +diff -u <(echo -n "") <(
 | ||||||
|  | +	$XT_MULTI iptables -N foobar
 | ||||||
|  | +	$XT_MULTI iptables -A foobar $RULE1
 | ||||||
|  | +	$XT_MULTI iptables -A foobar $RULE2
 | ||||||
|  | +	$XT_MULTI iptables -C foobar $RULE1
 | ||||||
|  | +	$XT_MULTI iptables -D foobar $RULE2
 | ||||||
|  | +	$XT_MULTI iptables -F foobar
 | ||||||
|  | +	$XT_MULTI iptables -X foobar
 | ||||||
|  | +)
 | ||||||
|  | -- 
 | ||||||
|  | 2.33.0 | ||||||
|  | 
 | ||||||
| @ -16,7 +16,7 @@ Name: iptables | |||||||
| Summary: Tools for managing Linux kernel packet filtering capabilities | Summary: Tools for managing Linux kernel packet filtering capabilities | ||||||
| URL: https://www.netfilter.org/projects/iptables | URL: https://www.netfilter.org/projects/iptables | ||||||
| Version: 1.8.7 | Version: 1.8.7 | ||||||
| Release: 25%{?dist} | Release: 26%{?dist} | ||||||
| Source: %{url}/files/%{name}-%{version}.tar.bz2 | Source: %{url}/files/%{name}-%{version}.tar.bz2 | ||||||
| Source1: iptables.init | Source1: iptables.init | ||||||
| Source2: iptables-config | Source2: iptables-config | ||||||
| @ -51,6 +51,8 @@ Patch19: 0019-nft-Increase-BATCH_PAGE_SIZE-to-support-huge-ruleset.patch | |||||||
| Patch20: 0020-nft-Use-xtables_malloc-in-mnl_err_list_node_add.patch | Patch20: 0020-nft-Use-xtables_malloc-in-mnl_err_list_node_add.patch | ||||||
| Patch21: 0021-doc-ebtables-nft.8-Adjust-for-missing-atomic-options.patch | Patch21: 0021-doc-ebtables-nft.8-Adjust-for-missing-atomic-options.patch | ||||||
| Patch22: 0022-ebtables-Dump-atomic-waste.patch | Patch22: 0022-ebtables-Dump-atomic-waste.patch | ||||||
|  | Patch23: 0023-nft-Fix-for-non-verbose-check-command.patch | ||||||
|  | Patch24: 0024-tests-shell-Assert-non-verbose-mode-is-silent.patch | ||||||
| 
 | 
 | ||||||
| # pf.os: ISC license | # pf.os: ISC license | ||||||
| # iptables-apply: Artistic 2.0 | # iptables-apply: Artistic 2.0 | ||||||
| @ -466,6 +468,10 @@ fi | |||||||
| %ghost %{_mandir}/man8/ebtables.8.gz | %ghost %{_mandir}/man8/ebtables.8.gz | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Oct 11 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-26 | ||||||
|  | - tests/shell: Assert non-verbose mode is silent | ||||||
|  | - nft: Fix for non-verbose check command | ||||||
|  | 
 | ||||||
| * Wed Oct 06 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-25 | * Wed Oct 06 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-25 | ||||||
| - ebtables: Dump atomic waste | - ebtables: Dump atomic waste | ||||||
| - doc: ebtables-nft.8: Adjust for missing atomic-options | - doc: ebtables-nft.8: Adjust for missing atomic-options | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user