diff --git a/0137-tests-shell-update-format-of-registers-in-bitwise-pa.patch b/0137-tests-shell-update-format-of-registers-in-bitwise-pa.patch new file mode 100644 index 0000000..aec50b1 --- /dev/null +++ b/0137-tests-shell-update-format-of-registers-in-bitwise-pa.patch @@ -0,0 +1,67 @@ +From 71f3a4741df9db345679f32f5829ce3c4b83031d Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Mon, 16 Nov 2020 10:37:41 +0100 +Subject: [PATCH] tests: shell: update format of registers in bitwise payloads. + +libnftnl has been changed to bring the format of registers in bitwise +dumps in line with those in other types of expression. Update the +expected output of Python test-cases. + +Signed-off-by: Pablo Neira Ayuso +(cherry picked from commit 83ee6e179829461572be6583ce6e83f68e636eb6) +--- + .../shell/testcases/nft-only/0009-needless-bitwise_0 | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 +index c5c6e706a1029..41d765e537312 100755 +--- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 ++++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 +@@ -64,7 +64,7 @@ ip filter OUTPUT 5 4 + + ip filter OUTPUT 6 5 + [ payload load 4b @ network header + 16 => reg 1 ] +- [ bitwise reg 1 = (reg=1 & 0xfcffffff ) ^ 0x00000000 ] ++ [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0002010a ] + [ counter pkts 0 bytes 0 ] + +@@ -98,7 +98,7 @@ ip6 filter OUTPUT 5 4 + + ip6 filter OUTPUT 6 5 + [ payload load 16b @ network header + 24 => reg 1 ] +- [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0xffffffff 0xf0ffffff ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] ++ [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xffffffff 0xffffffff 0xf0ffffff ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00090807 ] + [ counter pkts 0 bytes 0 ] + +@@ -175,7 +175,7 @@ arp filter OUTPUT 5 4 + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + [ payload load 4b @ network header + 24 => reg 1 ] +- [ bitwise reg 1 = (reg=1 & 0xfcffffff ) ^ 0x00000000 ] ++ [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0002010a ] + [ counter pkts 0 bytes 0 ] + +@@ -240,7 +240,7 @@ arp filter OUTPUT 11 10 + [ payload load 1b @ network header + 5 => reg 1 ] + [ cmp eq reg 1 0x00000004 ] + [ payload load 6b @ network header + 18 => reg 1 ] +- [ bitwise reg 1 = (reg=1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ] ++ [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ] + [ cmp eq reg 1 0xc000edfe 0x0000e0ff ] + [ counter pkts 0 bytes 0 ] + +@@ -306,7 +306,7 @@ bridge filter OUTPUT 4 + + bridge filter OUTPUT 5 4 + [ payload load 6b @ link header + 0 => reg 1 ] +- [ bitwise reg 1 = (reg=1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ] ++ [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ] + [ cmp eq reg 1 0xc000edfe 0x0000e0ff ] + [ counter pkts 0 bytes 0 ] + +-- +2.40.0 + diff --git a/0138-tests-shell-Fix-nft-only-0009-needless-bitwise_0.patch b/0138-tests-shell-Fix-nft-only-0009-needless-bitwise_0.patch new file mode 100644 index 0000000..ca0423d --- /dev/null +++ b/0138-tests-shell-Fix-nft-only-0009-needless-bitwise_0.patch @@ -0,0 +1,36 @@ +From f31607eafcbf8b4aca4f51bbd6dac33817a1498d Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 15 Jan 2021 21:58:48 +0100 +Subject: [PATCH] tests/shell: Fix nft-only/0009-needless-bitwise_0 + +For whatever reason, stored expected output contains false handles. To +overcome this, filter the rule data lines from both expected and stored +output before comparing. + +Fixes: 81a2e12851283 ("tests/shell: Add test for bitwise avoidance fixes") +Signed-off-by: Phil Sutter +(cherry picked from commit 0f7ea0390b33654c9a91015966f518b98356e786) +--- + .../shell/testcases/nft-only/0009-needless-bitwise_0 | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 +index 41d765e537312..41588a10863ec 100755 +--- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 ++++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 +@@ -336,4 +336,11 @@ bridge filter OUTPUT 10 9 + [ counter pkts 0 bytes 0 ] + " + +-diff -u -Z <(echo "$EXPECT") <(nft --debug=netlink list ruleset | awk '/^table/{exit} {print}') ++# print nothing but: ++# - lines with bytecode (starting with ' [') ++# - empty lines (so printed diff is not a complete mess) ++filter() { ++ awk '/^( \[|$)/{print}' ++} ++ ++diff -u -Z <(filter <<< "$EXPECT") <(nft --debug=netlink list ruleset | filter) +-- +2.40.0 + diff --git a/iptables.spec b/iptables.spec index c6c7171..1a8fd8c 100644 --- a/iptables.spec +++ b/iptables.spec @@ -10,7 +10,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities URL: http://www.netfilter.org/projects/iptables Version: 1.8.5 -Release: 5%{?dist} +Release: 6%{?dist} Source: %{url}/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -160,6 +160,8 @@ Patch133: 0133-tests-iptables-test-Exit-non-zero-on-error.patch Patch134: 0134-tests-shell-Return-non-zero-on-error.patch Patch135: 0135-iptables-test.py-print-with-color-escapes-only-when-.patch Patch136: 0136-tests-iptables-test-Fix-conditional-colors-on-stderr.patch +Patch137: 0137-tests-shell-update-format-of-registers-in-bitwise-pa.patch +Patch138: 0138-tests-shell-Fix-nft-only-0009-needless-bitwise_0.patch # pf.os: ISC license # iptables-apply: Artistic Licence 2.0 @@ -532,6 +534,9 @@ done %doc %{_mandir}/man8/ebtables*.8* %changelog +* Tue Jul 18 2023 Phil Sutter - 1.8.5-6 +- Fix shell testcase for rebased libnftnl package + * Tue Jul 18 2023 Phil Sutter - 1.8.5-5 - Missed to copy expected results file to destination.