diff --git a/0129-tests-xlate-test-Print-errors-to-stderr.patch b/0129-tests-xlate-test-Print-errors-to-stderr.patch new file mode 100644 index 0000000..60a3785 --- /dev/null +++ b/0129-tests-xlate-test-Print-errors-to-stderr.patch @@ -0,0 +1,39 @@ +From 80c0fef76c5b3f78b1261f8c15b10d58382a5c3f Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 12 Aug 2021 15:12:30 +0200 +Subject: [PATCH] tests: xlate-test: Print errors to stderr + +Return code is always zero, so grepping for output on stderr is a +simple way to detect testsuite failures. + +Signed-off-by: Phil Sutter +(cherry picked from commit 5166c4451fb837e7d5dbb54a7d7cbf2f0c2469cc) +--- + xlate-test.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xlate-test.py b/xlate-test.py +index 4c014f9bd269a..50e9893e956aa 100755 +--- a/xlate-test.py ++++ b/xlate-test.py +@@ -65,7 +65,7 @@ xtables_nft_multi = 'xtables-nft-multi' + if (passed == tests) and not args.test: + print(name + ": " + green("OK")) + if not test_passed: +- print("\n".join(result)) ++ print("\n".join(result), file=sys.stderr) + if args.test: + print("1 test file, %d tests, %d tests passed, %d tests failed, %d errors" % (tests, passed, failed, errors)) + else: +@@ -101,7 +101,7 @@ xtables_nft_multi = 'xtables-nft-multi' + with open(args.test, "r") as payload: + run_test(args.test, payload) + except IOError: +- print(red("Error: ") + "test file does not exist") ++ print(red("Error: ") + "test file does not exist", file=sys.stderr) + else: + load_test_files() + +-- +2.40.0 + diff --git a/0130-iptables-test-Make-netns-spawning-more-robust.patch b/0130-iptables-test-Make-netns-spawning-more-robust.patch new file mode 100644 index 0000000..3989580 --- /dev/null +++ b/0130-iptables-test-Make-netns-spawning-more-robust.patch @@ -0,0 +1,72 @@ +From 8d25120581dfdac4585b471d0d0ed36ecf75c817 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 11 Aug 2021 14:46:22 +0200 +Subject: [PATCH] iptables-test: Make netns spawning more robust + +On systems without unshare Python module, try to call unshare binary +with oneself as parameters. + +Signed-off-by: Phil Sutter +(cherry picked from commit 7ae14dc1a938fc158aaa1761b4fba57c5f1ab7a0) +--- + iptables-test.py | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/iptables-test.py b/iptables-test.py +index 6b6eb611a7290..ffe5b1f7da972 100755 +--- a/iptables-test.py ++++ b/iptables-test.py +@@ -304,6 +304,31 @@ log_file = None + + print('\n'.join(missing)) + ++def spawn_netns(): ++ # prefer unshare module ++ try: ++ import unshare ++ unshare.unshare(unshare.CLONE_NEWNET) ++ return True ++ except: ++ pass ++ ++ # sledgehammer style: ++ # - call ourselves prefixed by 'unshare -n' if found ++ # - pass extra --no-netns parameter to avoid another recursion ++ try: ++ import shutil ++ ++ unshare = shutil.which("unshare") ++ if unshare is None: ++ return False ++ ++ sys.argv.append("--no-netns") ++ os.execv(unshare, [unshare, "-n", sys.executable] + sys.argv) ++ except: ++ pass ++ ++ return False + + # + # main +@@ -323,6 +348,8 @@ log_file = None + help='Test iptables-over-nftables') + parser.add_argument('-N', '--netns', action='store_true', + help='Test netnamespace path') ++ parser.add_argument('--no-netns', action='store_true', ++ help='Do not run testsuite in own network namespace') + args = parser.parse_args() + + # +@@ -341,6 +368,9 @@ log_file = None + print("You need to be root to run this, sorry") + return + ++ if not args.netns and not args.no_netns and not spawn_netns(): ++ print("Cannot run in own namespace, connectivity might break") ++ + if not args.host: + os.putenv("XTABLES_LIBDIR", os.path.abspath(EXTENSIONS_PATH)) + os.putenv("PATH", "%s/iptables:%s" % (os.path.abspath(os.path.curdir), +-- +2.40.0 + diff --git a/0131-tests-iptables-test-Print-errors-to-stderr.patch b/0131-tests-iptables-test-Print-errors-to-stderr.patch new file mode 100644 index 0000000..4665596 --- /dev/null +++ b/0131-tests-iptables-test-Print-errors-to-stderr.patch @@ -0,0 +1,54 @@ +From 814f6498d2487e57840ec93e5a206e39731044d8 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 12 Aug 2021 19:14:13 +0200 +Subject: [PATCH] tests: iptables-test: Print errors to stderr + +No big deal, just pass the extra parameter to the four error print +calls. + +Signed-off-by: Phil Sutter +(cherry picked from commit a8da71864d467c4371dc24cd763fa2c1dfb6cfbb) +--- + iptables-test.py | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/iptables-test.py b/iptables-test.py +index ffe5b1f7da972..06b9937bbf0e5 100755 +--- a/iptables-test.py ++++ b/iptables-test.py +@@ -47,7 +47,7 @@ log_file = None + Prints an error with nice colors, indicating file and line number. + ''' + print(filename + ": " + Colors.RED + "ERROR" + +- Colors.ENDC + ": line %d (%s)" % (lineno, reason)) ++ Colors.ENDC + ": line %d (%s)" % (lineno, reason), file=sys.stderr) + + + def delete_rule(iptables, rule, filename, lineno): +@@ -365,11 +365,12 @@ log_file = None + EXECUTEABLE = "xtables-nft-multi" + + if os.getuid() != 0: +- print("You need to be root to run this, sorry") ++ print("You need to be root to run this, sorry", file=sys.stderr) + return + + if not args.netns and not args.no_netns and not spawn_netns(): +- print("Cannot run in own namespace, connectivity might break") ++ print("Cannot run in own namespace, connectivity might break", ++ file=sys.stderr) + + if not args.host: + os.putenv("XTABLES_LIBDIR", os.path.abspath(EXTENSIONS_PATH)) +@@ -385,7 +386,7 @@ log_file = None + try: + log_file = open(LOGFILE, 'w') + except IOError: +- print("Couldn't open log file %s" % LOGFILE) ++ print("Couldn't open log file %s" % LOGFILE, file=sys.stderr) + return + + if args.filename: +-- +2.40.0 + diff --git a/0132-tests-xlate-test-Exit-non-zero-on-error.patch b/0132-tests-xlate-test-Exit-non-zero-on-error.patch new file mode 100644 index 0000000..01ece03 --- /dev/null +++ b/0132-tests-xlate-test-Exit-non-zero-on-error.patch @@ -0,0 +1,91 @@ +From d5b7963f7ae493ba797bb23188f3db5ed27b7a74 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 6 Sep 2021 13:07:43 +0200 +Subject: [PATCH] tests: xlate-test: Exit non-zero on error + +If a test fails, return a non-zero exit code. To do so, propagate the +pass/fail statistics up to main() for evaluation. While being at it, +move the statistics printing into there as well and get rid of that +redundant assignment to 'test_passed'. + +Signed-off-by: Phil Sutter +(cherry picked from commit c057939d80cc6219a137784c195e14ee1bc62a58) +--- + xlate-test.py | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/xlate-test.py b/xlate-test.py +index 50e9893e956aa..7299dc747295f 100755 +--- a/xlate-test.py ++++ b/xlate-test.py +@@ -54,7 +54,6 @@ xtables_nft_multi = 'xtables-nft-multi' + result.append(magenta("src: ") + line.rstrip(" \n")) + result.append(magenta("exp: ") + expected) + result.append(magenta("res: ") + translation + "\n") +- test_passed = False + else: + passed += 1 + else: +@@ -66,10 +65,7 @@ xtables_nft_multi = 'xtables-nft-multi' + print(name + ": " + green("OK")) + if not test_passed: + print("\n".join(result), file=sys.stderr) +- if args.test: +- print("1 test file, %d tests, %d tests passed, %d tests failed, %d errors" % (tests, passed, failed, errors)) +- else: +- return tests, passed, failed, errors ++ return tests, passed, failed, errors + + + def load_test_files(): +@@ -83,10 +79,9 @@ xtables_nft_multi = 'xtables-nft-multi' + total_passed += passed + total_failed += failed + total_error += errors ++ return (test_files, total_tests, total_passed, total_failed, total_error) + + +- print("%d test files, %d tests, %d tests passed, %d tests failed, %d errors" % (test_files, total_tests, total_passed, total_failed, total_error)) +- + def main(): + global xtables_nft_multi + if not args.host: +@@ -94,16 +89,27 @@ xtables_nft_multi = 'xtables-nft-multi' + xtables_nft_multi = os.path.abspath(os.path.curdir) \ + + '/iptables/' + xtables_nft_multi + ++ files = tests = passed = failed = errors = 0 + if args.test: + if not args.test.endswith(".txlate"): + args.test += ".txlate" + try: + with open(args.test, "r") as payload: +- run_test(args.test, payload) ++ files = 1 ++ tests, passed, failed, errors = run_test(args.test, payload) + except IOError: + print(red("Error: ") + "test file does not exist", file=sys.stderr) ++ return -1 ++ else: ++ files, tests, passed, failed, errors = load_test_files() ++ ++ if files > 1: ++ file_word = "files" + else: +- load_test_files() ++ file_word = "file" ++ print("%d test %s, %d tests, %d tests passed, %d tests failed, %d errors" ++ % (files, file_word, tests, passed, failed, errors)) ++ return passed - tests + + + parser = argparse.ArgumentParser() +@@ -111,4 +117,4 @@ parser.add_argument('-H', '--host', action='store_true', + help='Run tests against installed binaries') + parser.add_argument("test", nargs="?", help="run only the specified test file") + args = parser.parse_args() +-main() ++sys.exit(main()) +-- +2.40.0 + diff --git a/0133-tests-iptables-test-Exit-non-zero-on-error.patch b/0133-tests-iptables-test-Exit-non-zero-on-error.patch new file mode 100644 index 0000000..bd679c9 --- /dev/null +++ b/0133-tests-iptables-test-Exit-non-zero-on-error.patch @@ -0,0 +1,30 @@ +From ccbf512feab4e8fc4bb4e2c0ee7747f2624edc3e Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 6 Sep 2021 13:49:34 +0200 +Subject: [PATCH] tests: iptables-test: Exit non-zero on error + +If any test fails, return a non-zero exit code. + +Signed-off-by: Phil Sutter +(cherry picked from commit 7559af835d8f58375f797f895e1a5410027127d9) +--- + iptables-test.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/iptables-test.py b/iptables-test.py +index 06b9937bbf0e5..0d21f975305db 100755 +--- a/iptables-test.py ++++ b/iptables-test.py +@@ -405,7 +405,8 @@ log_file = None + test_files += 1 + + print("%d test files, %d unit tests, %d passed" % (test_files, tests, passed)) ++ return passed - tests + + + if __name__ == '__main__': +- main() ++ sys.exit(main()) +-- +2.40.0 + diff --git a/0134-tests-shell-Return-non-zero-on-error.patch b/0134-tests-shell-Return-non-zero-on-error.patch new file mode 100644 index 0000000..6460a07 --- /dev/null +++ b/0134-tests-shell-Return-non-zero-on-error.patch @@ -0,0 +1,26 @@ +From b8b02934ad125df53b34af7840be34d5500e1114 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Mon, 6 Sep 2021 17:28:30 +0200 +Subject: [PATCH] tests: shell: Return non-zero on error + +If any test fails, return a non-zero exit code. + +Signed-off-by: Phil Sutter +(cherry picked from commit 481626bb4e9c51477ec99dde0727e3af69d2380f) +--- + iptables/tests/shell/run-tests.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh +index 2125e2cb119bb..fbb17bedc5478 100755 +--- a/iptables/tests/shell/run-tests.sh ++++ b/iptables/tests/shell/run-tests.sh +@@ -176,4 +176,4 @@ failed=$((legacy_fail+failed)) + + msg_info "combined results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" + +-exit 0 ++exit -$failed +-- +2.40.0 + diff --git a/0135-iptables-test.py-print-with-color-escapes-only-when-.patch b/0135-iptables-test.py-print-with-color-escapes-only-when-.patch new file mode 100644 index 0000000..0c333ba --- /dev/null +++ b/0135-iptables-test.py-print-with-color-escapes-only-when-.patch @@ -0,0 +1,70 @@ +From aace6f5ac84d738f6b5f0ed1d56b3713b0435cc4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20N=C4=9Bmec?= +Date: Thu, 2 Sep 2021 13:33:07 +0200 +Subject: [PATCH] iptables-test.py: print with color escapes only when stdout + isatty +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When the output doesn't go to a terminal (typical case: log files), +the escape sequences are just noise. + +Signed-off-by: Štěpán Němec +Signed-off-by: Phil Sutter +(cherry picked from commit b714d45dc4c2423d4df4cbf7ccf238ec441675ef) +--- + iptables-test.py | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/iptables-test.py b/iptables-test.py +index 0d21f975305db..fb9503b6fffb4 100755 +--- a/iptables-test.py ++++ b/iptables-test.py +@@ -32,22 +32,25 @@ EXTENSIONS_PATH = "extensions" + LOGFILE="/tmp/iptables-test.log" + log_file = None + ++STDOUT_IS_TTY = sys.stdout.isatty() + +-class Colors: +- HEADER = '\033[95m' +- BLUE = '\033[94m' +- GREEN = '\033[92m' +- YELLOW = '\033[93m' +- RED = '\033[91m' +- ENDC = '\033[0m' ++def maybe_colored(color, text): ++ terminal_sequences = { ++ 'green': '\033[92m', ++ 'red': '\033[91m', ++ } ++ ++ return ( ++ terminal_sequences[color] + text + '\033[0m' if STDOUT_IS_TTY else text ++ ) + + + def print_error(reason, filename=None, lineno=None): + ''' + Prints an error with nice colors, indicating file and line number. + ''' +- print(filename + ": " + Colors.RED + "ERROR" + +- Colors.ENDC + ": line %d (%s)" % (lineno, reason), file=sys.stderr) ++ print(filename + ": " + maybe_colored('red', "ERROR") + ++ ": line %d (%s)" % (lineno, reason), file=sys.stderr) + + + def delete_rule(iptables, rule, filename, lineno): +@@ -282,7 +285,7 @@ log_file = None + if netns: + execute_cmd("ip netns del ____iptables-container-test", filename, 0) + if total_test_passed: +- print(filename + ": " + Colors.GREEN + "OK" + Colors.ENDC) ++ print(filename + ": " + maybe_colored('green', "OK")) + + f.close() + return tests, passed +-- +2.40.0 + diff --git a/0136-tests-iptables-test-Fix-conditional-colors-on-stderr.patch b/0136-tests-iptables-test-Fix-conditional-colors-on-stderr.patch new file mode 100644 index 0000000..0e08ade --- /dev/null +++ b/0136-tests-iptables-test-Fix-conditional-colors-on-stderr.patch @@ -0,0 +1,64 @@ +From 50470c652e32b3bc2025d45e4d39b47c0aba8e23 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 15 Sep 2021 17:47:15 +0200 +Subject: [PATCH] tests: iptables-test: Fix conditional colors on stderr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Štěpán's patch to make colored output depend on whether output is a TTY +clashed with my change to print errors to stderr instead of stdout. + +Fix this by telling maybe_colored() if it should print colors or not as +only caller knows where output is sent to. + +Signed-off-by: Phil Sutter +(cherry picked from commit 2ed6dc7557b8c4a70bfd81684a72737312d7bd4b) +--- + iptables-test.py | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/iptables-test.py b/iptables-test.py +index fb9503b6fffb4..d54ed428ddefb 100755 +--- a/iptables-test.py ++++ b/iptables-test.py +@@ -33,15 +33,16 @@ LOGFILE="/tmp/iptables-test.log" + log_file = None + + STDOUT_IS_TTY = sys.stdout.isatty() ++STDERR_IS_TTY = sys.stderr.isatty() + +-def maybe_colored(color, text): ++def maybe_colored(color, text, isatty): + terminal_sequences = { + 'green': '\033[92m', + 'red': '\033[91m', + } + + return ( +- terminal_sequences[color] + text + '\033[0m' if STDOUT_IS_TTY else text ++ terminal_sequences[color] + text + '\033[0m' if isatty else text + ) + + +@@ -49,7 +50,7 @@ STDOUT_IS_TTY = sys.stdout.isatty() + ''' + Prints an error with nice colors, indicating file and line number. + ''' +- print(filename + ": " + maybe_colored('red', "ERROR") + ++ print(filename + ": " + maybe_colored('red', "ERROR", STDERR_IS_TTY) + + ": line %d (%s)" % (lineno, reason), file=sys.stderr) + + +@@ -285,7 +286,7 @@ STDOUT_IS_TTY = sys.stdout.isatty() + if netns: + execute_cmd("ip netns del ____iptables-container-test", filename, 0) + if total_test_passed: +- print(filename + ": " + maybe_colored('green', "OK")) ++ print(filename + ": " + maybe_colored('green', "OK", STDOUT_IS_TTY)) + + f.close() + return tests, passed +-- +2.40.0 + diff --git a/iptables-test.stderr.expect b/iptables-test.stderr.expect new file mode 100644 index 0000000..5a09a93 --- /dev/null +++ b/iptables-test.stderr.expect @@ -0,0 +1,39 @@ +extensions/libip6t_srh.t: ERROR: line 2 (cannot load: ip6tables -A INPUT -m srh --srh-next-hdr 17) +extensions/libip6t_srh.t: ERROR: line 3 (cannot load: ip6tables -A INPUT -m srh --srh-hdr-len-eq 8) +extensions/libip6t_srh.t: ERROR: line 4 (cannot load: ip6tables -A INPUT -m srh --srh-hdr-len-gt 8) +extensions/libip6t_srh.t: ERROR: line 5 (cannot load: ip6tables -A INPUT -m srh --srh-hdr-len-lt 8) +extensions/libip6t_srh.t: ERROR: line 6 (cannot load: ip6tables -A INPUT -m srh --srh-segs-left-eq 1) +extensions/libip6t_srh.t: ERROR: line 7 (cannot load: ip6tables -A INPUT -m srh --srh-segs-left-gt 1) +extensions/libip6t_srh.t: ERROR: line 8 (cannot load: ip6tables -A INPUT -m srh --srh-segs-left-lt 1) +extensions/libip6t_srh.t: ERROR: line 9 (cannot load: ip6tables -A INPUT -m srh --srh-last-entry-eq 4) +extensions/libip6t_srh.t: ERROR: line 10 (cannot load: ip6tables -A INPUT -m srh --srh-last-entry-gt 4) +extensions/libip6t_srh.t: ERROR: line 11 (cannot load: ip6tables -A INPUT -m srh --srh-last-entry-lt 4) +extensions/libip6t_srh.t: ERROR: line 12 (cannot load: ip6tables -A INPUT -m srh --srh-tag 0) +extensions/libip6t_srh.t: ERROR: line 13 (cannot load: ip6tables -A INPUT -m srh ! --srh-next-hdr 17) +extensions/libip6t_srh.t: ERROR: line 14 (cannot load: ip6tables -A INPUT -m srh ! --srh-hdr-len-eq 8) +extensions/libip6t_srh.t: ERROR: line 15 (cannot load: ip6tables -A INPUT -m srh ! --srh-hdr-len-gt 8) +extensions/libip6t_srh.t: ERROR: line 16 (cannot load: ip6tables -A INPUT -m srh ! --srh-hdr-len-lt 8) +extensions/libip6t_srh.t: ERROR: line 17 (cannot load: ip6tables -A INPUT -m srh ! --srh-segs-left-eq 1) +extensions/libip6t_srh.t: ERROR: line 18 (cannot load: ip6tables -A INPUT -m srh ! --srh-segs-left-gt 1) +extensions/libip6t_srh.t: ERROR: line 19 (cannot load: ip6tables -A INPUT -m srh ! --srh-segs-left-lt 1) +extensions/libip6t_srh.t: ERROR: line 20 (cannot load: ip6tables -A INPUT -m srh ! --srh-last-entry-eq 4) +extensions/libip6t_srh.t: ERROR: line 21 (cannot load: ip6tables -A INPUT -m srh ! --srh-last-entry-gt 4) +extensions/libip6t_srh.t: ERROR: line 22 (cannot load: ip6tables -A INPUT -m srh ! --srh-last-entry-lt 4) +extensions/libip6t_srh.t: ERROR: line 23 (cannot load: ip6tables -A INPUT -m srh ! --srh-tag 0) +extensions/libip6t_srh.t: ERROR: line 24 (cannot load: ip6tables -A INPUT -m srh --srh-next-hdr 17 --srh-segs-left-eq 1 --srh-last-entry-eq 4 --srh-tag 0) +extensions/libip6t_srh.t: ERROR: line 25 (cannot load: ip6tables -A INPUT -m srh ! --srh-next-hdr 17 ! --srh-segs-left-eq 0 --srh-tag 0) +extensions/libip6t_srh.t: ERROR: line 26 (cannot load: ip6tables -A INPUT -m srh --srh-psid a::/64 --srh-nsid b::/128 --srh-lsid c::/0) +extensions/libip6t_srh.t: ERROR: line 27 (cannot load: ip6tables -A INPUT -m srh ! --srh-psid a::/64 ! --srh-nsid b::/128 ! --srh-lsid c::/0) +extensions/libip6t_srh.t: ERROR: line 28 (cannot load: ip6tables -A INPUT -m srh) +extensions/libipt_CLUSTERIP.t: ERROR: line 3 (cannot load: iptables -A INPUT -d 10.31.3.236/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:AA:7B:47:F7:D7 --total-nodes 2 --local-node 1 --hash-init 1) +extensions/libipt_CLUSTERIP.t: ERROR: line 4 (cannot load: iptables -A INPUT -d 10.31.3.236/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:AA:7B:47:F7:D7 --total-nodes 2 --local-node 2 --hash-init 1) +extensions/libxt_IDLETIMER.t: ERROR: line 5 (cannot load: iptables -A INPUT -j IDLETIMER --timeout 42 --label bar --alarm) +extensions/libxt_LED.t: ERROR: line 3 (cannot load: iptables -A INPUT -j LED --led-trigger-id "foo") +extensions/libxt_LED.t: ERROR: line 4 (cannot load: iptables -A INPUT -j LED --led-trigger-id "foo" --led-delay 42 --led-always-blink) +extensions/libxt_TCPMSS.t: ERROR: line 4 (should fail: iptables -A FORWARD -t mangle -p tcp -j TCPMSS --set-mss 42) +extensions/libxt_ipcomp.t: ERROR: line 2 (cannot load: iptables -A INPUT -p ipcomp -m ipcomp --ipcompspi 18 -j DROP) +extensions/libxt_ipcomp.t: ERROR: line 3 (cannot load: iptables -A INPUT -p ipcomp -m ipcomp ! --ipcompspi 18 -j ACCEPT) +extensions/libxt_time.t: ERROR: line 2 (cannot load: iptables -A INPUT -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05 --kerneltz) +extensions/libxt_time.t: ERROR: line 3 (cannot load: iptables -A INPUT -m time --timestart 01:02:03 --timestop 04:05:06 --monthdays 1,2,3,4,5 --weekdays Mon,Fri,Sun --datestart 2001-02-03T04:05:06 --datestop 2012-09-08T09:06:05) +extensions/libxt_time.t: ERROR: line 4 (cannot load: iptables -A INPUT -m time --timestart 02:00:00 --timestop 03:00:00 --datestart 1970-01-01T02:00:00 --datestop 1970-01-01T03:00:00) +extensions/libxt_u32.t: ERROR: line 2 (cannot load: iptables -A INPUT -m u32 --u32 "0x0=0x0&&0x0=0x1") diff --git a/iptables.spec b/iptables.spec index 6b3d4df..50f735b 100644 --- a/iptables.spec +++ b/iptables.spec @@ -10,7 +10,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities URL: http://www.netfilter.org/projects/iptables Version: 1.8.5 -Release: 2%{?dist} +Release: 3%{?dist} Source: %{url}/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -22,6 +22,7 @@ Source7: arptables-helper Source8: ebtables.systemd Source9: ebtables.service Source10: ebtables-config +Source11: iptables-test.stderr.expect Patch001: 0001-build-resolve-iptables-apply-not-getting-installed.patch Patch002: 0002-xtables-translate-don-t-fail-if-help-was-requested.patch @@ -151,6 +152,14 @@ Patch125: 0125-arptables-Fix-parsing-of-inverted-arp-operation-matc.patch Patch126: 0126-arptables-Don-t-omit-standard-matches-if-inverted.patch Patch127: 0127-Revert-arptables-Check-the-mandatory-ar_pln-match.patch Patch128: 0128-extensions-SECMARK-Use-a-better-context-in-test-case.patch +Patch129: 0129-tests-xlate-test-Print-errors-to-stderr.patch +Patch130: 0130-iptables-test-Make-netns-spawning-more-robust.patch +Patch131: 0131-tests-iptables-test-Print-errors-to-stderr.patch +Patch132: 0132-tests-xlate-test-Exit-non-zero-on-error.patch +Patch133: 0133-tests-iptables-test-Exit-non-zero-on-error.patch +Patch134: 0134-tests-shell-Return-non-zero-on-error.patch +Patch135: 0135-iptables-test.py-print-with-color-escapes-only-when-.patch +Patch136: 0136-tests-iptables-test-Fix-conditional-colors-on-stderr.patch # pf.os: ISC license # iptables-apply: Artistic Licence 2.0 @@ -522,6 +531,10 @@ done %doc %{_mandir}/man8/ebtables*.8* %changelog +* Tue Jul 04 2023 Phil Sutter - 1.8.5-3 +- Add expected test results +- Prepare testsuites for expected results + * Wed Jun 28 2023 Phil Sutter - 1.8.5-2 - libnftnl package was rebased, depending on 1.1.6 is fine