7:30 a.m.
On Tue, Apr 30, 2024 at 01:44:14PM -0400, Laine Stump wrote:
Run all the networkxml2firewall tests twice - once with iptables
backend, and once with the nftables backend.
The results files for the existing iptables tests were previously
named *.args. That has been changed to *.iptables, and the results
files for the new nftables tests are named *.nftables.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
.../{base.args => base.iptables} | 0
tests/networkxml2firewalldata/base.nftables | 256 ++++++++++
...-linux.args => nat-default-linux.iptables} | 0
.../nat-default-linux.nftables | 248 +++++++++
...pv6-linux.args => nat-ipv6-linux.iptables} | 0
.../nat-ipv6-linux.nftables | 384 ++++++++++++++
...rgs => nat-ipv6-masquerade-linux.iptables} | 0
.../nat-ipv6-masquerade-linux.nftables | 456 +++++++++++++++++
...linux.args => nat-many-ips-linux.iptables} | 0
.../nat-many-ips-linux.nftables | 472 ++++++++++++++++++
...-linux.args => nat-no-dhcp-linux.iptables} | 0
.../nat-no-dhcp-linux.nftables | 384 ++++++++++++++
...ftp-linux.args => nat-tftp-linux.iptables} | 0
.../nat-tftp-linux.nftables | 274 ++++++++++
...inux.args => route-default-linux.iptables} | 0
.../route-default-linux.nftables | 162 ++++++
tests/networkxml2firewalltest.c | 56 ++-
17 files changed, 2678 insertions(+), 14 deletions(-)
rename tests/networkxml2firewalldata/{base.args => base.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/base.nftables
rename tests/networkxml2firewalldata/{nat-default-linux.args =>
nat-default-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-default-linux.nftables
rename tests/networkxml2firewalldata/{nat-ipv6-linux.args => nat-ipv6-linux.iptables}
(100%)
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-linux.nftables
rename tests/networkxml2firewalldata/{nat-ipv6-masquerade-linux.args =>
nat-ipv6-masquerade-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
rename tests/networkxml2firewalldata/{nat-many-ips-linux.args =>
nat-many-ips-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-many-ips-linux.nftables
rename tests/networkxml2firewalldata/{nat-no-dhcp-linux.args =>
nat-no-dhcp-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
rename tests/networkxml2firewalldata/{nat-tftp-linux.args => nat-tftp-linux.iptables}
(100%)
create mode 100644 tests/networkxml2firewalldata/nat-tftp-linux.nftables
rename tests/networkxml2firewalldata/{route-default-linux.args =>
route-default-linux.iptables} (100%)
create mode 100644 tests/networkxml2firewalldata/route-default-linux.nftables
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
diff --git a/tests/networkxml2firewalldata/base.args
b/tests/networkxml2firewalldata/base.iptables
similarity index 100%
rename from tests/networkxml2firewalldata/base.args
rename to tests/networkxml2firewalldata/base.iptables
diff --git a/tests/networkxml2firewalldata/base.nftables
b/tests/networkxml2firewalldata/base.nftables
new file mode 100644
index 0000000000..4f1f475a85
--- /dev/null
+++ b/tests/networkxml2firewalldata/base.nftables
@@ -0,0 +1,256 @@
+nft \
+list \
+table \
+ip \
+libvirt
+nft \
+add \
+table \
+ip \
+libvirt
+nft \
+add \
+chain \
+ip \
+libvirt \
+INPUT \
+'{ type filter hook input priority 0; policy accept; }'
...snip...
Pre-existing issue. I've never much liked the formatting we have
in these files.
IIRC the history was...
QEMU command lines get insanely large, so we had line breaks at
~80 chars. This resulting in ugly diffs when 1 QEMU arg changed
as it could trigger re-wrapping everything. So we changed to
one arg per line, which is actually pretty nice to read for the
QEMU command lines, since each arg is still quite large and fills
the lines.
I think our mistake, however, was to extend the same line wrapping
approach to all our test data files.
We would be better served by *never* line wrapping at all for any
test data files involving sane command lengths.
I'd say we should never wrap if a command fits within say 150 chars.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|