Re: [PATCH 2/2] nwfilterxml2firewalltest: Use virqsortmock for stable sorting

On Wed, Nov 22, 2023 at 11:49:55AM +0100, Michal Privoznik wrote: > The way that nwfilterxml2firewalltest works is: it loads a > NWFilter XML from a file, parses it and then calls > ebiptablesApplyNewRules() recording all commands that would be > executed when instantiating the rule. This is then compared to > expected output. > > But the very first thing that ebiptablesApplyNewRules() does, it > calls qsort() to sort the rules. But with new glibc, qsort() is > not stable anymore and thus the order in which two rules with > equal priorities are applied is not guaranteed. > > Use qsort() from virqsortmock which produces stable results. Aside from the test suite, I'm not too happy with the idea that our ordering of applying rules is non-deterministic :-( There is a well defined ordering for rules - the order in which the user/app listed them in the virNWFilterDef XML document. We have to override this for sorting by priority, but when priority matches, IMHO we should honour the XML rules ordering. I have no idea how hard that is to achieve though, as the place where we do the qsort() seems quite remote from the place where we know the XML doc ordering.