[libvirt] [tck PATCH 1/3] network: Fix the iptables FORWARD chain name being queried
Erik Skultety
eskultet at redhat.com
Wed Jan 15 14:23:58 UTC 2020
libvirt's has been defining private chains within iptables for a while,
only putting a target labels inside the master FORWARD chain which broke
the networking test suite which wasn't adjusted accordingly.
Signed-off-by: Erik Skultety <eskultet at redhat.com>
---
.../networks/networkxml2hostout/tck-testnet-1.dat | 3 ++-
.../networks/networkxml2hostout/tck-testnet-2.dat | 3 ++-
.../networks/networkxml2hostout/tck-testnet-3.dat | 12 +++++++-----
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/scripts/networks/networkxml2hostout/tck-testnet-1.dat b/scripts/networks/networkxml2hostout/tck-testnet-1.dat
index 3e2ce12..eacd4c4 100644
--- a/scripts/networks/networkxml2hostout/tck-testnet-1.dat
+++ b/scripts/networks/networkxml2hostout/tck-testnet-1.dat
@@ -4,8 +4,9 @@ RETURN all -- 10.1.2.0/24 255.255.255.255
MASQUERADE tcp -- 10.1.2.0/24 !10.1.2.0/24 masq ports: 1024-65535
MASQUERADE udp -- 10.1.2.0/24 !10.1.2.0/24 masq ports: 1024-65535
MASQUERADE all -- 10.1.2.0/24 !10.1.2.0/24
-#iptables -n -L FORWARD | grep ' 10\.1\.2\.' | sed -e 's/ctstate/state/'
+#iptables -n -L LIBVIRT_FWI | grep ' 10\.1\.2\.' | sed -e 's/ctstate/state/'
ACCEPT all -- 0.0.0.0/0 10.1.2.0/24 state RELATED,ESTABLISHED
+#iptables -n -L LIBVIRT_FWO | grep ' 10\.1\.2\.'
ACCEPT all -- 10.1.2.0/24 0.0.0.0/0
#ip -o route show dev tck-testbr | gawk '{print $1" "$7}'
10.1.2.0/24 10.1.2.1
diff --git a/scripts/networks/networkxml2hostout/tck-testnet-2.dat b/scripts/networks/networkxml2hostout/tck-testnet-2.dat
index 48b4b28..9c90348 100644
--- a/scripts/networks/networkxml2hostout/tck-testnet-2.dat
+++ b/scripts/networks/networkxml2hostout/tck-testnet-2.dat
@@ -1,5 +1,6 @@
-#iptables -L FORWARD -n | grep ' 10\.1\.2\.'
+#iptables -L LIBVIRT_FWI -n | grep ' 10\.1\.2\.'
ACCEPT all -- 0.0.0.0/0 10.1.2.0/24
+#iptables -L LIBVIRT_FWO -n | grep ' 10\.1\.2\.'
ACCEPT all -- 10.1.2.0/24 0.0.0.0/0
#iptables -t nat -L -n | grep ' 10\.1\.2\.'
#ip -o route show dev tck-testbr | gawk '{print $1" "$7}'
diff --git a/scripts/networks/networkxml2hostout/tck-testnet-3.dat b/scripts/networks/networkxml2hostout/tck-testnet-3.dat
index fca4f81..77664ba 100644
--- a/scripts/networks/networkxml2hostout/tck-testnet-3.dat
+++ b/scripts/networks/networkxml2hostout/tck-testnet-3.dat
@@ -4,14 +4,16 @@ RETURN all -- 10.1.2.0/24 255.255.255.255
MASQUERADE tcp -- 10.1.2.0/24 !10.1.2.0/24 masq ports: 1024-65535
MASQUERADE udp -- 10.1.2.0/24 !10.1.2.0/24 masq ports: 1024-65535
MASQUERADE all -- 10.1.2.0/24 !10.1.2.0/24
-#iptables -n -L FORWARD | grep ' 10\.1\.2\.' | sed -e 's/ctstate/state/'
+#iptables -n -L LIBVIRT_FWI | grep ' 10\.1\.2\.' | sed -e 's/ctstate/state/'
ACCEPT all -- 0.0.0.0/0 10.1.2.0/24 state RELATED,ESTABLISHED
-ACCEPT all -- 10.1.2.0/24 0.0.0.0/0
-#ip6tables -n -L FORWARD | grep ' 2001:db8:ac10'
+#iptables -n -L LIBVIRT_FWO | grep ' 10\.1\.2\.'
+ACCEPT all -- 10.1.2.0/24 0.0.0.0/0
+#ip6tables -n -L LIBVIRT_FWI | grep ' 2001:db8:ac10'
ACCEPT all ::/0 2001:db8:ac10:fd01::/64
-ACCEPT all 2001:db8:ac10:fd01::/64 ::/0
ACCEPT all ::/0 2001:db8:ac10:fe01::/64
-ACCEPT all 2001:db8:ac10:fe01::/64 ::/0
+#ip6tables -n -L LIBVIRT_FWO | grep ' 2001:db8:ac10'
+ACCEPT all 2001:db8:ac10:fd01::/64 ::/0
+ACCEPT all 2001:db8:ac10:fe01::/64 ::/0
#ps aux | sed -n '/dnsmasq .*tck-testnet/ s|.*\(\/dnsmasq\/tck-testnet.conf\).*|\1|p' | head -1
/dnsmasq/tck-testnet.conf
#grep bind-dynamic `ps aux | sed -n '0,/dnsmasq .*tck-testnet/ s|.*--conf-file=\(.*tck-testnet.conf\).*|\1|p'`
--
2.24.1
More information about the libvir-list
mailing list