* [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
@ 2022-07-28 11:31 Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 2/3] xshared: Fix for missing space after 'prot' column Phil Sutter
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Phil Sutter @ 2022-07-28 11:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: Erik Skultety, Florian Westphal
Adjust captured output, ip6tables prints '--' instead of spaces since
the commit in Fixes: tag.
Fixes: 6e41c2d8747b2 ("iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
.../testcases/ip6tables/0002-verbose-output_0 | 20 +++++++++----------
.../ipt-restore/0014-verbose-restore_0 | 2 +-
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
index 7624cbab655ad..4e754156ba589 100755
--- a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
@@ -6,15 +6,15 @@ set -e
# ensure verbose output is identical between legacy and nft tools
RULE1='-i eth2 -o eth3 -s feed:babe::1 -d feed:babe::2 -j ACCEPT'
-VOUT1='ACCEPT all opt in eth2 out eth3 feed:babe::1 -> feed:babe::2'
+VOUT1='ACCEPT all opt -- in eth2 out eth3 feed:babe::1 -> feed:babe::2'
RULE2='-i eth2 -o eth3 -s feed:babe::4 -d feed:babe::5 -j ACCEPT'
-VOUT2='ACCEPT all opt in eth2 out eth3 feed:babe::4 -> feed:babe::5'
+VOUT2='ACCEPT all opt -- in eth2 out eth3 feed:babe::4 -> feed:babe::5'
RULE3='-p icmpv6 -m icmp6 --icmpv6-type no-route'
-VOUT3=' ipv6-icmp opt in * out * ::/0 -> ::/0 ipv6-icmptype 1 code 0'
+VOUT3=' ipv6-icmp opt -- in * out * ::/0 -> ::/0 ipv6-icmptype 1 code 0'
RULE4='-m dst --dst-len 42 -m rt --rt-type 23'
-VOUT4=' all opt in * out * ::/0 -> ::/0 dst length:42 rt type:23'
+VOUT4=' all opt -- in * out * ::/0 -> ::/0 dst length:42 rt type:23'
RULE5='-m frag --fragid 1337 -j LOG'
-VOUT5='LOG all opt in * out * ::/0 -> ::/0 frag id:1337 LOG flags 0 level 4'
+VOUT5='LOG all opt -- in * out * ::/0 -> ::/0 frag id:1337 LOG flags 0 level 4'
diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -A FORWARD $RULE1)
diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -I FORWARD 2 $RULE2)
@@ -33,11 +33,11 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
- 0 0 ACCEPT all eth2 eth3 feed:babe::1 feed:babe::2
- 0 0 ACCEPT all eth2 eth3 feed:babe::4 feed:babe::5
- 0 0 ipv6-icmp * * ::/0 ::/0 ipv6-icmptype 1 code 0
- 0 0 all * * ::/0 ::/0 dst length:42 rt type:23
- 0 0 LOG all * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
+ 0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2
+ 0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5
+ 0 0 ipv6-icmp-- * * ::/0 ::/0 ipv6-icmptype 1 code 0
+ 0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23
+ 0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination'
diff --git a/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0 b/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0
index 5daf7a78a5334..087156b121be0 100755
--- a/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0
+++ b/iptables/tests/shell/testcases/ipt-restore/0014-verbose-restore_0
@@ -60,7 +60,7 @@ Flushing chain \`OUTPUT'
Flushing chain \`secfoo'
Deleting chain \`secfoo'"
-EXPECT6=$(sed -e 's/0\.0\.0\.0/::/g' -e 's/opt --/opt /' <<< "$EXPECT")
+EXPECT6=$(sed -e 's/0\.0\.0\.0/::/g' <<< "$EXPECT")
diff -u -Z <(echo "$EXPECT") <($XT_MULTI iptables-restore -v <<< "$DUMP")
diff -u -Z <(echo "$EXPECT6") <($XT_MULTI ip6tables-restore -v <<< "$DUMP")
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [iptables PATCH 2/3] xshared: Fix for missing space after 'prot' column
2022-07-28 11:31 [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Phil Sutter
@ 2022-07-28 11:31 ` Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 3/3] xshared: Print protocol numbers if --numeric was given Phil Sutter
2022-07-28 13:26 ` [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Florian Westphal
2 siblings, 0 replies; 6+ messages in thread
From: Phil Sutter @ 2022-07-28 11:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: Erik Skultety, Florian Westphal
Format string ensured a minimum field width of five characters, but
allowed for longer strings to eat the column delimiting white space.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
.../tests/shell/testcases/ip6tables/0002-verbose-output_0 | 2 +-
iptables/xshared.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
index 4e754156ba589..dad01a982a915 100755
--- a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
@@ -35,7 +35,7 @@ Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2
0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5
- 0 0 ipv6-icmp-- * * ::/0 ::/0 ipv6-icmptype 1 code 0
+ 0 0 ipv6-icmp -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23
0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b1088c8234426..ccec4ff1bceef 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1093,9 +1093,9 @@ void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs,
fputc(invflags & XT_INV_PROTO ? '!' : ' ', stdout);
if (pname)
- printf(FMT("%-5s", "%s "), pname);
+ printf(FMT("%-4s ", "%s "), pname);
else
- printf(FMT("%-5hu", "%hu "), proto);
+ printf(FMT("%-4hu ", "%hu "), proto);
}
void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [iptables PATCH 3/3] xshared: Print protocol numbers if --numeric was given
2022-07-28 11:31 [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 2/3] xshared: Fix for missing space after 'prot' column Phil Sutter
@ 2022-07-28 11:31 ` Phil Sutter
2022-07-28 13:26 ` [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Florian Westphal
2 siblings, 0 replies; 6+ messages in thread
From: Phil Sutter @ 2022-07-28 11:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: Erik Skultety, Florian Westphal
This is much trickier than expected: On one hand, proto_to_name() is
used to lookup protocol extensions so must resolve despite FMT_NUMERIC
being set. On the other, --verbose implies --numeric but changing the
output there is probably a bad idea. Luckily the latter situation is
identified by FMT_NOTABLE bit.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
.../shell/testcases/ip6tables/0002-verbose-output_0 | 10 +++++-----
.../testcases/ipt-restore/0011-noflush-empty-line_0 | 2 +-
.../shell/testcases/iptables/0002-verbose-output_0 | 4 ++--
iptables/xshared.c | 6 +++---
4 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
index dad01a982a915..2a1518d6fb0de 100755
--- a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
@@ -33,11 +33,11 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
- 0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2
- 0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5
- 0 0 ipv6-icmp -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
- 0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23
- 0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
+ 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::1 feed:babe::2
+ 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::4 feed:babe::5
+ 0 0 58 -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
+ 0 0 0 -- * * ::/0 ::/0 dst length:42 rt type:23
+ 0 0 LOG 0 -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination'
diff --git a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
index bea1a690bb624..1a3af46fc4756 100755
--- a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
+++ b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
@@ -12,5 +12,5 @@ EOF
EXPECT='Chain FORWARD (policy ACCEPT)
target prot opt source destination
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 '
+ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 '
diff -u <(echo "$EXPECT") <($XT_MULTI iptables -n -L FORWARD)
diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
index 5d2af4c8d2ab2..15c72af309186 100755
--- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
@@ -21,8 +21,8 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
- 0 0 ACCEPT all -- eth2 eth3 10.0.0.1 10.0.0.2
- 0 0 ACCEPT all -- eth2 eth3 10.0.0.4 10.0.0.5
+ 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.1 10.0.0.2
+ 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.4 10.0.0.5
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination'
diff --git a/iptables/xshared.c b/iptables/xshared.c
index ccec4ff1bceef..695157896d521 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1092,10 +1092,10 @@ void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs,
fputc(invflags & XT_INV_PROTO ? '!' : ' ', stdout);
- if (pname)
- printf(FMT("%-4s ", "%s "), pname);
- else
+ if (((format & (FMT_NUMERIC | FMT_NOTABLE)) == FMT_NUMERIC) || !pname)
printf(FMT("%-4hu ", "%hu "), proto);
+ else
+ printf(FMT("%-4s ", "%s "), pname);
}
void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
2022-07-28 11:31 [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 2/3] xshared: Fix for missing space after 'prot' column Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 3/3] xshared: Print protocol numbers if --numeric was given Phil Sutter
@ 2022-07-28 13:26 ` Florian Westphal
2022-07-29 9:54 ` Phil Sutter
2 siblings, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2022-07-28 13:26 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel, Erik Skultety, Florian Westphal
Phil Sutter <phil@nwl.cc> wrote:
> Adjust captured output, ip6tables prints '--' instead of spaces since
> the commit in Fixes: tag.
Thanks, all 3 patches look good to me.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
2022-07-28 13:26 ` [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Florian Westphal
@ 2022-07-29 9:54 ` Phil Sutter
2022-07-29 13:07 ` Erik Skultety
0 siblings, 1 reply; 6+ messages in thread
From: Phil Sutter @ 2022-07-29 9:54 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel, Erik Skultety
On Thu, Jul 28, 2022 at 03:26:34PM +0200, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
> > Adjust captured output, ip6tables prints '--' instead of spaces since
> > the commit in Fixes: tag.
>
> Thanks, all 3 patches look good to me.
Series applied, thanks for your review.
Cheers, Phil
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output
2022-07-29 9:54 ` Phil Sutter
@ 2022-07-29 13:07 ` Erik Skultety
0 siblings, 0 replies; 6+ messages in thread
From: Erik Skultety @ 2022-07-29 13:07 UTC (permalink / raw)
To: Phil Sutter, Florian Westphal, netfilter-devel
On Fri, Jul 29, 2022 at 11:54:54AM +0200, Phil Sutter wrote:
> On Thu, Jul 28, 2022 at 03:26:34PM +0200, Florian Westphal wrote:
> > Phil Sutter <phil@nwl.cc> wrote:
> > > Adjust captured output, ip6tables prints '--' instead of spaces since
> > > the commit in Fixes: tag.
> >
> > Thanks, all 3 patches look good to me.
>
> Series applied, thanks for your review.
>
> Cheers, Phil
>
Thank you for taking care of the fixes Phil, much appreciated.
Regards,
Erik
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-07-29 13:08 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-28 11:31 [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 2/3] xshared: Fix for missing space after 'prot' column Phil Sutter
2022-07-28 11:31 ` [iptables PATCH 3/3] xshared: Print protocol numbers if --numeric was given Phil Sutter
2022-07-28 13:26 ` [iptables PATCH 1/3] tests: shell: Fix testcases for changed ip6tables opts output Florian Westphal
2022-07-29 9:54 ` Phil Sutter
2022-07-29 13:07 ` Erik Skultety
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).