* Re: [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override
[not found] ` <20190219193953.29066-4-phil@nwl.cc>
@ 2019-03-01 12:52 ` Pablo Neira Ayuso
2019-03-01 18:08 ` Phil Sutter
0 siblings, 1 reply; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-01 12:52 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
Hi Phil,
On Tue, Feb 19, 2019 at 08:39:51PM +0100, Phil Sutter wrote:
> Check for environment variable XT_CONNLABEL_CFG and if set use its value
> as path to connlabel.conf.
>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> extensions/libxt_connlabel.c | 6 ++++--
> extensions/libxt_connlabel.man | 2 ++
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
> index d06bb27a7c2e9..9a2f9ce34647e 100644
> --- a/extensions/libxt_connlabel.c
> +++ b/extensions/libxt_connlabel.c
> @@ -3,6 +3,7 @@
> #include <string.h>
> #include <stdio.h>
> #include <stdint.h>
> +#include <stdlib.h>
> #include <xtables.h>
> #include <linux/netfilter/xt_connlabel.h>
> #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> @@ -39,11 +40,12 @@ static void connlabel_open(void)
> if (map)
> return;
>
> - map = nfct_labelmap_new(NULL);
> + fname = getenv("XT_CONNLABEL_CFG") ?: nfct_labels_get_path();
Only one question about this one: Would you need anything similar for
nft? If so, probably it's better to place this code in
libnetfilter_conntrack.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override
2019-03-01 12:52 ` [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override Pablo Neira Ayuso
@ 2019-03-01 18:08 ` Phil Sutter
0 siblings, 0 replies; 13+ messages in thread
From: Phil Sutter @ 2019-03-01 18:08 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Hi Pablo,
On Fri, Mar 01, 2019 at 01:52:09PM +0100, Pablo Neira Ayuso wrote:
> Hi Phil,
>
> On Tue, Feb 19, 2019 at 08:39:51PM +0100, Phil Sutter wrote:
> > Check for environment variable XT_CONNLABEL_CFG and if set use its value
> > as path to connlabel.conf.
> >
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> > extensions/libxt_connlabel.c | 6 ++++--
> > extensions/libxt_connlabel.man | 2 ++
> > 2 files changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
> > index d06bb27a7c2e9..9a2f9ce34647e 100644
> > --- a/extensions/libxt_connlabel.c
> > +++ b/extensions/libxt_connlabel.c
> > @@ -3,6 +3,7 @@
> > #include <string.h>
> > #include <stdio.h>
> > #include <stdint.h>
> > +#include <stdlib.h>
> > #include <xtables.h>
> > #include <linux/netfilter/xt_connlabel.h>
> > #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> > @@ -39,11 +40,12 @@ static void connlabel_open(void)
> > if (map)
> > return;
> >
> > - map = nfct_labelmap_new(NULL);
> > + fname = getenv("XT_CONNLABEL_CFG") ?: nfct_labels_get_path();
>
> Only one question about this one: Would you need anything similar for
> nft? If so, probably it's better to place this code in
> libnetfilter_conntrack.
I guess not: In nftables, /etc/connlabel.conf is manually parsed via
call to rt_symbol_table_init(). So while I could add the above to
libnetfilter_conntrack, it wouldn't affect nftables.
Cheers, Phil
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
[not found] ` <20190219193953.29066-6-phil@nwl.cc>
@ 2019-03-03 21:03 ` Florian Westphal
2019-03-04 12:43 ` Phil Sutter
0 siblings, 1 reply; 13+ messages in thread
From: Florian Westphal @ 2019-03-03 21:03 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel
Phil Sutter <phil@nwl.cc> wrote:
Sorry for being late.
> +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> -m connlabel --label "bit40";=;OK
> -m connlabel ! --label "bit40";=;OK
> -m connlabel --label "bit41" --set;=;OK
> -m connlabel ! --label "bit41" --set;=;OK
> -m connlabel --label "bit128";;FAIL
Maybe we should forget about the label names and just tests
-m connlabel --label 127
i.e., parse the numeric value instead of providing a fake
one. I agree that temporary replace of hosts one is bad.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
2019-03-03 21:03 ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Florian Westphal
@ 2019-03-04 12:43 ` Phil Sutter
2019-03-04 13:07 ` Pablo Neira Ayuso
0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-04 12:43 UTC (permalink / raw)
To: Florian Westphal; +Cc: Pablo Neira Ayuso, netfilter-devel
Hi,
On Sun, Mar 03, 2019 at 10:03:02PM +0100, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
>
> Sorry for being late.
No worries, it is not urgent.
> > +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> > -m connlabel --label "bit40";=;OK
> > -m connlabel ! --label "bit40";=;OK
> > -m connlabel --label "bit41" --set;=;OK
> > -m connlabel ! --label "bit41" --set;=;OK
> > -m connlabel --label "bit128";;FAIL
>
> Maybe we should forget about the label names and just tests
> -m connlabel --label 127
>
> i.e., parse the numeric value instead of providing a fake
> one. I agree that temporary replace of hosts one is bad.
Fine with me as well. Obviously this would reduce code coverage of
tests, although not much since libnetfilter_conntrack is used for label
map lookup.
Cheers, Phil
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
2019-03-04 12:43 ` Phil Sutter
@ 2019-03-04 13:07 ` Pablo Neira Ayuso
2019-03-04 14:59 ` Phil Sutter
0 siblings, 1 reply; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-04 13:07 UTC (permalink / raw)
To: Phil Sutter, Florian Westphal, netfilter-devel
On Mon, Mar 04, 2019 at 01:43:11PM +0100, Phil Sutter wrote:
> Hi,
>
> On Sun, Mar 03, 2019 at 10:03:02PM +0100, Florian Westphal wrote:
> > Phil Sutter <phil@nwl.cc> wrote:
> >
> > Sorry for being late.
>
> No worries, it is not urgent.
>
> > > +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> > > -m connlabel --label "bit40";=;OK
> > > -m connlabel ! --label "bit40";=;OK
> > > -m connlabel --label "bit41" --set;=;OK
> > > -m connlabel ! --label "bit41" --set;=;OK
> > > -m connlabel --label "bit128";;FAIL
> >
> > Maybe we should forget about the label names and just tests
> > -m connlabel --label 127
> >
> > i.e., parse the numeric value instead of providing a fake
> > one. I agree that temporary replace of hosts one is bad.
>
> Fine with me as well. Obviously this would reduce code coverage of
> tests, although not much since libnetfilter_conntrack is used for label
> map lookup.
We can probably place some mapping lookup tests for this in
libnetfilter_conntrack.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
2019-03-04 13:07 ` Pablo Neira Ayuso
@ 2019-03-04 14:59 ` Phil Sutter
2019-03-04 15:02 ` Florian Westphal
2019-03-08 18:12 ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
0 siblings, 2 replies; 13+ messages in thread
From: Phil Sutter @ 2019-03-04 14:59 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel
Hi,
On Mon, Mar 04, 2019 at 02:07:55PM +0100, Pablo Neira Ayuso wrote:
> On Mon, Mar 04, 2019 at 01:43:11PM +0100, Phil Sutter wrote:
> > Hi,
> >
> > On Sun, Mar 03, 2019 at 10:03:02PM +0100, Florian Westphal wrote:
> > > Phil Sutter <phil@nwl.cc> wrote:
> > >
> > > Sorry for being late.
> >
> > No worries, it is not urgent.
> >
> > > > +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> > > > -m connlabel --label "bit40";=;OK
> > > > -m connlabel ! --label "bit40";=;OK
> > > > -m connlabel --label "bit41" --set;=;OK
> > > > -m connlabel ! --label "bit41" --set;=;OK
> > > > -m connlabel --label "bit128";;FAIL
> > >
> > > Maybe we should forget about the label names and just tests
> > > -m connlabel --label 127
> > >
> > > i.e., parse the numeric value instead of providing a fake
> > > one. I agree that temporary replace of hosts one is bad.
> >
> > Fine with me as well. Obviously this would reduce code coverage of
> > tests, although not much since libnetfilter_conntrack is used for label
> > map lookup.
Argh. So I started with simply dropping all the connlabel.conf mangling
in libxt_connlabel.t along with replacing the names by values. Turns out
the extension exits if file wasn't found, no big deal changing that.
Doing so I discovered that parsing bit values is done by
nfct_labelmap_get_bit() as well but only if library initialization has
succeeded. Fine, manual parsing as a fallback it is. Checking
libnetfilter_conntrack once again to be sure, I noticed that it doesn't
accept bit values unless they appear in connlabel.conf. Now I start
changing functional behaviour and dropping label name test becomes a
larger change than supporting connlabel.conf in non-standard path. /o\
> We can probably place some mapping lookup tests for this in
> libnetfilter_conntrack.
I just found the ominous "qa" directory in there, so I guess we're
already fine in that regard. :)
Cheers, Phil
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
2019-03-04 14:59 ` Phil Sutter
@ 2019-03-04 15:02 ` Florian Westphal
2019-03-04 15:53 ` [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf Phil Sutter
2019-03-08 18:12 ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
1 sibling, 1 reply; 13+ messages in thread
From: Florian Westphal @ 2019-03-04 15:02 UTC (permalink / raw)
To: Phil Sutter, Pablo Neira Ayuso, Florian Westphal, netfilter-devel
Phil Sutter <phil@nwl.cc> wrote:
> libnetfilter_conntrack once again to be sure, I noticed that it doesn't
> accept bit values unless they appear in connlabel.conf. Now I start
> changing functional behaviour and dropping label name test becomes a
> larger change than supporting connlabel.conf in non-standard path. /o\
I think it would make sense to accept raw numbers as well as a fallback.
We accept it from nftables, and IIRC the extension will print the raw
hex value if it can't map it back to a name on -save.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf
2019-03-04 15:02 ` Florian Westphal
@ 2019-03-04 15:53 ` Phil Sutter
2019-03-08 19:20 ` Florian Westphal
0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-04 15:53 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Florian Westphal
If connlabel.conf was not found, fall back to manually parsing arguments
as plain numbers.
If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
Therefore make sure it is not called in connlabel_get_name() if that's
the case.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
This patch supersedes patches 3-5 of this series.
---
extensions/libxt_connlabel.c | 49 ++++++++++++++++++++++++-------
extensions/libxt_connlabel.t | 23 ++++-----------
extensions/libxt_connlabel.txlate | 8 ++---
3 files changed, 48 insertions(+), 32 deletions(-)
diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
index d06bb27a7c2e9..5a01fe7237bd8 100644
--- a/extensions/libxt_connlabel.c
+++ b/extensions/libxt_connlabel.c
@@ -1,8 +1,10 @@
+#define _GNU_SOURCE
#include <errno.h>
#include <stdbool.h>
#include <string.h>
#include <stdio.h>
#include <stdint.h>
+#include <stdlib.h>
#include <xtables.h>
#include <linux/netfilter/xt_connlabel.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
@@ -32,40 +34,59 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
/* cannot do this via _init, else static builds might spew error message
* for every iptables invocation.
*/
-static void connlabel_open(void)
+static int connlabel_open(void)
{
const char *fname;
if (map)
- return;
+ return 0;
map = nfct_labelmap_new(NULL);
if (map != NULL)
- return;
+ return 0;
fname = nfct_labels_get_path();
if (errno) {
- xtables_error(RESOURCE_PROBLEM,
- "cannot open %s: %s", fname, strerror(errno));
+ fprintf(stderr, "Warning: cannot open %s: %s\n",
+ fname, strerror(errno));
} else {
xtables_error(RESOURCE_PROBLEM,
"cannot parse %s: no labels found", fname);
}
+ return 1;
+}
+
+static int connlabel_value_parse(const char *in)
+{
+ char *end;
+ unsigned long value = strtoul(in, &end, 0);
+
+ if (in[0] == '\0' || *end != '\0')
+ return -1;
+
+ return value;
}
static void connlabel_mt_parse(struct xt_option_call *cb)
{
struct xt_connlabel_mtinfo *info = cb->data;
+ bool have_labelmap = !connlabel_open();
int tmp;
- connlabel_open();
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_LABEL:
- tmp = nfct_labelmap_get_bit(map, cb->arg);
+ if (have_labelmap)
+ tmp = nfct_labelmap_get_bit(map, cb->arg);
+ else
+ tmp = connlabel_value_parse(cb->arg);
+
if (tmp < 0)
- xtables_error(PARAMETER_PROBLEM, "label '%s' not found", cb->arg);
+ xtables_error(PARAMETER_PROBLEM,
+ "label '%s' not found or invalid value",
+ cb->arg);
+
info->bit = tmp;
if (cb->invert)
info->options |= XT_CONNLABEL_OP_INVERT;
@@ -81,7 +102,8 @@ static const char *connlabel_get_name(int b)
{
const char *name;
- connlabel_open();
+ if (connlabel_open())
+ return NULL;
name = nfct_labelmap_get_name(map, b);
if (name && strcmp(name, ""))
@@ -134,9 +156,13 @@ static int connlabel_mt_xlate(struct xt_xlate *xl,
const struct xt_connlabel_mtinfo *info =
(const void *)params->match->data;
const char *name = connlabel_get_name(info->bit);
+ char *valbuf = NULL;
- if (name == NULL)
- return 0;
+ if (name == NULL) {
+ if (asprintf(&valbuf, "%u", info->bit) < 0)
+ return 0;
+ name = valbuf;
+ }
if (info->options & XT_CONNLABEL_OP_SET)
xt_xlate_add(xl, "ct label set %s ", name);
@@ -146,6 +172,7 @@ static int connlabel_mt_xlate(struct xt_xlate *xl,
xt_xlate_add(xl, "and %s != ", name);
xt_xlate_add(xl, "%s", name);
+ free(valbuf);
return 1;
}
diff --git a/extensions/libxt_connlabel.t b/extensions/libxt_connlabel.t
index aad1032b5a8bb..7265bd4764865 100644
--- a/extensions/libxt_connlabel.t
+++ b/extensions/libxt_connlabel.t
@@ -1,18 +1,7 @@
:INPUT,FORWARD,OUTPUT
-# Backup the connlabel.conf, then add some label maps for test
-@[ -f /etc/xtables/connlabel.conf ] && mv /etc/xtables/connlabel.conf /tmp/connlabel.conf.bak
-@mkdir -p /etc/xtables
-@echo "40 bit40" > /etc/xtables/connlabel.conf
-@echo "41 bit41" >> /etc/xtables/connlabel.conf
-@echo "128 bit128" >> /etc/xtables/connlabel.conf
--m connlabel --label "bit40";=;OK
--m connlabel ! --label "bit40";=;OK
--m connlabel --label "bit41" --set;=;OK
--m connlabel ! --label "bit41" --set;=;OK
--m connlabel --label "bit128";;FAIL
-@echo > /etc/xtables/connlabel.conf
--m connlabel --label "abc";;FAIL
-@rm -f /etc/xtables/connlabel.conf
--m connlabel --label "abc";;FAIL
-# Restore the original connlabel.conf
-@[ -f /tmp/connlabel.conf.bak ] && mv /tmp/connlabel.conf.bak /etc/xtables/connlabel.conf
+-m connlabel --label "40";=;OK
+-m connlabel ! --label "40";=;OK
+-m connlabel --label "41" --set;=;OK
+-m connlabel ! --label "41" --set;=;OK
+-m connlabel --label "2048";;FAIL
+-m connlabel --label "foobar_not_there";;FAIL
diff --git a/extensions/libxt_connlabel.txlate b/extensions/libxt_connlabel.txlate
index 5be422044637d..12e4ac0351103 100644
--- a/extensions/libxt_connlabel.txlate
+++ b/extensions/libxt_connlabel.txlate
@@ -1,5 +1,5 @@
-iptables-translate -A INPUT -m connlabel --label bit40
-nft add rule ip filter INPUT ct label bit40 counter
+iptables-translate -A INPUT -m connlabel --label 40
+nft add rule ip filter INPUT ct label 40 counter
-iptables-translate -A INPUT -m connlabel ! --label bit40 --set
-nft add rule ip filter INPUT ct label set bit40 ct label and bit40 != bit40 counter
+iptables-translate -A INPUT -m connlabel ! --label 40 --set
+nft add rule ip filter INPUT ct label set 40 ct label and 40 != 40 counter
--
2.20.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
2019-03-04 14:59 ` Phil Sutter
2019-03-04 15:02 ` Florian Westphal
@ 2019-03-08 18:12 ` Pablo Neira Ayuso
2019-03-09 10:51 ` [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests' Phil Sutter
1 sibling, 1 reply; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-08 18:12 UTC (permalink / raw)
To: Phil Sutter, Florian Westphal, netfilter-devel
On Mon, Mar 04, 2019 at 03:59:01PM +0100, Phil Sutter wrote:
> On Mon, Mar 04, 2019 at 02:07:55PM +0100, Pablo Neira Ayuso wrote:
> > On Mon, Mar 04, 2019 at 01:43:11PM +0100, Phil Sutter wrote:
[...]
> > We can probably place some mapping lookup tests for this in
> > libnetfilter_conntrack.
>
> I just found the ominous "qa" directory in there, so I guess we're
> already fine in that regard. :)
We could rename this to a more orthodox tests/ directory :-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf
2019-03-04 15:53 ` [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf Phil Sutter
@ 2019-03-08 19:20 ` Florian Westphal
0 siblings, 0 replies; 13+ messages in thread
From: Florian Westphal @ 2019-03-08 19:20 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel, Florian Westphal
Phil Sutter <phil@nwl.cc> wrote:
> If connlabel.conf was not found, fall back to manually parsing arguments
> as plain numbers.
>
> If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
> Therefore make sure it is not called in connlabel_get_name() if that's
> the case.
>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> This patch supersedes patches 3-5 of this series.
Applied, thanks for updating this.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests'
2019-03-08 18:12 ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
@ 2019-03-09 10:51 ` Phil Sutter
2019-03-09 10:56 ` [libnetfilter_conntrack PATCH v2] " Phil Sutter
0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-09 10:51 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
When searching for library tests, 'qa' is easily overlooked. Use a more
common name instead.
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Makefile.am | 2 +-
{qa => tests}/.gitignore | 0
{qa => tests}/Makefile.am | 0
{qa => tests}/ct_echo_event.c | 0
{qa => tests}/ct_echo_event.sh | 0
{qa => tests}/ct_events_reliable.c | 0
{qa => tests}/ct_mark_filter.c | 0
{qa => tests}/ct_mark_filter.sh | 0
{qa => tests}/ct_stress.c | 0
{qa => tests}/inetd.conf | 0
{qa => tests}/nssocket.c | 0
{qa => tests}/nssocket.h | 0
{qa => tests}/nssocket_env.sh | 0
{qa => tests}/qa-connlabel.conf | 0
{qa => tests}/test_api.c | 0
{qa => tests}/test_connlabel.c | 2 +-
{qa => tests}/test_filter.c | 0
17 files changed, 2 insertions(+), 2 deletions(-)
rename {qa => tests}/.gitignore (100%)
rename {qa => tests}/Makefile.am (100%)
rename {qa => tests}/ct_echo_event.c (100%)
rename {qa => tests}/ct_echo_event.sh (100%)
rename {qa => tests}/ct_events_reliable.c (100%)
rename {qa => tests}/ct_mark_filter.c (100%)
rename {qa => tests}/ct_mark_filter.sh (100%)
rename {qa => tests}/ct_stress.c (100%)
rename {qa => tests}/inetd.conf (100%)
rename {qa => tests}/nssocket.c (100%)
rename {qa => tests}/nssocket.h (100%)
rename {qa => tests}/nssocket_env.sh (100%)
rename {qa => tests}/qa-connlabel.conf (100%)
rename {qa => tests}/test_api.c (100%)
rename {qa => tests}/test_connlabel.c (96%)
rename {qa => tests}/test_filter.c (100%)
diff --git a/Makefile.am b/Makefile.am
index baa98ade1a5ec..1a53c1086a508 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,7 +2,7 @@ include $(top_srcdir)/Make_global.am
ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = include src utils examples qa
+SUBDIRS = include src utils examples tests
man_MANS = #nfnetlink_conntrack.3 nfnetlink_conntrack.7
diff --git a/qa/.gitignore b/tests/.gitignore
similarity index 100%
rename from qa/.gitignore
rename to tests/.gitignore
diff --git a/qa/Makefile.am b/tests/Makefile.am
similarity index 100%
rename from qa/Makefile.am
rename to tests/Makefile.am
diff --git a/qa/ct_echo_event.c b/tests/ct_echo_event.c
similarity index 100%
rename from qa/ct_echo_event.c
rename to tests/ct_echo_event.c
diff --git a/qa/ct_echo_event.sh b/tests/ct_echo_event.sh
similarity index 100%
rename from qa/ct_echo_event.sh
rename to tests/ct_echo_event.sh
diff --git a/qa/ct_events_reliable.c b/tests/ct_events_reliable.c
similarity index 100%
rename from qa/ct_events_reliable.c
rename to tests/ct_events_reliable.c
diff --git a/qa/ct_mark_filter.c b/tests/ct_mark_filter.c
similarity index 100%
rename from qa/ct_mark_filter.c
rename to tests/ct_mark_filter.c
diff --git a/qa/ct_mark_filter.sh b/tests/ct_mark_filter.sh
similarity index 100%
rename from qa/ct_mark_filter.sh
rename to tests/ct_mark_filter.sh
diff --git a/qa/ct_stress.c b/tests/ct_stress.c
similarity index 100%
rename from qa/ct_stress.c
rename to tests/ct_stress.c
diff --git a/qa/inetd.conf b/tests/inetd.conf
similarity index 100%
rename from qa/inetd.conf
rename to tests/inetd.conf
diff --git a/qa/nssocket.c b/tests/nssocket.c
similarity index 100%
rename from qa/nssocket.c
rename to tests/nssocket.c
diff --git a/qa/nssocket.h b/tests/nssocket.h
similarity index 100%
rename from qa/nssocket.h
rename to tests/nssocket.h
diff --git a/qa/nssocket_env.sh b/tests/nssocket_env.sh
similarity index 100%
rename from qa/nssocket_env.sh
rename to tests/nssocket_env.sh
diff --git a/qa/qa-connlabel.conf b/tests/qa-connlabel.conf
similarity index 100%
rename from qa/qa-connlabel.conf
rename to tests/qa-connlabel.conf
diff --git a/qa/test_api.c b/tests/test_api.c
similarity index 100%
rename from qa/test_api.c
rename to tests/test_api.c
diff --git a/qa/test_connlabel.c b/tests/test_connlabel.c
similarity index 96%
rename from qa/test_connlabel.c
rename to tests/test_connlabel.c
index 345ecf608647b..99b1171857db3 100644
--- a/qa/test_connlabel.c
+++ b/tests/test_connlabel.c
@@ -59,7 +59,7 @@ int main(void)
l = nfct_labelmap_new("qa-connlabel.conf");
if (!l)
- l = nfct_labelmap_new("qa/qa-connlabel.conf");
+ l = nfct_labelmap_new("tests/qa-connlabel.conf");
assert(l);
puts("qa-connlabel.conf:");
dump_map(l);
diff --git a/qa/test_filter.c b/tests/test_filter.c
similarity index 100%
rename from qa/test_filter.c
rename to tests/test_filter.c
--
2.21.0
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [libnetfilter_conntrack PATCH v2] Rename 'qa' directory to 'tests'
2019-03-09 10:51 ` [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests' Phil Sutter
@ 2019-03-09 10:56 ` Phil Sutter
2019-03-11 12:36 ` Pablo Neira Ayuso
0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-09 10:56 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
When searching for library tests, 'qa' is easily overlooked. Use a more
common name instead.
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v1:
- Add needed changes to configure.ac missed in previous patch.
---
Makefile.am | 2 +-
configure.ac | 4 ++--
{qa => tests}/.gitignore | 0
{qa => tests}/Makefile.am | 0
{qa => tests}/ct_echo_event.c | 0
{qa => tests}/ct_echo_event.sh | 0
{qa => tests}/ct_events_reliable.c | 0
{qa => tests}/ct_mark_filter.c | 0
{qa => tests}/ct_mark_filter.sh | 0
{qa => tests}/ct_stress.c | 0
{qa => tests}/inetd.conf | 0
{qa => tests}/nssocket.c | 0
{qa => tests}/nssocket.h | 0
{qa => tests}/nssocket_env.sh | 0
{qa => tests}/qa-connlabel.conf | 0
{qa => tests}/test_api.c | 0
{qa => tests}/test_connlabel.c | 2 +-
{qa => tests}/test_filter.c | 0
18 files changed, 4 insertions(+), 4 deletions(-)
rename {qa => tests}/.gitignore (100%)
rename {qa => tests}/Makefile.am (100%)
rename {qa => tests}/ct_echo_event.c (100%)
rename {qa => tests}/ct_echo_event.sh (100%)
rename {qa => tests}/ct_events_reliable.c (100%)
rename {qa => tests}/ct_mark_filter.c (100%)
rename {qa => tests}/ct_mark_filter.sh (100%)
rename {qa => tests}/ct_stress.c (100%)
rename {qa => tests}/inetd.conf (100%)
rename {qa => tests}/nssocket.c (100%)
rename {qa => tests}/nssocket.h (100%)
rename {qa => tests}/nssocket_env.sh (100%)
rename {qa => tests}/qa-connlabel.conf (100%)
rename {qa => tests}/test_api.c (100%)
rename {qa => tests}/test_connlabel.c (96%)
rename {qa => tests}/test_filter.c (100%)
diff --git a/Makefile.am b/Makefile.am
index baa98ade1a5ec..1a53c1086a508 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,7 +2,7 @@ include $(top_srcdir)/Make_global.am
ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = include src utils examples qa
+SUBDIRS = include src utils examples tests
man_MANS = #nfnetlink_conntrack.3 nfnetlink_conntrack.7
diff --git a/configure.ac b/configure.ac
index 6304543eca7cd..6940c3894e570 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,7 +31,7 @@ PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
AC_CHECK_HEADERS(arpa/inet.h)
dnl Check for inet_ntop
AC_CHECK_FUNCS(inet_ntop)
-dnl Check for setns used in qa
+dnl Check for setns used in tests
AC_CHECK_FUNCS(setns)
dnl Again, some systems have it, but not IPv6
if test "$ac_cv_func_inet_ntop" = "yes" ; then
@@ -66,7 +66,7 @@ fi
dnl Output the makefile
AC_CONFIG_FILES([Makefile src/Makefile include/Makefile utils/Makefile
- examples/Makefile qa/Makefile include/libnetfilter_conntrack/Makefile
+ examples/Makefile tests/Makefile include/libnetfilter_conntrack/Makefile
include/internal/Makefile src/conntrack/Makefile src/expect/Makefile
libnetfilter_conntrack.pc doxygen.cfg])
AC_OUTPUT
diff --git a/qa/.gitignore b/tests/.gitignore
similarity index 100%
rename from qa/.gitignore
rename to tests/.gitignore
diff --git a/qa/Makefile.am b/tests/Makefile.am
similarity index 100%
rename from qa/Makefile.am
rename to tests/Makefile.am
diff --git a/qa/ct_echo_event.c b/tests/ct_echo_event.c
similarity index 100%
rename from qa/ct_echo_event.c
rename to tests/ct_echo_event.c
diff --git a/qa/ct_echo_event.sh b/tests/ct_echo_event.sh
similarity index 100%
rename from qa/ct_echo_event.sh
rename to tests/ct_echo_event.sh
diff --git a/qa/ct_events_reliable.c b/tests/ct_events_reliable.c
similarity index 100%
rename from qa/ct_events_reliable.c
rename to tests/ct_events_reliable.c
diff --git a/qa/ct_mark_filter.c b/tests/ct_mark_filter.c
similarity index 100%
rename from qa/ct_mark_filter.c
rename to tests/ct_mark_filter.c
diff --git a/qa/ct_mark_filter.sh b/tests/ct_mark_filter.sh
similarity index 100%
rename from qa/ct_mark_filter.sh
rename to tests/ct_mark_filter.sh
diff --git a/qa/ct_stress.c b/tests/ct_stress.c
similarity index 100%
rename from qa/ct_stress.c
rename to tests/ct_stress.c
diff --git a/qa/inetd.conf b/tests/inetd.conf
similarity index 100%
rename from qa/inetd.conf
rename to tests/inetd.conf
diff --git a/qa/nssocket.c b/tests/nssocket.c
similarity index 100%
rename from qa/nssocket.c
rename to tests/nssocket.c
diff --git a/qa/nssocket.h b/tests/nssocket.h
similarity index 100%
rename from qa/nssocket.h
rename to tests/nssocket.h
diff --git a/qa/nssocket_env.sh b/tests/nssocket_env.sh
similarity index 100%
rename from qa/nssocket_env.sh
rename to tests/nssocket_env.sh
diff --git a/qa/qa-connlabel.conf b/tests/qa-connlabel.conf
similarity index 100%
rename from qa/qa-connlabel.conf
rename to tests/qa-connlabel.conf
diff --git a/qa/test_api.c b/tests/test_api.c
similarity index 100%
rename from qa/test_api.c
rename to tests/test_api.c
diff --git a/qa/test_connlabel.c b/tests/test_connlabel.c
similarity index 96%
rename from qa/test_connlabel.c
rename to tests/test_connlabel.c
index 345ecf608647b..99b1171857db3 100644
--- a/qa/test_connlabel.c
+++ b/tests/test_connlabel.c
@@ -59,7 +59,7 @@ int main(void)
l = nfct_labelmap_new("qa-connlabel.conf");
if (!l)
- l = nfct_labelmap_new("qa/qa-connlabel.conf");
+ l = nfct_labelmap_new("tests/qa-connlabel.conf");
assert(l);
puts("qa-connlabel.conf:");
dump_map(l);
diff --git a/qa/test_filter.c b/tests/test_filter.c
similarity index 100%
rename from qa/test_filter.c
rename to tests/test_filter.c
--
2.21.0
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [libnetfilter_conntrack PATCH v2] Rename 'qa' directory to 'tests'
2019-03-09 10:56 ` [libnetfilter_conntrack PATCH v2] " Phil Sutter
@ 2019-03-11 12:36 ` Pablo Neira Ayuso
0 siblings, 0 replies; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-11 12:36 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Sat, Mar 09, 2019 at 11:56:05AM +0100, Phil Sutter wrote:
> When searching for library tests, 'qa' is easily overlooked. Use a more
> common name instead.
Applied, thanks Phil!
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2019-03-11 12:36 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20190219193953.29066-1-phil@nwl.cc>
[not found] ` <20190219193953.29066-4-phil@nwl.cc>
2019-03-01 12:52 ` [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override Pablo Neira Ayuso
2019-03-01 18:08 ` Phil Sutter
[not found] ` <20190219193953.29066-6-phil@nwl.cc>
2019-03-03 21:03 ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Florian Westphal
2019-03-04 12:43 ` Phil Sutter
2019-03-04 13:07 ` Pablo Neira Ayuso
2019-03-04 14:59 ` Phil Sutter
2019-03-04 15:02 ` Florian Westphal
2019-03-04 15:53 ` [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf Phil Sutter
2019-03-08 19:20 ` Florian Westphal
2019-03-08 18:12 ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
2019-03-09 10:51 ` [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests' Phil Sutter
2019-03-09 10:56 ` [libnetfilter_conntrack PATCH v2] " Phil Sutter
2019-03-11 12:36 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).