netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override
       [not found] ` <20190219193953.29066-4-phil@nwl.cc>
@ 2019-03-01 12:52   ` Pablo Neira Ayuso
  2019-03-01 18:08     ` Phil Sutter
  0 siblings, 1 reply; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-01 12:52 UTC (permalink / raw)
  To: Phil Sutter; +Cc: netfilter-devel

Hi Phil,

On Tue, Feb 19, 2019 at 08:39:51PM +0100, Phil Sutter wrote:
> Check for environment variable XT_CONNLABEL_CFG and if set use its value
> as path to connlabel.conf.
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
>  extensions/libxt_connlabel.c   | 6 ++++--
>  extensions/libxt_connlabel.man | 2 ++
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
> index d06bb27a7c2e9..9a2f9ce34647e 100644
> --- a/extensions/libxt_connlabel.c
> +++ b/extensions/libxt_connlabel.c
> @@ -3,6 +3,7 @@
>  #include <string.h>
>  #include <stdio.h>
>  #include <stdint.h>
> +#include <stdlib.h>
>  #include <xtables.h>
>  #include <linux/netfilter/xt_connlabel.h>
>  #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> @@ -39,11 +40,12 @@ static void connlabel_open(void)
>  	if (map)
>  		return;
>  
> -	map = nfct_labelmap_new(NULL);
> +	fname = getenv("XT_CONNLABEL_CFG") ?: nfct_labels_get_path();

Only one question about this one: Would you need anything similar for
nft? If so, probably it's better to place this code in
libnetfilter_conntrack.

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override
  2019-03-01 12:52   ` [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override Pablo Neira Ayuso
@ 2019-03-01 18:08     ` Phil Sutter
  0 siblings, 0 replies; 13+ messages in thread
From: Phil Sutter @ 2019-03-01 18:08 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

Hi Pablo,

On Fri, Mar 01, 2019 at 01:52:09PM +0100, Pablo Neira Ayuso wrote:
> Hi Phil,
> 
> On Tue, Feb 19, 2019 at 08:39:51PM +0100, Phil Sutter wrote:
> > Check for environment variable XT_CONNLABEL_CFG and if set use its value
> > as path to connlabel.conf.
> > 
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> >  extensions/libxt_connlabel.c   | 6 ++++--
> >  extensions/libxt_connlabel.man | 2 ++
> >  2 files changed, 6 insertions(+), 2 deletions(-)
> > 
> > diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
> > index d06bb27a7c2e9..9a2f9ce34647e 100644
> > --- a/extensions/libxt_connlabel.c
> > +++ b/extensions/libxt_connlabel.c
> > @@ -3,6 +3,7 @@
> >  #include <string.h>
> >  #include <stdio.h>
> >  #include <stdint.h>
> > +#include <stdlib.h>
> >  #include <xtables.h>
> >  #include <linux/netfilter/xt_connlabel.h>
> >  #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> > @@ -39,11 +40,12 @@ static void connlabel_open(void)
> >  	if (map)
> >  		return;
> >  
> > -	map = nfct_labelmap_new(NULL);
> > +	fname = getenv("XT_CONNLABEL_CFG") ?: nfct_labels_get_path();
> 
> Only one question about this one: Would you need anything similar for
> nft? If so, probably it's better to place this code in
> libnetfilter_conntrack.

I guess not: In nftables, /etc/connlabel.conf is manually parsed via
call to rt_symbol_table_init(). So while I could add the above to
libnetfilter_conntrack, it wouldn't affect nftables.

Cheers, Phil

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
       [not found] ` <20190219193953.29066-6-phil@nwl.cc>
@ 2019-03-03 21:03   ` Florian Westphal
  2019-03-04 12:43     ` Phil Sutter
  0 siblings, 1 reply; 13+ messages in thread
From: Florian Westphal @ 2019-03-03 21:03 UTC (permalink / raw)
  To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel

Phil Sutter <phil@nwl.cc> wrote:

Sorry for being late.

> +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
>  -m connlabel --label "bit40";=;OK
>  -m connlabel ! --label "bit40";=;OK
>  -m connlabel --label "bit41" --set;=;OK
>  -m connlabel ! --label "bit41" --set;=;OK
>  -m connlabel --label "bit128";;FAIL

Maybe we should forget about the label names and just tests
-m connlabel --label 127

i.e., parse the numeric value instead of providing a fake
one.  I agree that temporary replace of hosts one is bad.

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
  2019-03-03 21:03   ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Florian Westphal
@ 2019-03-04 12:43     ` Phil Sutter
  2019-03-04 13:07       ` Pablo Neira Ayuso
  0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-04 12:43 UTC (permalink / raw)
  To: Florian Westphal; +Cc: Pablo Neira Ayuso, netfilter-devel

Hi,

On Sun, Mar 03, 2019 at 10:03:02PM +0100, Florian Westphal wrote:
> Phil Sutter <phil@nwl.cc> wrote:
> 
> Sorry for being late.

No worries, it is not urgent.

> > +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> >  -m connlabel --label "bit40";=;OK
> >  -m connlabel ! --label "bit40";=;OK
> >  -m connlabel --label "bit41" --set;=;OK
> >  -m connlabel ! --label "bit41" --set;=;OK
> >  -m connlabel --label "bit128";;FAIL
> 
> Maybe we should forget about the label names and just tests
> -m connlabel --label 127
> 
> i.e., parse the numeric value instead of providing a fake
> one.  I agree that temporary replace of hosts one is bad.

Fine with me as well. Obviously this would reduce code coverage of
tests, although not much since libnetfilter_conntrack is used for label
map lookup.

Cheers, Phil

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
  2019-03-04 12:43     ` Phil Sutter
@ 2019-03-04 13:07       ` Pablo Neira Ayuso
  2019-03-04 14:59         ` Phil Sutter
  0 siblings, 1 reply; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-04 13:07 UTC (permalink / raw)
  To: Phil Sutter, Florian Westphal, netfilter-devel

On Mon, Mar 04, 2019 at 01:43:11PM +0100, Phil Sutter wrote:
> Hi,
> 
> On Sun, Mar 03, 2019 at 10:03:02PM +0100, Florian Westphal wrote:
> > Phil Sutter <phil@nwl.cc> wrote:
> > 
> > Sorry for being late.
> 
> No worries, it is not urgent.
> 
> > > +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> > >  -m connlabel --label "bit40";=;OK
> > >  -m connlabel ! --label "bit40";=;OK
> > >  -m connlabel --label "bit41" --set;=;OK
> > >  -m connlabel ! --label "bit41" --set;=;OK
> > >  -m connlabel --label "bit128";;FAIL
> > 
> > Maybe we should forget about the label names and just tests
> > -m connlabel --label 127
> > 
> > i.e., parse the numeric value instead of providing a fake
> > one.  I agree that temporary replace of hosts one is bad.
> 
> Fine with me as well. Obviously this would reduce code coverage of
> tests, although not much since libnetfilter_conntrack is used for label
> map lookup.

We can probably place some mapping lookup tests for this in
libnetfilter_conntrack.

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
  2019-03-04 13:07       ` Pablo Neira Ayuso
@ 2019-03-04 14:59         ` Phil Sutter
  2019-03-04 15:02           ` Florian Westphal
  2019-03-08 18:12           ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
  0 siblings, 2 replies; 13+ messages in thread
From: Phil Sutter @ 2019-03-04 14:59 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel

Hi,

On Mon, Mar 04, 2019 at 02:07:55PM +0100, Pablo Neira Ayuso wrote:
> On Mon, Mar 04, 2019 at 01:43:11PM +0100, Phil Sutter wrote:
> > Hi,
> > 
> > On Sun, Mar 03, 2019 at 10:03:02PM +0100, Florian Westphal wrote:
> > > Phil Sutter <phil@nwl.cc> wrote:
> > > 
> > > Sorry for being late.
> > 
> > No worries, it is not urgent.
> > 
> > > > +@cp -f extensions/libxt_connlabel.conf.test extensions/libxt_connlabel.conf.tmp
> > > >  -m connlabel --label "bit40";=;OK
> > > >  -m connlabel ! --label "bit40";=;OK
> > > >  -m connlabel --label "bit41" --set;=;OK
> > > >  -m connlabel ! --label "bit41" --set;=;OK
> > > >  -m connlabel --label "bit128";;FAIL
> > > 
> > > Maybe we should forget about the label names and just tests
> > > -m connlabel --label 127
> > > 
> > > i.e., parse the numeric value instead of providing a fake
> > > one.  I agree that temporary replace of hosts one is bad.
> > 
> > Fine with me as well. Obviously this would reduce code coverage of
> > tests, although not much since libnetfilter_conntrack is used for label
> > map lookup.

Argh. So I started with simply dropping all the connlabel.conf mangling
in libxt_connlabel.t along with replacing the names by values. Turns out
the extension exits if file wasn't found, no big deal changing that.
Doing so I discovered that parsing bit values is done by
nfct_labelmap_get_bit() as well but only if library initialization has
succeeded. Fine, manual parsing as a fallback it is. Checking
libnetfilter_conntrack once again to be sure, I noticed that it doesn't
accept bit values unless they appear in connlabel.conf. Now I start
changing functional behaviour and dropping label name test becomes a
larger change than supporting connlabel.conf in non-standard path. /o\

> We can probably place some mapping lookup tests for this in
> libnetfilter_conntrack.

I just found the ominous "qa" directory in there, so I guess we're
already fine in that regard. :)

Cheers, Phil

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
  2019-03-04 14:59         ` Phil Sutter
@ 2019-03-04 15:02           ` Florian Westphal
  2019-03-04 15:53             ` [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf Phil Sutter
  2019-03-08 18:12           ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
  1 sibling, 1 reply; 13+ messages in thread
From: Florian Westphal @ 2019-03-04 15:02 UTC (permalink / raw)
  To: Phil Sutter, Pablo Neira Ayuso, Florian Westphal, netfilter-devel

Phil Sutter <phil@nwl.cc> wrote:
> libnetfilter_conntrack once again to be sure, I noticed that it doesn't
> accept bit values unless they appear in connlabel.conf. Now I start
> changing functional behaviour and dropping label name test becomes a
> larger change than supporting connlabel.conf in non-standard path. /o\

I think it would make sense to accept raw numbers as well as a fallback.
We accept it from nftables, and IIRC the extension will print the raw
hex value if it can't map it back to a name on -save.

^ permalink raw reply	[flat|nested] 13+ messages in thread

* [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf
  2019-03-04 15:02           ` Florian Westphal
@ 2019-03-04 15:53             ` Phil Sutter
  2019-03-08 19:20               ` Florian Westphal
  0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-04 15:53 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel, Florian Westphal

If connlabel.conf was not found, fall back to manually parsing arguments
as plain numbers.

If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
Therefore make sure it is not called in connlabel_get_name() if that's
the case.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
This patch supersedes patches 3-5 of this series.
---
 extensions/libxt_connlabel.c      | 49 ++++++++++++++++++++++++-------
 extensions/libxt_connlabel.t      | 23 ++++-----------
 extensions/libxt_connlabel.txlate |  8 ++---
 3 files changed, 48 insertions(+), 32 deletions(-)

diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
index d06bb27a7c2e9..5a01fe7237bd8 100644
--- a/extensions/libxt_connlabel.c
+++ b/extensions/libxt_connlabel.c
@@ -1,8 +1,10 @@
+#define _GNU_SOURCE
 #include <errno.h>
 #include <stdbool.h>
 #include <string.h>
 #include <stdio.h>
 #include <stdint.h>
+#include <stdlib.h>
 #include <xtables.h>
 #include <linux/netfilter/xt_connlabel.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
@@ -32,40 +34,59 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
 /* cannot do this via _init, else static builds might spew error message
  * for every iptables invocation.
  */
-static void connlabel_open(void)
+static int connlabel_open(void)
 {
 	const char *fname;
 
 	if (map)
-		return;
+		return 0;
 
 	map = nfct_labelmap_new(NULL);
 	if (map != NULL)
-		return;
+		return 0;
 
 	fname = nfct_labels_get_path();
 	if (errno) {
-		xtables_error(RESOURCE_PROBLEM,
-			"cannot open %s: %s", fname, strerror(errno));
+		fprintf(stderr, "Warning: cannot open %s: %s\n",
+			fname, strerror(errno));
 	} else {
 		xtables_error(RESOURCE_PROBLEM,
 			"cannot parse %s: no labels found", fname);
 	}
+	return 1;
+}
+
+static int connlabel_value_parse(const char *in)
+{
+	char *end;
+	unsigned long value = strtoul(in, &end, 0);
+
+	if (in[0] == '\0' || *end != '\0')
+		return -1;
+
+	return value;
 }
 
 static void connlabel_mt_parse(struct xt_option_call *cb)
 {
 	struct xt_connlabel_mtinfo *info = cb->data;
+	bool have_labelmap = !connlabel_open();
 	int tmp;
 
-	connlabel_open();
 	xtables_option_parse(cb);
 
 	switch (cb->entry->id) {
 	case O_LABEL:
-		tmp = nfct_labelmap_get_bit(map, cb->arg);
+		if (have_labelmap)
+			tmp = nfct_labelmap_get_bit(map, cb->arg);
+		else
+			tmp = connlabel_value_parse(cb->arg);
+
 		if (tmp < 0)
-			xtables_error(PARAMETER_PROBLEM, "label '%s' not found", cb->arg);
+			xtables_error(PARAMETER_PROBLEM,
+				      "label '%s' not found or invalid value",
+				      cb->arg);
+
 		info->bit = tmp;
 		if (cb->invert)
 			info->options |= XT_CONNLABEL_OP_INVERT;
@@ -81,7 +102,8 @@ static const char *connlabel_get_name(int b)
 {
 	const char *name;
 
-	connlabel_open();
+	if (connlabel_open())
+		return NULL;
 
 	name = nfct_labelmap_get_name(map, b);
 	if (name && strcmp(name, ""))
@@ -134,9 +156,13 @@ static int connlabel_mt_xlate(struct xt_xlate *xl,
 	const struct xt_connlabel_mtinfo *info =
 		(const void *)params->match->data;
 	const char *name = connlabel_get_name(info->bit);
+	char *valbuf = NULL;
 
-	if (name == NULL)
-		return 0;
+	if (name == NULL) {
+		if (asprintf(&valbuf, "%u", info->bit) < 0)
+			return 0;
+		name = valbuf;
+	}
 
 	if (info->options & XT_CONNLABEL_OP_SET)
 		xt_xlate_add(xl, "ct label set %s ", name);
@@ -146,6 +172,7 @@ static int connlabel_mt_xlate(struct xt_xlate *xl,
 		xt_xlate_add(xl, "and %s != ", name);
 	xt_xlate_add(xl, "%s", name);
 
+	free(valbuf);
 	return 1;
 }
 
diff --git a/extensions/libxt_connlabel.t b/extensions/libxt_connlabel.t
index aad1032b5a8bb..7265bd4764865 100644
--- a/extensions/libxt_connlabel.t
+++ b/extensions/libxt_connlabel.t
@@ -1,18 +1,7 @@
 :INPUT,FORWARD,OUTPUT
-# Backup the connlabel.conf, then add some label maps for test
-@[ -f /etc/xtables/connlabel.conf ] && mv /etc/xtables/connlabel.conf /tmp/connlabel.conf.bak
-@mkdir -p /etc/xtables
-@echo "40 bit40" > /etc/xtables/connlabel.conf
-@echo "41 bit41" >> /etc/xtables/connlabel.conf
-@echo "128 bit128" >> /etc/xtables/connlabel.conf
--m connlabel --label "bit40";=;OK
--m connlabel ! --label "bit40";=;OK
--m connlabel --label "bit41" --set;=;OK
--m connlabel ! --label "bit41" --set;=;OK
--m connlabel --label "bit128";;FAIL
-@echo > /etc/xtables/connlabel.conf
--m connlabel --label "abc";;FAIL
-@rm -f /etc/xtables/connlabel.conf
--m connlabel --label "abc";;FAIL
-# Restore the original connlabel.conf
-@[ -f /tmp/connlabel.conf.bak ] && mv /tmp/connlabel.conf.bak /etc/xtables/connlabel.conf
+-m connlabel --label "40";=;OK
+-m connlabel ! --label "40";=;OK
+-m connlabel --label "41" --set;=;OK
+-m connlabel ! --label "41" --set;=;OK
+-m connlabel --label "2048";;FAIL
+-m connlabel --label "foobar_not_there";;FAIL
diff --git a/extensions/libxt_connlabel.txlate b/extensions/libxt_connlabel.txlate
index 5be422044637d..12e4ac0351103 100644
--- a/extensions/libxt_connlabel.txlate
+++ b/extensions/libxt_connlabel.txlate
@@ -1,5 +1,5 @@
-iptables-translate -A INPUT -m connlabel --label bit40
-nft add rule ip filter INPUT ct label bit40 counter
+iptables-translate -A INPUT -m connlabel --label 40
+nft add rule ip filter INPUT ct label 40 counter
 
-iptables-translate -A INPUT -m connlabel ! --label bit40 --set
-nft add rule ip filter INPUT ct label set bit40 ct label and bit40 != bit40 counter
+iptables-translate -A INPUT -m connlabel ! --label 40 --set
+nft add rule ip filter INPUT ct label set 40 ct label and 40 != 40 counter
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf
  2019-03-04 14:59         ` Phil Sutter
  2019-03-04 15:02           ` Florian Westphal
@ 2019-03-08 18:12           ` Pablo Neira Ayuso
  2019-03-09 10:51             ` [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests' Phil Sutter
  1 sibling, 1 reply; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-08 18:12 UTC (permalink / raw)
  To: Phil Sutter, Florian Westphal, netfilter-devel

On Mon, Mar 04, 2019 at 03:59:01PM +0100, Phil Sutter wrote:
> On Mon, Mar 04, 2019 at 02:07:55PM +0100, Pablo Neira Ayuso wrote:
> > On Mon, Mar 04, 2019 at 01:43:11PM +0100, Phil Sutter wrote:
[...]
> > We can probably place some mapping lookup tests for this in
> > libnetfilter_conntrack.
> 
> I just found the ominous "qa" directory in there, so I guess we're
> already fine in that regard. :)

We could rename this to a more orthodox tests/ directory :-)

^ permalink raw reply	[flat|nested] 13+ messages in thread

* Re: [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf
  2019-03-04 15:53             ` [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf Phil Sutter
@ 2019-03-08 19:20               ` Florian Westphal
  0 siblings, 0 replies; 13+ messages in thread
From: Florian Westphal @ 2019-03-08 19:20 UTC (permalink / raw)
  To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel, Florian Westphal

Phil Sutter <phil@nwl.cc> wrote:
> If connlabel.conf was not found, fall back to manually parsing arguments
> as plain numbers.
> 
> If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
> Therefore make sure it is not called in connlabel_get_name() if that's
> the case.
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> This patch supersedes patches 3-5 of this series.

Applied, thanks for updating this.

^ permalink raw reply	[flat|nested] 13+ messages in thread

* [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests'
  2019-03-08 18:12           ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
@ 2019-03-09 10:51             ` Phil Sutter
  2019-03-09 10:56               ` [libnetfilter_conntrack PATCH v2] " Phil Sutter
  0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-09 10:51 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

When searching for library tests, 'qa' is easily overlooked. Use a more
common name instead.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 Makefile.am                        | 2 +-
 {qa => tests}/.gitignore           | 0
 {qa => tests}/Makefile.am          | 0
 {qa => tests}/ct_echo_event.c      | 0
 {qa => tests}/ct_echo_event.sh     | 0
 {qa => tests}/ct_events_reliable.c | 0
 {qa => tests}/ct_mark_filter.c     | 0
 {qa => tests}/ct_mark_filter.sh    | 0
 {qa => tests}/ct_stress.c          | 0
 {qa => tests}/inetd.conf           | 0
 {qa => tests}/nssocket.c           | 0
 {qa => tests}/nssocket.h           | 0
 {qa => tests}/nssocket_env.sh      | 0
 {qa => tests}/qa-connlabel.conf    | 0
 {qa => tests}/test_api.c           | 0
 {qa => tests}/test_connlabel.c     | 2 +-
 {qa => tests}/test_filter.c        | 0
 17 files changed, 2 insertions(+), 2 deletions(-)
 rename {qa => tests}/.gitignore (100%)
 rename {qa => tests}/Makefile.am (100%)
 rename {qa => tests}/ct_echo_event.c (100%)
 rename {qa => tests}/ct_echo_event.sh (100%)
 rename {qa => tests}/ct_events_reliable.c (100%)
 rename {qa => tests}/ct_mark_filter.c (100%)
 rename {qa => tests}/ct_mark_filter.sh (100%)
 rename {qa => tests}/ct_stress.c (100%)
 rename {qa => tests}/inetd.conf (100%)
 rename {qa => tests}/nssocket.c (100%)
 rename {qa => tests}/nssocket.h (100%)
 rename {qa => tests}/nssocket_env.sh (100%)
 rename {qa => tests}/qa-connlabel.conf (100%)
 rename {qa => tests}/test_api.c (100%)
 rename {qa => tests}/test_connlabel.c (96%)
 rename {qa => tests}/test_filter.c (100%)

diff --git a/Makefile.am b/Makefile.am
index baa98ade1a5ec..1a53c1086a508 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,7 +2,7 @@ include $(top_srcdir)/Make_global.am
 
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS	= include src utils examples qa
+SUBDIRS	= include src utils examples tests
 
 man_MANS = #nfnetlink_conntrack.3 nfnetlink_conntrack.7
 
diff --git a/qa/.gitignore b/tests/.gitignore
similarity index 100%
rename from qa/.gitignore
rename to tests/.gitignore
diff --git a/qa/Makefile.am b/tests/Makefile.am
similarity index 100%
rename from qa/Makefile.am
rename to tests/Makefile.am
diff --git a/qa/ct_echo_event.c b/tests/ct_echo_event.c
similarity index 100%
rename from qa/ct_echo_event.c
rename to tests/ct_echo_event.c
diff --git a/qa/ct_echo_event.sh b/tests/ct_echo_event.sh
similarity index 100%
rename from qa/ct_echo_event.sh
rename to tests/ct_echo_event.sh
diff --git a/qa/ct_events_reliable.c b/tests/ct_events_reliable.c
similarity index 100%
rename from qa/ct_events_reliable.c
rename to tests/ct_events_reliable.c
diff --git a/qa/ct_mark_filter.c b/tests/ct_mark_filter.c
similarity index 100%
rename from qa/ct_mark_filter.c
rename to tests/ct_mark_filter.c
diff --git a/qa/ct_mark_filter.sh b/tests/ct_mark_filter.sh
similarity index 100%
rename from qa/ct_mark_filter.sh
rename to tests/ct_mark_filter.sh
diff --git a/qa/ct_stress.c b/tests/ct_stress.c
similarity index 100%
rename from qa/ct_stress.c
rename to tests/ct_stress.c
diff --git a/qa/inetd.conf b/tests/inetd.conf
similarity index 100%
rename from qa/inetd.conf
rename to tests/inetd.conf
diff --git a/qa/nssocket.c b/tests/nssocket.c
similarity index 100%
rename from qa/nssocket.c
rename to tests/nssocket.c
diff --git a/qa/nssocket.h b/tests/nssocket.h
similarity index 100%
rename from qa/nssocket.h
rename to tests/nssocket.h
diff --git a/qa/nssocket_env.sh b/tests/nssocket_env.sh
similarity index 100%
rename from qa/nssocket_env.sh
rename to tests/nssocket_env.sh
diff --git a/qa/qa-connlabel.conf b/tests/qa-connlabel.conf
similarity index 100%
rename from qa/qa-connlabel.conf
rename to tests/qa-connlabel.conf
diff --git a/qa/test_api.c b/tests/test_api.c
similarity index 100%
rename from qa/test_api.c
rename to tests/test_api.c
diff --git a/qa/test_connlabel.c b/tests/test_connlabel.c
similarity index 96%
rename from qa/test_connlabel.c
rename to tests/test_connlabel.c
index 345ecf608647b..99b1171857db3 100644
--- a/qa/test_connlabel.c
+++ b/tests/test_connlabel.c
@@ -59,7 +59,7 @@ int main(void)
 
 	l = nfct_labelmap_new("qa-connlabel.conf");
 	if (!l)
-		l = nfct_labelmap_new("qa/qa-connlabel.conf");
+		l = nfct_labelmap_new("tests/qa-connlabel.conf");
 	assert(l);
 	puts("qa-connlabel.conf:");
 	dump_map(l);
diff --git a/qa/test_filter.c b/tests/test_filter.c
similarity index 100%
rename from qa/test_filter.c
rename to tests/test_filter.c
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* [libnetfilter_conntrack PATCH v2] Rename 'qa' directory to 'tests'
  2019-03-09 10:51             ` [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests' Phil Sutter
@ 2019-03-09 10:56               ` Phil Sutter
  2019-03-11 12:36                 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 13+ messages in thread
From: Phil Sutter @ 2019-03-09 10:56 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

When searching for library tests, 'qa' is easily overlooked. Use a more
common name instead.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v1:
- Add needed changes to configure.ac missed in previous patch.
---
 Makefile.am                        | 2 +-
 configure.ac                       | 4 ++--
 {qa => tests}/.gitignore           | 0
 {qa => tests}/Makefile.am          | 0
 {qa => tests}/ct_echo_event.c      | 0
 {qa => tests}/ct_echo_event.sh     | 0
 {qa => tests}/ct_events_reliable.c | 0
 {qa => tests}/ct_mark_filter.c     | 0
 {qa => tests}/ct_mark_filter.sh    | 0
 {qa => tests}/ct_stress.c          | 0
 {qa => tests}/inetd.conf           | 0
 {qa => tests}/nssocket.c           | 0
 {qa => tests}/nssocket.h           | 0
 {qa => tests}/nssocket_env.sh      | 0
 {qa => tests}/qa-connlabel.conf    | 0
 {qa => tests}/test_api.c           | 0
 {qa => tests}/test_connlabel.c     | 2 +-
 {qa => tests}/test_filter.c        | 0
 18 files changed, 4 insertions(+), 4 deletions(-)
 rename {qa => tests}/.gitignore (100%)
 rename {qa => tests}/Makefile.am (100%)
 rename {qa => tests}/ct_echo_event.c (100%)
 rename {qa => tests}/ct_echo_event.sh (100%)
 rename {qa => tests}/ct_events_reliable.c (100%)
 rename {qa => tests}/ct_mark_filter.c (100%)
 rename {qa => tests}/ct_mark_filter.sh (100%)
 rename {qa => tests}/ct_stress.c (100%)
 rename {qa => tests}/inetd.conf (100%)
 rename {qa => tests}/nssocket.c (100%)
 rename {qa => tests}/nssocket.h (100%)
 rename {qa => tests}/nssocket_env.sh (100%)
 rename {qa => tests}/qa-connlabel.conf (100%)
 rename {qa => tests}/test_api.c (100%)
 rename {qa => tests}/test_connlabel.c (96%)
 rename {qa => tests}/test_filter.c (100%)

diff --git a/Makefile.am b/Makefile.am
index baa98ade1a5ec..1a53c1086a508 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,7 +2,7 @@ include $(top_srcdir)/Make_global.am
 
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS	= include src utils examples qa
+SUBDIRS	= include src utils examples tests
 
 man_MANS = #nfnetlink_conntrack.3 nfnetlink_conntrack.7
 
diff --git a/configure.ac b/configure.ac
index 6304543eca7cd..6940c3894e570 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,7 +31,7 @@ PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
 AC_CHECK_HEADERS(arpa/inet.h)
 dnl Check for inet_ntop
 AC_CHECK_FUNCS(inet_ntop)
-dnl Check for setns used in qa
+dnl Check for setns used in tests
 AC_CHECK_FUNCS(setns)
 dnl Again, some systems have it, but not IPv6
 if test "$ac_cv_func_inet_ntop" = "yes" ; then
@@ -66,7 +66,7 @@ fi
 
 dnl Output the makefile
 AC_CONFIG_FILES([Makefile src/Makefile include/Makefile utils/Makefile
-	examples/Makefile qa/Makefile include/libnetfilter_conntrack/Makefile
+	examples/Makefile tests/Makefile include/libnetfilter_conntrack/Makefile
 	include/internal/Makefile src/conntrack/Makefile src/expect/Makefile
 	libnetfilter_conntrack.pc doxygen.cfg])
 AC_OUTPUT
diff --git a/qa/.gitignore b/tests/.gitignore
similarity index 100%
rename from qa/.gitignore
rename to tests/.gitignore
diff --git a/qa/Makefile.am b/tests/Makefile.am
similarity index 100%
rename from qa/Makefile.am
rename to tests/Makefile.am
diff --git a/qa/ct_echo_event.c b/tests/ct_echo_event.c
similarity index 100%
rename from qa/ct_echo_event.c
rename to tests/ct_echo_event.c
diff --git a/qa/ct_echo_event.sh b/tests/ct_echo_event.sh
similarity index 100%
rename from qa/ct_echo_event.sh
rename to tests/ct_echo_event.sh
diff --git a/qa/ct_events_reliable.c b/tests/ct_events_reliable.c
similarity index 100%
rename from qa/ct_events_reliable.c
rename to tests/ct_events_reliable.c
diff --git a/qa/ct_mark_filter.c b/tests/ct_mark_filter.c
similarity index 100%
rename from qa/ct_mark_filter.c
rename to tests/ct_mark_filter.c
diff --git a/qa/ct_mark_filter.sh b/tests/ct_mark_filter.sh
similarity index 100%
rename from qa/ct_mark_filter.sh
rename to tests/ct_mark_filter.sh
diff --git a/qa/ct_stress.c b/tests/ct_stress.c
similarity index 100%
rename from qa/ct_stress.c
rename to tests/ct_stress.c
diff --git a/qa/inetd.conf b/tests/inetd.conf
similarity index 100%
rename from qa/inetd.conf
rename to tests/inetd.conf
diff --git a/qa/nssocket.c b/tests/nssocket.c
similarity index 100%
rename from qa/nssocket.c
rename to tests/nssocket.c
diff --git a/qa/nssocket.h b/tests/nssocket.h
similarity index 100%
rename from qa/nssocket.h
rename to tests/nssocket.h
diff --git a/qa/nssocket_env.sh b/tests/nssocket_env.sh
similarity index 100%
rename from qa/nssocket_env.sh
rename to tests/nssocket_env.sh
diff --git a/qa/qa-connlabel.conf b/tests/qa-connlabel.conf
similarity index 100%
rename from qa/qa-connlabel.conf
rename to tests/qa-connlabel.conf
diff --git a/qa/test_api.c b/tests/test_api.c
similarity index 100%
rename from qa/test_api.c
rename to tests/test_api.c
diff --git a/qa/test_connlabel.c b/tests/test_connlabel.c
similarity index 96%
rename from qa/test_connlabel.c
rename to tests/test_connlabel.c
index 345ecf608647b..99b1171857db3 100644
--- a/qa/test_connlabel.c
+++ b/tests/test_connlabel.c
@@ -59,7 +59,7 @@ int main(void)
 
 	l = nfct_labelmap_new("qa-connlabel.conf");
 	if (!l)
-		l = nfct_labelmap_new("qa/qa-connlabel.conf");
+		l = nfct_labelmap_new("tests/qa-connlabel.conf");
 	assert(l);
 	puts("qa-connlabel.conf:");
 	dump_map(l);
diff --git a/qa/test_filter.c b/tests/test_filter.c
similarity index 100%
rename from qa/test_filter.c
rename to tests/test_filter.c
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 13+ messages in thread

* Re: [libnetfilter_conntrack PATCH v2] Rename 'qa' directory to 'tests'
  2019-03-09 10:56               ` [libnetfilter_conntrack PATCH v2] " Phil Sutter
@ 2019-03-11 12:36                 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 13+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-11 12:36 UTC (permalink / raw)
  To: Phil Sutter; +Cc: netfilter-devel

On Sat, Mar 09, 2019 at 11:56:05AM +0100, Phil Sutter wrote:
> When searching for library tests, 'qa' is easily overlooked. Use a more
> common name instead.

Applied, thanks Phil!

^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2019-03-11 12:36 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20190219193953.29066-1-phil@nwl.cc>
     [not found] ` <20190219193953.29066-4-phil@nwl.cc>
2019-03-01 12:52   ` [iptables PATCH 3/5] extensions: connlabel: Allow connlabel.conf override Pablo Neira Ayuso
2019-03-01 18:08     ` Phil Sutter
     [not found] ` <20190219193953.29066-6-phil@nwl.cc>
2019-03-03 21:03   ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Florian Westphal
2019-03-04 12:43     ` Phil Sutter
2019-03-04 13:07       ` Pablo Neira Ayuso
2019-03-04 14:59         ` Phil Sutter
2019-03-04 15:02           ` Florian Westphal
2019-03-04 15:53             ` [iptables PATCH] extensions: connlabel: Fallback on missing connlabel.conf Phil Sutter
2019-03-08 19:20               ` Florian Westphal
2019-03-08 18:12           ` [iptables PATCH 5/5] iptables-test: Make use of sample connlabel.conf Pablo Neira Ayuso
2019-03-09 10:51             ` [libnetfilter_conntrack PATCH] Rename 'qa' directory to 'tests' Phil Sutter
2019-03-09 10:56               ` [libnetfilter_conntrack PATCH v2] " Phil Sutter
2019-03-11 12:36                 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).