开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 2

_service:tar_scm:iptables.spec Changed

@@ -2,7 +2,7 @@
 %global legacy_actions %{_libexecdir}/initscripts/legacy-actions
 Name:		  iptables
 Version:	  1.8.9
-Release:	  5
+Release:	  6
 Summary:	  IP packet filter administration utilities
 License:	  GPL-2.0-only and Artistic-2.0
 URL:		  https://www.netfilter.org/
@@ -28,6 +28,7 @@
 Patch12:          backport-libiptc-Fix-for-another-segfault-due-to-chain-index-NULL-pointer.patch
 Patch13:          backport-libxtables-Fix-memleak-of-matches-udata.patch
 Patch14:          backport-xshared-Fix-parsing-of-empty-string-arg-in-c-option.patch
+Patch15:          tests-extensions-add-some-testcases.patch
 
 
 BuildRequires:    bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd
@@ -345,6 +346,12 @@
 %{_datadir}/xtables/iptables.xslt
 
 %changelog
+* Mon Aug 19 2024 yanglu <yanglu72@h-partners.com> - 1.8.9-6
+- Type: enhancement
+- ID: NA
+- SUG: NA
+- DESC: add some testcases of extensions
+
 * Tue Jun 25 2024 liweigang <liweiganga@uniontech.com> - 1.8.9-5
 - Type: bugfix
 - ID: NA

_service:tar_scm:tests-extensions-add-some-testcases.patch Added

@@ -0,0 +1,399 @@
+From 0663cc944204ed3afa7fa4f7cf3beadb3ea8e1e4 Mon Sep 17 00:00:00 2001
+From: chenzhen <vchanger123456@163.com>
+Date: Fri, 1 Apr 2022 11:26:32 +0800
+Subject: PATCH tests: extensions: add some testcases
+
+These testcases are intended to test options of commonly used extentions like
+DNAT/SNAT/tcp/udp as much as possible, covering normal and abnormal scenes.
+
+Signed-off-by: chenzhen <vchanger123456@163.com>
+---
+ extensions/libip6t_DNAT.t       |  9 +++++++++
+ extensions/libip6t_LOG.t        |  1 +
+ extensions/libip6t_LOG.txlate   |  9 +++++++++
+ extensions/libip6t_MASQUERADE.t |  1 +
+ extensions/libip6t_REJECT.t     |  1 +
+ extensions/libip6t_SNAT.t       |  8 ++++++++
+ extensions/libip6t_icmp6.t      |  4 ++++
+ extensions/libip6t_rt.t         |  6 ++++++
+ extensions/libip6t_rt.txlate    |  3 +++
+ extensions/libipt_DNAT.t        |  8 ++++++++
+ extensions/libipt_LOG.t         |  1 +
+ extensions/libipt_LOG.txlate    |  9 +++++++++
+ extensions/libipt_MASQUERADE.t  |  1 +
+ extensions/libipt_NETMAP.t      |  1 +
+ extensions/libipt_REJECT.t      |  1 +
+ extensions/libipt_SNAT.t        |  8 ++++++++
+ extensions/libipt_icmp.t        |  4 ++++
+ extensions/libxt_DNAT.txlate    |  6 ++++++
+ extensions/libxt_REDIRECT.t     |  2 ++
+ extensions/libxt_iprange.t      |  7 ++-----
+ extensions/libxt_limit.t        |  7 +++++++
+ extensions/libxt_string.t       | 12 ++++++++++++
+ extensions/libxt_tcp.t          |  3 +++
+ iptables-test.py                | 22 ++++++++++++++++++++++
+ 24 files changed, 129 insertions(+), 5 deletions(-)
+
+diff --git a/extensions/libip6t_DNAT.t b/extensions/libip6t_DNAT.t
+index e53dfa1..3f89f4d 100644
+--- a/extensions/libip6t_DNAT.t
++++ b/extensions/libip6t_DNAT.t
+@@ -17,4 +17,13 @@
+ -p tcp -j DNAT --to-destination dead::beef:ftp-data;-p tcp -j DNAT --to-destination dead::beef:20;OK
+ -p tcp -j DNAT --to-destination dead::beef:echo-ssh;;FAIL
+ -p tcp -j DNAT --to-destination dead::beef:10-20/ftp;-p tcp -j DNAT --to-destination dead::beef:10-20/21;OK
++-p tcp -j DNAT --to-destination dead::beef --random --persistent;=;OK
++-p tcp -j DNAT --to-destination dead::beef;;FAIL
++-p tcp -j DNAT --to-destination dead::beef:65536;;FAIL
++-p tcp -j DNAT --to-destination dead::beef:1-65536;;FAIL
++-p tcp -j DNAT --to-destination dead::beef:1:65535;;FAIL
++-p tcp -j DNAT --to-destination dead::beef:2-1;;FAIL
++-p tcp -j DNAT --to-destination live::beef;;FAIL
++-p tcp -j DNAT --to-destination dead::beef-live::beef;;FAIL
++-p tcp -j DNAT --to-destination :65535;=;OK
+ -j DNAT;;FAIL
+diff --git a/extensions/libip6t_LOG.t b/extensions/libip6t_LOG.t
+index fbf5118..e3fb58f 100644
+--- a/extensions/libip6t_LOG.t
++++ b/extensions/libip6t_LOG.t
+@@ -8,5 +8,6 @@
+ -j LOG --log-prefix "test: " --log-tcp-options;=;OK
+ -j LOG --log-prefix "test: " --log-ip-options;=;OK
+ -j LOG --log-prefix "test: " --log-uid;=;OK
++-j LOG --log-prefix "test: " --log-macdecode;=;OK
+ -j LOG --log-prefix "test: " --log-level bad;;FAIL
+ -j LOG --log-prefix;;FAIL
+diff --git a/extensions/libip6t_LOG.txlate b/extensions/libip6t_LOG.txlate
+index 29ffce7..79358a9 100644
+--- a/extensions/libip6t_LOG.txlate
++++ b/extensions/libip6t_LOG.txlate
+@@ -6,3 +6,12 @@ nft 'add rule ip6 filter FORWARD meta l4proto tcp counter log level debug'
+ 
+ ip6tables-translate -A FORWARD -p tcp -j LOG --log-prefix "Checking log"
+ nft 'add rule ip6 filter FORWARD meta l4proto tcp counter log prefix "Checking log"'
++
++ip6tables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid
++nft 'add rule ip6 filter FORWARD meta l4proto tcp counter log flags tcp sequence,options flags ip options flags skuid'
++
++ip6tables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode
++nft 'add rule ip6 filter FORWARD meta l4proto tcp counter log flags all'
++
++ip6tables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-macdecode
++nft 'add rule ip6 filter FORWARD meta l4proto tcp counter log flags tcp sequence flags ether'
+diff --git a/extensions/libip6t_MASQUERADE.t b/extensions/libip6t_MASQUERADE.t
+index e25d2a0..e254fa7 100644
+--- a/extensions/libip6t_MASQUERADE.t
++++ b/extensions/libip6t_MASQUERADE.t
+@@ -7,3 +7,4 @@
+ -p udp -j MASQUERADE --to-ports 1024-65535;=;OK
+ -p udp -j MASQUERADE --to-ports 1024-65536;;FAIL
+ -p udp -j MASQUERADE --to-ports -1;;FAIL
++-j MASQUERADE --to-ports 1024;;FAIL
+diff --git a/extensions/libip6t_REJECT.t b/extensions/libip6t_REJECT.t
+index 8294f0b..6e41b00 100644
+--- a/extensions/libip6t_REJECT.t
++++ b/extensions/libip6t_REJECT.t
+@@ -9,3 +9,4 @@
+ -j REJECT --reject-with icmp6-reject-route;=;OK
+ -p tcp -j REJECT --reject-with tcp-reset;=;OK
+ -j REJECT --reject-with tcp-reset;;FAIL
++-j REJECT --reject-with icmp6-wrong;;FAIL
+diff --git a/extensions/libip6t_SNAT.t b/extensions/libip6t_SNAT.t
+index 98aa760..12c0479 100644
+--- a/extensions/libip6t_SNAT.t
++++ b/extensions/libip6t_SNAT.t
+@@ -14,4 +14,12 @@
+ -p tcp -j SNAT --to-source dead::beef-dead::fee7:1025-65535;=;OK
+ -p tcp -j SNAT --to-source dead::beef-dead::fee7:1025-65536;;FAIL
+ -p tcp -j SNAT --to-source dead::beef-dead::fee7:1025-65535 --to-source dead::beef-dead::fee8:1025-65535;;FAIL
++-p tcp -j SNAT --to-source dead::beef --random --random-fully --persistent;=;OK
++-p tcp -j SNAT --to-source :65535;=;OK
++-p tcp -j SNAT --to-source dead::beef;;FAIL
++-p tcp -j SNAT --to-source dead::beef:1-65536;;FAIL
++-p tcp -j SNAT --to-source dead::beef:1:65535;;FAIL
++-p tcp -j SNAT --to-source dead::beef:2-1;;FAIL
++-p tcp -j SNAT --to-source live::beef;;FAIL
++-p tcp -j SNAT --to-source dead::beef-live::beef;;FAIL
+ -j SNAT;;FAIL
+diff --git a/extensions/libip6t_icmp6.t b/extensions/libip6t_icmp6.t
+index 028cfc1..539ed7b 100644
+--- a/extensions/libip6t_icmp6.t
++++ b/extensions/libip6t_icmp6.t
+@@ -4,3 +4,7 @@
+ -p ipv6-icmp -m icmp6 --icmpv6-type 2;=;OK
+ # cannot use option twice:
+ -p ipv6-icmp -m icmp6 --icmpv6-type no-route --icmpv6-type packet-too-big;;FAIL
++-p ipv6-icmp -m icmp6 ! --icmpv6-type 2;=;OK
++-p ipv6-icmp -m icmp6 --icmpv6-type router;;FAIL
++-p ipv6-icmp -m icmp6 --icmpv6-type -1;;FAIL
++-p ipv6-icmp -m icmp6 --icmpv6-type 1/65536;;FAIL
+diff --git a/extensions/libip6t_rt.t b/extensions/libip6t_rt.t
+index 3c7b2d9..730603e 100644
+--- a/extensions/libip6t_rt.t
++++ b/extensions/libip6t_rt.t
+@@ -2,4 +2,10 @@
+ -m rt --rt-type 0 --rt-segsleft 1:23 --rt-len 42 --rt-0-res;=;OK
+ -m rt --rt-type 0 ! --rt-segsleft 1:23 ! --rt-len 42 --rt-0-res;=;OK
+ -m rt ! --rt-type 1 ! --rt-segsleft 12:23 ! --rt-len 42;=;OK
++-m rt --rt-type 0 --rt-0-addrs beef::feed --rt-0-not-strict;=;OK
++-m rt --rt-0-addrs beef::feed;;FAIL
++-m rt --rt-0-res;;FAIL
++-m rt --rt-type 0 --rt-0-not-strict;;FAIL
++-m rt --rt-type 0 --rt-0-addrs beef::wrong --rt-0-not-strict;;FAIL
++-m rt --rt-type 0 --rt-segsleft 1:1 --rt-len 42 --rt-0-res;-m rt --rt-type 0 --rt-segsleft 1 --rt-len 42 --rt-0-res;OK
+ -m rt;=;OK
+diff --git a/extensions/libip6t_rt.txlate b/extensions/libip6t_rt.txlate
+index 3578bcb..98344fb 100644
+--- a/extensions/libip6t_rt.txlate
++++ b/extensions/libip6t_rt.txlate
+@@ -12,3 +12,6 @@ nft 'add rule ip6 filter INPUT rt type 0 rt hdrlength 22 counter drop'
+ 
+ ip6tables-translate -A INPUT -m rt --rt-type 0 --rt-len 22 ! --rt-segsleft 26 -j ACCEPT
+ nft 'add rule ip6 filter INPUT rt type 0 rt seg-left != 26 rt hdrlength 22 counter accept'
++
++ip6tables-translate -A INPUT -m rt --rt-type 0 --rt-len 22 --rt-segsleft 1:26 -j ACCEPT
++nft 'add rule ip6 filter INPUT rt type 0 rt seg-left 1-26 rt hdrlength 22 counter accept'
+diff --git a/extensions/libipt_DNAT.t b/extensions/libipt_DNAT.t
+index 9007572..884da87 100644
+--- a/extensions/libipt_DNAT.t
++++ b/extensions/libipt_DNAT.t
+@@ -17,4 +17,12 @@
+ -p tcp -j DNAT --to-destination 1.1.1.1:ftp-data;-p tcp -j DNAT --to-destination 1.1.1.1:20;OK
+ -p tcp -j DNAT --to-destination 1.1.1.1:echo-ssh;;FAIL
+ -p tcp -j DNAT --to-destination 1.1.1.1:10-20/ftp;-p tcp -j DNAT --to-destination 1.1.1.1:10-20/21;OK
++-p tcp -j DNAT --to-destination 1.1.1.1 --random --persistent;=;OK
++-p tcp -j DNAT --to-destination :65535;=;OK
++-p tcp -j DNAT --to-destination 1.1.1.1:1000;=;OK
++-p tcp -j DNAT --to-destination 1.1.1.1:1025-65536;;FAIL
++-p tcp -j DNAT --to-destination 1.1.1.1:1025:65535;;FAIL
++-p tcp -j DNAT --to-destination 1.1.1.1:2000-1000;;FAIL
++-p tcp -j DNAT --to-destination 1.1.1.a;;FAIL
++-p tcp -j DNAT --to-destination 1.1.1.1-1.1.1.a;;FAIL
+ -j DNAT;;FAIL
+diff --git a/extensions/libipt_LOG.t b/extensions/libipt_LOG.t
+index fbf5118..e3fb58f 100644
+--- a/extensions/libipt_LOG.t
++++ b/extensions/libipt_LOG.t
+@@ -8,5 +8,6 @@
+ -j LOG --log-prefix "test: " --log-tcp-options;=;OK
+ -j LOG --log-prefix "test: " --log-ip-options;=;OK
+ -j LOG --log-prefix "test: " --log-uid;=;OK
++-j LOG --log-prefix "test: " --log-macdecode;=;OK
+ -j LOG --log-prefix "test: " --log-level bad;;FAIL
+ -j LOG --log-prefix;;FAIL
+diff --git a/extensions/libipt_LOG.txlate b/extensions/libipt_LOG.txlate
+index 13a2ef5..509b075 100644
+--- a/extensions/libipt_LOG.txlate
++++ b/extensions/libipt_LOG.txlate
+@@ -3,3 +3,12 @@ nft 'add rule ip filter FORWARD ip protocol tcp counter log level err'
+ 
+ iptables-translate -A FORWARD -p tcp -j LOG --log-prefix "Random prefix"
+ nft 'add rule ip filter FORWARD ip protocol tcp counter log prefix "Random prefix"'
++
++iptables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid
++nft 'add rule ip filter FORWARD ip protocol tcp counter log flags tcp sequence,options flags ip options flags skuid'
++
++iptables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode
++nft 'add rule ip filter FORWARD ip protocol tcp counter log flags all'
++
++iptables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-macdecode