Open
Conversation
Use the change interface call instead of add interface. This lets NM override the permanent interface assignment. Fixes: rhbz 1773809 (cherry picked from commit a3265da)
Calling modprobe is problematic inside a container. Just check if the running kernel is >4.18 as this is when NAT coexistence was fixed. (cherry picked from commit 2b7d150)
(cherry picked from commit 3b9e856)
Match more specifically so we don't accidentally match a debug log that also has "ERROR:" or "WARNING:" as is common for modprobes. (cherry picked from commit 5f67a78)
This is just a dummy target at the moment. (cherry picked from commit df13ebc)
(cherry picked from commit be2a4c0)
(cherry picked from commit 8168904)
Introduce "cleanup_late" for high level stuff not used by test cases. (cherry picked from commit ebe4ee5)
(cherry picked from commit fd99d32)
Useful for NetworkManager integration tests. (cherry picked from commit 608f007)
These use the target "check-integration". We use a separate target because these tests may be destructive to the host. The plan is to run them from within the "check-container" target. (cherry picked from commit ab6c22b)
Coverage for rhbz 1773809 (cherry picked from commit ea97fb2)
This ties the integration tests into the "check-container" target. NOTE: We force "-j1" because the integration tests must be run serially. (cherry picked from commit c1c8156)
(cherry picked from commit 18be66c)
We're now using Weblate. (cherry picked from commit a43d77f)
(cherry picked from commit 1b829eb)
(cherry picked from commit cdf3227)
(cherry picked from commit 9706639)
(cherry picked from commit 87ebf86)
(cherry picked from commit d6dbb79)
(cherry picked from commit 0dfdf43)
…nside directory (cherry picked from commit 60197b1)
newer networkmanager ships with this zone. as such, if nm is installed the expected "get zones" output changes. (cherry picked from commit a609c15)
pip changed behavior and doesn't allow multiple eggs from the same file. Don't use pip and install directly from setup.py. (cherry picked from commit 8d0f6c1)
Otherwise we may get runtime errors because the running kernel doesn't support the ict. Use the permanent ict definition so we allow the case where ip6tables is missing or not available. Explicit usage of an ict not supported by the kernel will still fail to apply at runtime (iptables complains), but if ip6tables is missing we don't attempt to apply the ipv6 rules thus avoiding the issue. (cherry picked from commit fdc4480)
One scenario is if IPv6 is not available, but we specify an icmp-type that is ipv6 only, then we'll still attempt to call the IPv6 backend. We should not do that. (cherry picked from commit 4fcb27b)
Fixes: rhbz 1855140 (cherry picked from commit 11aac77)
(cherry picked from commit e296b92)
(cherry picked from commit 098e351)
This is a stable only fix. It does not occur on master.
(cherry picked from commit b500321)
There are various areas that we use list comprehensions to convert Rich_Rule to rule_str. This isn't cheap. Let's just cache the rule_str and avoid the cost. Fixes: rhbz 1871298 (cherry picked from commit 5402724)
Coverage for rhbz 1871298. Verify we can parse a large amount of rich rules in a reasonable time. This test took 3m before the fix and now takes 18s after the fix. Considering it "failed" after 45s should give us plenty of headroom. (cherry picked from commit ece3097)
We were not filling the runtime ipv6 icmptypes list if the active backend was nftables and ip6tables wasn't available. This caused "ipv6" to be dropped from the supported ipvs/destinations for the icmptype. This also caused runtimeToPermanent to fail because the runtime icmptypes definition dropped "ipv6" causing runtimeToPermanent to copy the runtime icmptype to permanent because they were different... this caused sanity checks on the permanent configuration to fail. (cherry picked from commit c92d43d)
This is to uncover bugs in which we're using nftables backend but mistakenly checking ip6tables for information and ip6tables is not available. (cherry picked from commit 44f4c4c)
Reported-by: D. Hugh Redelmeier <[email protected]> (cherry picked from commit a7b12b8)
(cherry picked from commit 9ae97bb)
We need kernel >=5.3 for NAT in the "inet" family. At the same time we're out of travis CI minutes. Move completely to github actions. (cherry picked from commit c313bc2)
nftables supports matching the destination MAC, but iptables does not. As such, lift the restriction from nftables. For iptables, gracefully ignore the scenarios in which we attempt to match destination MAC. Fixes: #703 Fixes: df4aefc ("improvement(ipXtables): add utility function match sources") Fixes: 1582c5d ("feat: nftables: convert to libnftables JSON interface") Co-authored-by: Eric Garver <[email protected]> (cherry picked from commit 20151fb)
Where real interface means linux interface capable of having an IP address and does not exceed IFNAMSIZ. Fixes: rhbz 1928860 (cherry picked from commit f18f1cc)
Coverage: rhbz 1928860 (cherry picked from commit 7566d3d)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
vi /etc/firewalld/service/ospf.xml