|
|
@@ -131,7 +131,7 @@ func runChainTests(t *testing.T, ipt *IPTables) {
|
|
|
chain := randChain(t)
|
|
|
|
|
|
// Saving the list of chains before executing tests
|
|
|
- originaListChain, err := ipt.ListChains("filter")
|
|
|
+ originalListChain, err := ipt.ListChains("filter")
|
|
|
if err != nil {
|
|
|
t.Fatalf("ListChains of Initial failed: %v", err)
|
|
|
}
|
|
|
@@ -204,8 +204,8 @@ func runChainTests(t *testing.T, ipt *IPTables) {
|
|
|
if err != nil {
|
|
|
t.Fatalf("ListChains failed: %v", err)
|
|
|
}
|
|
|
- if !reflect.DeepEqual(originaListChain, listChain) {
|
|
|
- t.Fatalf("ListChains mismatch: \ngot %#v \nneed %#v", originaListChain, listChain)
|
|
|
+ if !reflect.DeepEqual(originalListChain, listChain) {
|
|
|
+ t.Fatalf("ListChains mismatch: \ngot %#v \nneed %#v", originalListChain, listChain)
|
|
|
}
|
|
|
|
|
|
// ChainExists must not find it anymore
|
|
|
@@ -336,21 +336,19 @@ func runRulesTests(t *testing.T, ipt *IPTables) {
|
|
|
t.Fatalf("ListWithCounters failed: %v", err)
|
|
|
}
|
|
|
|
|
|
- suffix := " -c 0 0 -j ACCEPT"
|
|
|
- if ipt.mode == "nf_tables" {
|
|
|
- suffix = " -j ACCEPT -c 0 0"
|
|
|
- }
|
|
|
-
|
|
|
- expected = []string{
|
|
|
- "-N " + chain,
|
|
|
- "-A " + chain + " -s " + subnet1 + " -d " + address1 + suffix,
|
|
|
- "-A " + chain + " -s " + subnet2 + " -d " + address2 + suffix,
|
|
|
- "-A " + chain + " -s " + subnet2 + " -d " + address1 + suffix,
|
|
|
- "-A " + chain + " -s " + address1 + " -d " + subnet2 + suffix,
|
|
|
+ makeExpected := func(suffix string) []string {
|
|
|
+ return []string{
|
|
|
+ "-N " + chain,
|
|
|
+ "-A " + chain + " -s " + subnet1 + " -d " + address1 + " " + suffix,
|
|
|
+ "-A " + chain + " -s " + subnet2 + " -d " + address2 + " " + suffix,
|
|
|
+ "-A " + chain + " -s " + subnet2 + " -d " + address1 + " " + suffix,
|
|
|
+ "-A " + chain + " -s " + address1 + " -d " + subnet2 + " " + suffix,
|
|
|
+ }
|
|
|
}
|
|
|
-
|
|
|
- if !reflect.DeepEqual(rules, expected) {
|
|
|
- t.Fatalf("ListWithCounters mismatch: \ngot %#v \nneed %#v", rules, expected)
|
|
|
+ // older nf_tables returned the second order
|
|
|
+ if !reflect.DeepEqual(rules, makeExpected("-c 0 0 -j ACCEPT")) &&
|
|
|
+ !reflect.DeepEqual(rules, makeExpected("-j ACCEPT -c 0 0")) {
|
|
|
+ t.Fatalf("ListWithCounters mismatch: \ngot %#v \nneed %#v", rules, makeExpected("<-c 0 0 and -j ACCEPT in either order>"))
|
|
|
}
|
|
|
|
|
|
stats, err := ipt.Stats("filter", chain)
|
Benjamin Gilbert