• Laine Stump's avatar
    nwfilter: allow for different format of IPv6 netmask/prefix in ebtables output · 90664ac0
    Laine Stump authored
    The iptables-ebtables package is meant as a drop-in replacement for
    the native ebtables package, but it formats some items in the -L
    output differently, leading to failure of scripts that depend on the
    output of ebtables -L. In particular:
    
    with old ebtables IPv6 prefixes are output as a netmask (e.g.: "/ffff:fc00")
    
    with iptables-ebtables IPv6 prefixes are always output as a numeric
       prefix (e.g. "/22"), and suppressed completely if the prefix is
       /128.
    
    This difference is also described in
    https://bugzilla.redhat.com/show_bug.cgi?id=1674536
    
    "old" ebtables upstream has just accepted a patch to change its output
    to match that of iptables-ebtables:
    
    https://marc.info/?l=netfilter-devel&m=155000828923204&w=2
    
    so it makes sense for libvirt-tck to accept the new format (as well as
    the old). As with the patch for fixing up MAC addresses with leading
    0s, this patch also uses sed to apply a substitution to the scraped
    output of ebtables -L. However, rather than keeping the comparison
    (expected) output in the old (netmask) form, it is changed to the new
    (prefix) form, and the sed commands change netmasks to prefixes. (This
    works out better because in some cases we need to replace [all ff's]
    with "", and it's not possible to do that in the opposite direction)
    Signed-off-by: 's avatarLaine Stump <laine@laine.org>
    Reviewed-by: 's avatarDaniel P. Berrangé <berrange@redhat.com>
    90664ac0
ipv6-test.fwall 1.33 KB