]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8f1ea59)
Fix tcp-mss acceptance test
authorErik Dalén <dalen@spotify.com>
Thu, 23 Apr 2015 13:51:26 +0000 (15:51 +0200)
committerJonathan Tripathy <jt@puppetlabs.com>
Wed, 6 May 2015 16:54:35 +0000 (17:54 +0100)
The acceptance test needed to set the tcp_flags to SYN,RST SYN as MSS
only works on TCP SYN packets. Otherwise iptables will exit with an
error.

spec/acceptance/firewall_spec.rb patch | blob | history

diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 181bd7eb89a829806bbccdbeff6260e367061df2..505ef6ebc1e78ef78225440543c1280f4ecb4eac 100644 (file)
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -833,7 +833,7 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami
     end
   end
 
-  
+
   if default['platform'] !~ /el-5/ and default['platform'] !~ /ubuntu-10\.04/ and default['platform'] !~ /debian-6/ and default['platform'] !~ /sles/
     describe 'checksum_fill' do
       context 'virbr' do
@@ -897,14 +897,15 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami
       it 'applies' do
         pp = <<-EOS
           class { '::firewall': }
-          firewall { 
+          firewall {
             '502 - set_mss':
-              proto   => 'tcp',
-              jump    => 'TCPMSS',
-              set_mss => '1360',
-              mss     => '1361:1541',
-              chain   => 'FORWARD',
-              table   => 'mangle',
+              proto     => 'tcp',
+              tcp_flags => 'SYN,RST SYN',
+              jump      => 'TCPMSS',
+              set_mss   => '1360',
+              mss       => '1361:1541',
+              chain     => 'FORWARD',
+              table     => 'mangle',
           }
         EOS
 
@@ -924,15 +925,16 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami
       it 'applies' do
         pp = <<-EOS
           class { '::firewall': }
-          firewall { 
+          firewall {
             '502 - set_mss':
-              proto    => 'tcp',
-              jump     => 'TCPMSS',
-              set_mss  => '1360',
-              mss      => '1361:1541',
-              chain    => 'FORWARD',
-              table    => 'mangle',
-              provider => 'ip6tables',
+              proto     => 'tcp',
+              tcp_flags => 'SYN,RST SYN',
+              jump      => 'TCPMSS',
+              set_mss   => '1360',
+              mss       => '1361:1541',
+              chain     => 'FORWARD',
+              table     => 'mangle',
+              provider  => 'ip6tables',
           }
         EOS