filter_dump_mod = FILTER_WITH_RULES_TEMPLATE % iptables_args
raw_dump = _generate_raw_dump(IPTABLES_ARG)
+ mangle_dump = _generate_mangle_dump(IPTABLES_ARG)
expected_calls_and_values = [
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=(
- raw_dump + COMMENTED_NAT_DUMP + filter_dump_mod),
+ process_input=(raw_dump + COMMENTED_NAT_DUMP +
+ mangle_dump + filter_dump_mod),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=(
- raw_dump + COMMENTED_NAT_DUMP + FILTER_DUMP),
+ process_input=(raw_dump + COMMENTED_NAT_DUMP +
+ mangle_dump + FILTER_DUMP),
root_helper=self.root_helper
),
None),
tools.verify_mock_calls(self.execute, expected_calls_and_values)
+def _generate_mangle_dump(iptables_args):
+ return ('# Generated by iptables_manager\n'
+ '*mangle\n'
+ ':%(bn)s-FORWARD - [0:0]\n'
+ ':%(bn)s-INPUT - [0:0]\n'
+ ':%(bn)s-OUTPUT - [0:0]\n'
+ ':%(bn)s-POSTROUTING - [0:0]\n'
+ ':%(bn)s-PREROUTING - [0:0]\n'
+ '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n'
+ '[0:0] -A INPUT -j %(bn)s-INPUT\n'
+ '[0:0] -A FORWARD -j %(bn)s-FORWARD\n'
+ '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n'
+ '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n'
+ 'COMMIT\n'
+ '# Completed by iptables_manager\n' % iptables_args)
+
+
def _generate_raw_dump(iptables_args):
return ('# Generated by iptables_manager\n'
'*raw\n'
'COMMIT\n'
'# Completed by iptables_manager\n' % iptables_args)
+MANGLE_DUMP = _generate_mangle_dump(IPTABLES_ARG)
RAW_DUMP = _generate_raw_dump(IPTABLES_ARG)
nat_dump = NAT_TEMPLATE % iptables_args
raw_dump = _generate_raw_dump(iptables_args)
+ mangle_dump = _generate_mangle_dump(iptables_args)
expected_calls_and_values = [
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=raw_dump + nat_dump + filter_dump_mod,
+ process_input=(raw_dump + nat_dump + mangle_dump +
+ filter_dump_mod),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=raw_dump + nat_dump + filter_dump,
+ process_input=(raw_dump + nat_dump + mangle_dump +
+ filter_dump),
root_helper=self.root_helper),
None),
]
nat_dump = NAT_TEMPLATE % iptables_args
raw_dump = _generate_raw_dump(iptables_args)
+ mangle_dump = _generate_mangle_dump(iptables_args)
expected_calls_and_values = [
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=raw_dump + nat_dump + filter_dump_mod,
+ process_input=(raw_dump + nat_dump + mangle_dump +
+ filter_dump_mod),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=raw_dump + nat_dump + filter_dump,
+ process_input=(raw_dump + nat_dump + mangle_dump +
+ filter_dump),
root_helper=self.root_helper),
None),
]
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + filter_dump_mod,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ filter_dump_mod),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + FILTER_DUMP,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper),
None),
]
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + filter_dump_mod,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ filter_dump_mod),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + FILTER_DUMP,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper
),
None),
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + filter_dump_mod,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ filter_dump_mod),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + FILTER_DUMP,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper),
None),
]
def test_rule_with_wrap_target_with_ipv6(self):
self._test_rule_with_wrap_target_helper(True)
+ def _test_add_mangle_rule_helper(self, use_ipv6):
+ self.iptables = iptables_manager.IptablesManager(
+ root_helper=self.root_helper,
+ use_ipv6=use_ipv6)
+ self.execute = mock.patch.object(self.iptables, "execute").start()
+
+ mangle_dump_mod = (
+ '# Generated by iptables_manager\n'
+ '*mangle\n'
+ ':%(bn)s-FORWARD - [0:0]\n'
+ ':%(bn)s-INPUT - [0:0]\n'
+ ':%(bn)s-OUTPUT - [0:0]\n'
+ ':%(bn)s-POSTROUTING - [0:0]\n'
+ ':%(bn)s-PREROUTING - [0:0]\n'
+ ':%(bn)s-mangle - [0:0]\n'
+ '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n'
+ '[0:0] -A INPUT -j %(bn)s-INPUT\n'
+ '[0:0] -A FORWARD -j %(bn)s-FORWARD\n'
+ '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n'
+ '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n'
+ '[0:0] -A %(bn)s-PREROUTING -j MARK --set-xmark 0x1/0xffffffff\n'
+ 'COMMIT\n'
+ '# Completed by iptables_manager\n'
+ % IPTABLES_ARG)
+
+ expected_calls_and_values = [
+ (mock.call(['iptables-save', '-c'],
+ root_helper=self.root_helper),
+ ''),
+ (mock.call(['iptables-restore', '-c'],
+ process_input=(RAW_DUMP + NAT_DUMP + mangle_dump_mod +
+ FILTER_DUMP),
+ root_helper=self.root_helper),
+ None),
+ (mock.call(['iptables-save', '-c'],
+ root_helper=self.root_helper),
+ ''),
+ (mock.call(['iptables-restore', '-c'],
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ FILTER_DUMP),
+ root_helper=self.root_helper),
+ None),
+ ]
+ if use_ipv6:
+ self._extend_with_ip6tables_filter(expected_calls_and_values,
+ FILTER_DUMP)
+
+ tools.setup_mock_calls(self.execute, expected_calls_and_values)
+
+ self.iptables.ipv4['mangle'].add_chain('mangle')
+ self.iptables.ipv4['mangle'].add_rule(
+ 'PREROUTING',
+ '-j MARK --set-xmark 0x1/0xffffffff')
+
+ self.iptables.apply()
+
+ self.iptables.ipv4['mangle'].remove_rule(
+ 'PREROUTING',
+ '-j MARK --set-xmark 0x1/0xffffffff')
+ self.iptables.ipv4['mangle'].remove_chain('mangle')
+
+ self.iptables.apply()
+
+ tools.verify_mock_calls(self.execute, expected_calls_and_values)
+
+ def test_add_mangle_rule(self):
+ self._test_add_mangle_rule_helper(False)
+
+ def test_add_mangle_rule_with_ipv6(self):
+ self._test_add_mangle_rule_helper(True)
+
def _test_add_nat_rule_helper(self, use_ipv6):
self.iptables = iptables_manager.IptablesManager(
root_helper=self.root_helper,
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + nat_dump_mod + FILTER_DUMP,
+ process_input=(RAW_DUMP + nat_dump_mod + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + nat_dump + FILTER_DUMP,
+ process_input=(RAW_DUMP + nat_dump + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper),
None),
]
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=raw_dump_mod + NAT_DUMP + FILTER_DUMP,
+ process_input=(raw_dump_mod + NAT_DUMP + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper),
None),
(mock.call(['iptables-save', '-c'],
root_helper=self.root_helper),
''),
(mock.call(['iptables-restore', '-c'],
- process_input=RAW_DUMP + NAT_DUMP + FILTER_DUMP,
+ process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
+ FILTER_DUMP),
root_helper=self.root_helper),
None),
]
'-v', '-x'],
root_helper=self.root_helper),
''),
+ (mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n',
+ '-v', '-x'],
+ root_helper=self.root_helper),
+ ''),
(mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n',
'-v', '-x'],
root_helper=self.root_helper),
'-v', '-x', '-Z'],
root_helper=self.root_helper),
''),
+ (mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n',
+ '-v', '-x', '-Z'],
+ root_helper=self.root_helper),
+ ''),
(mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n',
'-v', '-x', '-Z'],
root_helper=self.root_helper),
def test_nat_not_found(self):
self.assertNotIn('nat', self.iptables.ipv4)
+
+ def test_mangle_not_found(self):
+ self.assertNotIn('mangle', self.iptables.ipv4)
Code Review / openstack-build / neutron-build.git / commitdiff