From 5c5b2f9dd864840670ffee3f1b0456ccc7c683ec Mon Sep 17 00:00:00 2001 From: =?utf8?q?Erik=20Dal=C3=A9n?= Date: Thu, 23 Apr 2015 15:51:26 +0200 Subject: [PATCH] Fix tcp-mss acceptance test The acceptance test needed to set the tcp_flags to SYN,RST SYN as MSS only works on TCP SYN packets. Otherwise iptables will exit with an error. --- spec/acceptance/firewall_spec.rb | 34 +++++++++++++++++--------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb index 181bd7e..505ef6e 100644 --- a/spec/acceptance/firewall_spec.rb +++ b/spec/acceptance/firewall_spec.rb @@ -833,7 +833,7 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami end end - + if default['platform'] !~ /el-5/ and default['platform'] !~ /ubuntu-10\.04/ and default['platform'] !~ /debian-6/ and default['platform'] !~ /sles/ describe 'checksum_fill' do context 'virbr' do @@ -897,14 +897,15 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami it 'applies' do pp = <<-EOS class { '::firewall': } - firewall { + firewall { '502 - set_mss': - proto => 'tcp', - jump => 'TCPMSS', - set_mss => '1360', - mss => '1361:1541', - chain => 'FORWARD', - table => 'mangle', + proto => 'tcp', + tcp_flags => 'SYN,RST SYN', + jump => 'TCPMSS', + set_mss => '1360', + mss => '1361:1541', + chain => 'FORWARD', + table => 'mangle', } EOS @@ -924,15 +925,16 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami it 'applies' do pp = <<-EOS class { '::firewall': } - firewall { + firewall { '502 - set_mss': - proto => 'tcp', - jump => 'TCPMSS', - set_mss => '1360', - mss => '1361:1541', - chain => 'FORWARD', - table => 'mangle', - provider => 'ip6tables', + proto => 'tcp', + tcp_flags => 'SYN,RST SYN', + jump => 'TCPMSS', + set_mss => '1360', + mss => '1361:1541', + chain => 'FORWARD', + table => 'mangle', + provider => 'ip6tables', } EOS -- 2.45.2