diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-06-14 08:06:27 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-06-22 15:23:58 +0200 |
| commit | b48ed70c79c6482e1f39b77d16e62043ff5042a5 (patch) | |
| tree | 58245c4075beb60a8558020b647dc67134beb68e /src/test/test-nft-set.c | |
| parent | resolve: mDNS transaction max attempts fix (diff) | |
| download | systemd-b48ed70c79c6482e1f39b77d16e62043ff5042a5.tar.xz systemd-b48ed70c79c6482e1f39b77d16e62043ff5042a5.zip | |
Revert NFTSet feature
This reverts PR #22587 and its follow-up commit. More specifically,
2299b1cae32c1fb8911da0ce26efced68032f4f8 (partially),
e176f855278d5098d3fecc5aa24ba702147d42e0,
ceb46a31a01b3d3d1d6095d857e29ea214a2776b, and
51bb9076ab8c050bebb64db5035852385accda35.
The PR was merged without final approval, and has several issues:
- OSS fuzz reported issues in the conf parser,
- It calls synchrnous netlink call, it should not be especially in PID1,
- The importance of NFTSet for CGroup and DynamicUser may be
questionable, at least, there was no justification PID1 should support
it.
- For networkd, it should be implemented with Request object,
- There is no test for the feature.
Fixes #23711.
Fixes #23717.
Fixes #23719.
Fixes #23720.
Fixes #23721.
Fixes #23759.
Diffstat (limited to 'src/test/test-nft-set.c')
| -rw-r--r-- | src/test/test-nft-set.c | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/src/test/test-nft-set.c b/src/test/test-nft-set.c deleted file mode 100644 index df5322b4b2..0000000000 --- a/src/test/test-nft-set.c +++ /dev/null @@ -1,69 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#include <assert.h> -#include <unistd.h> - -#include "firewall-util.h" -#include "in-addr-util.h" -#include "log.h" -#include "parse-util.h" -#include "string-util.h" -#include "tests.h" - -int main(int argc, char **argv) { - int r; - - assert_se(argc == 7); - - test_setup_logging(LOG_DEBUG); - - if (getuid() != 0) - return log_tests_skipped("not root"); - - int nfproto; - nfproto = nfproto_from_string(argv[2]); - assert_se(nfproto > 0); - - const NFTSetContext nft_set_context = { - .nfproto = nfproto, - .table = argv[3], - .set = argv[4], - }; - - if (streq(argv[5], "uint32")) { - uint32_t element; - r = safe_atou32(argv[6], &element); - assert_se(r == 0); - - if (streq(argv[1], "add")) - r = nft_set_element_add_uint32(&nft_set_context, element); - else - r = nft_set_element_del_uint32(&nft_set_context, element); - assert_se(r == 0); - } else if (streq(argv[5], "uint64")) { - uint64_t element; - r = safe_atou64(argv[6], &element); - assert_se(r == 0); - - if (streq(argv[1], "add")) - r = nft_set_element_add_uint64(&nft_set_context, element); - else - r = nft_set_element_del_uint64(&nft_set_context, element); - assert_se(r == 0); - } else { - union in_addr_union addr; - int af; - unsigned char prefixlen; - - r = in_addr_prefix_from_string_auto(argv[6], &af, &addr, &prefixlen); - assert_se(r == 0); - - if (streq(argv[1], "add")) - r = nft_set_element_add_in_addr(&nft_set_context, af, &addr, prefixlen); - else - r = nft_set_element_del_in_addr(&nft_set_context, af, &addr, prefixlen); - assert_se(r == 0); - } - - return 0; -} |