From afbcd905526111e3a1bd55b0d6d5ee4413734735 Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Fri, 2 Apr 2021 02:49:37 -0700
Subject: [PATCH] test-firewall-util: skip if iptables nat table does not exist

---
 src/shared/firewall-util-iptables.c | 25 +++++++++++++++++++------
 src/shared/firewall-util-private.h  |  3 +++
 src/test/test-firewall-util.c       |  5 +++++
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/shared/firewall-util-iptables.c b/src/shared/firewall-util-iptables.c
index 982c61d8fbd..d53a394895a 100644
--- a/src/shared/firewall-util-iptables.c
+++ b/src/shared/firewall-util-iptables.c
@@ -102,9 +102,9 @@ int fw_iptables_add_masquerade(
         if (!source || source_prefixlen == 0)
                 return -EINVAL;
 
-        h = iptc_init("nat");
-        if (!h)
-                return -errno;
+        r = fw_iptables_init_nat(&h);
+        if (r < 0)
+                return r;
 
         sz = XT_ALIGN(sizeof(struct ipt_entry)) +
              XT_ALIGN(sizeof(struct ipt_entry_target)) +
@@ -192,9 +192,9 @@ int fw_iptables_add_local_dnat(
         if (remote_port <= 0)
                 return -EINVAL;
 
-        h = iptc_init("nat");
-        if (!h)
-                return -errno;
+        r = fw_iptables_init_nat(&h);
+        if (r < 0)
+                return r;
 
         sz = XT_ALIGN(sizeof(struct ipt_entry)) +
              XT_ALIGN(sizeof(struct ipt_entry_match)) +
@@ -348,3 +348,16 @@ int fw_iptables_add_local_dnat(
 
         return 0;
 }
+
+int fw_iptables_init_nat(struct xtc_handle **ret) {
+        _cleanup_(iptc_freep) struct xtc_handle *h = NULL;
+
+        h = iptc_init("nat");
+        if (!h)
+                return log_debug_errno(errno, "Failed to init \"nat\" table: %s", iptc_strerror(errno));
+
+        if (ret)
+                *ret = TAKE_PTR(h);
+
+        return 0;
+}
diff --git a/src/shared/firewall-util-private.h b/src/shared/firewall-util-private.h
index 07e2d0bbd3d..14f5a35a878 100644
--- a/src/shared/firewall-util-private.h
+++ b/src/shared/firewall-util-private.h
@@ -46,6 +46,7 @@ int fw_nftables_add_local_dnat(
                 const union in_addr_union *previous_remote);
 
 #if HAVE_LIBIPTC
+struct xtc_handle;
 
 int fw_iptables_add_masquerade(
                 bool add,
@@ -61,4 +62,6 @@ int fw_iptables_add_local_dnat(
                 const union in_addr_union *remote,
                 uint16_t remote_port,
                 const union in_addr_union *previous_remote);
+
+int fw_iptables_init_nat(struct xtc_handle **ret);
 #endif
diff --git a/src/test/test-firewall-util.c b/src/test/test-firewall-util.c
index dfde01a6788..c5a138ee1ec 100644
--- a/src/test/test-firewall-util.c
+++ b/src/test/test-firewall-util.c
@@ -102,6 +102,11 @@ int main(int argc, char *argv[]) {
         if (ctx->backend == FW_BACKEND_NONE)
                 return EXIT_TEST_SKIP;
 
+#if HAVE_LIBIPTC
+        if (ctx->backend == FW_BACKEND_IPTABLES && fw_iptables_init_nat(NULL) < 0)
+                return EXIT_TEST_SKIP;
+#endif
+
         if (test_v4(ctx) && ctx->backend == FW_BACKEND_NFTABLES)
                 test_v6(ctx);
 
-- 
2.47.3