MODULES-1636: Add --checksum-fill support.

[Zlo]

This is a.o. needed to fill checksums in UDP packets for
DHCP in VMs using virtual network mode.

[underscorgan]

It looks like the actual option is --checksum-fill, so I think this is going to fail.

[underscorgan]

@Zlo Since it looks like the option in iptables is checksum-fill, so for consistency could you make this parameter named checksum_fill instead of checksumfill?

Also, from my googling it looks like --checksum-fill is also supported by ip6tables, so could you make the corresponding changes to the ip6tables provider and add a test case with provider => 'ip6tables'?

Thanks!

[Zlo]

For some reason test runs fail during vagrant initialization here, so I have not actually run the tests.

[ogni90]

Zlo, I tried your changes in Ubuntu 14.10 but I still get an error when I apply my puppet config.

Error: Execution of '/sbin/iptables -I POSTROUTING 1 -t mangle -p udp -m multiport --dports 68 -m comment --comment 100 fix bootp checksum -j CHECKSUM' returned 2: iptables v1.4.21: CHECKSUM: option "--checksum-fill" must be specified

Try `iptables -h' or 'iptables --help' for more information.
Error: /Stage[main]/Tradebyte_dev::Lxc/Firewall[100 fix bootp checksum]/ensure: change from absent to present failed: Execution of '/sbin/iptables -I POSTROUTING 1 -t mangle -p udp -m multiport --dports 68 -m comment --comment 100 fix bootp checksum -j CHECKSUM' returned 2: iptables v1.4.21: CHECKSUM: option "--checksum-fill" must be specified

Try `iptables -h' or 'iptables --help' for more information.

My Config:

firewall { '100 fix bootp checksum':
table => 'mangle',
chain => 'POSTROUTING',
proto => 'udp',
jump => 'CHECKSUM',
checksum_fill => true,
dport => '68',
}

Am I missing something here?

[Zlo]

@ogni90: the merging made me drop a newvalue() line in the checksum_fill property. I fixed that and merged master again.
I'll see if I can get my vagrant problem solved so I can actually run the beaker tests.

[jonnytdevops]

Hi There
Thanks for your submission - we really appreciated your efforts!

Please remember to contain the commits of your PR to the feature being implemented. For example, alphabetising the arrays in the provider, if desired, should be done in a separate PR :)

Also, once all your tests pass and you are happy that your code is in a ready state, please remember to squash your commits.

Thanks!

[Zlo]

Ok, like this then ?

[jonnytdevops]

@Zlo Thanks for the squashing :)

It would be great if you could add some validation in the provide that checks to see if :jump is set to CHECKSUM if checksum_fill is used and vice versa.

Thanks!

[Zlo]

Ok, I added validation in type/firewall.rb