From 824469b13a8633fecfcc8f525186af15f0dc42a2 Mon Sep 17 00:00:00 2001
From: yatinkarel <ykarel@redhat.com>
Date: Mon, 9 Dec 2024 18:44:09 +0530
Subject: [PATCH] Drop extra space from nflog-prefix

iptables-1.8.8+[1] removed the extra space from
nflog-prefix, and with switch to ubuntu noble
which includes iptables-1.8.10 functional tests
failing, removing the extra space fixes these
tests.

[1] http://git.netfilter.org/iptables/commit/?id=05286bab77a6e0f9502e8fb99e1c53ed15663f3f
Related-Issue: #2080933

Change-Id: Id91be59ee78e2b94ea06bb5763e6a94d49de4b15
---
 .../services/logapi/agents/drivers/iptables/log.py   |  4 +---
 .../logapi/agents/drivers/iptables/test_log.py       | 12 ++++++------
 .../logapi/agents/drivers/iptables/test_log.py       |  8 ++++----
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py b/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py
index d7b75022b..e8bacd894 100644
--- a/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py
+++ b/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py
@@ -511,9 +511,7 @@ class IptablesLoggingDriver(log_ext.LoggingDriver):
                 match_rule += ['--limit-burst %s' % self.burst_limit]
         target = ['-j', 'NFLOG']
         if prefix:
-            # NOTE: There is an extra space after 'nflog-prefix' in
-            # iptables-save output, account for it here.
-            target += ['--nflog-prefix ', '%s' % prefix]
+            target += ['--nflog-prefix', '%s' % prefix]
 
         args = direction_config + match_rule + target
         return args
diff --git a/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py b/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py
index 1243ce86b..55f6dbf12 100644
--- a/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py
+++ b/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py
@@ -189,23 +189,23 @@ class FWLoggingTestBase(framework.L3AgentTestFramework):
                 if event in [ACCEPT, ALL]:
                     # Generate iptables rules for ACCEPT action
                     prefix = self._get_log_prefix(port_id, ACCEPT)
-                    rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix  %s'
+                    rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s'
                               % (accept_chain, device, limit, prefix.id))
-                    rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix  %s'
+                    rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s'
                               % (accept_chain, device, limit, prefix.id))
 
                 if event in [DROP, ALL]:
                     # Generate iptables rules for DROP action
                     prefix = self._get_log_prefix(port_id, DROP)
-                    rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix  %s'
+                    rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s'
                               % (drop_chain, device, limit, prefix.id))
-                    rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix  %s'
+                    rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s'
                               % (drop_chain, device, limit, prefix.id))
 
                     # Generate iptables rules for REJECT action
-                    rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix  %s'
+                    rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s'
                               % (reject_chain, device, limit, prefix.id))
-                    rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix  %s'
+                    rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s'
                               % (reject_chain, device, limit, prefix.id))
         return rules
 
diff --git a/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py b/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py
index 85d895785..8ea16cc33 100644
--- a/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py
+++ b/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py
@@ -315,16 +315,16 @@ class BaseIptablesLogTestCase(base.BaseTestCase):
 
     def _fake_nflog_rule_v4v6(self, device, tag):
         v4_nflog_rule = ['-i %s -m limit --limit %s/sec --limit-burst %s '
-                         '-j NFLOG --nflog-prefix  %s'
+                         '-j NFLOG --nflog-prefix %s'
                          % (device, FAKE_RATE, FAKE_BURST, tag)]
         v4_nflog_rule += ['-o %s -m limit --limit %s/sec --limit-burst %s '
-                          '-j NFLOG --nflog-prefix  %s'
+                          '-j NFLOG --nflog-prefix %s'
                           % (device, FAKE_RATE, FAKE_BURST, tag)]
         v6_nflog_rule = ['-i %s -m limit --limit %s/sec --limit-burst %s '
-                         '-j NFLOG --nflog-prefix  %s'
+                         '-j NFLOG --nflog-prefix %s'
                          % (device, FAKE_RATE, FAKE_BURST, tag)]
         v6_nflog_rule += ['-o %s -m limit --limit %s/sec --limit-burst %s '
-                          '-j NFLOG --nflog-prefix  %s'
+                          '-j NFLOG --nflog-prefix %s'
                           % (device, FAKE_RATE, FAKE_BURST, tag)]
         return v4_nflog_rule, v6_nflog_rule