From patchwork Thu Jun 7 20:55:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arushi Singhal X-Patchwork-Id: 926520 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="OqfilX9/"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 411yVV419Zz9s01 for ; Fri, 8 Jun 2018 06:55:30 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932401AbeFGUz2 (ORCPT ); Thu, 7 Jun 2018 16:55:28 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:45917 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753260AbeFGUz0 (ORCPT ); Thu, 7 Jun 2018 16:55:26 -0400 Received: by mail-pg0-f68.google.com with SMTP id z1-v6so5314132pgv.12 for ; Thu, 07 Jun 2018 13:55:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=d1d31ksu664JyE7fEoR5c10ZZ7uqMBUcrF7mA/5guyo=; b=OqfilX9/aQ02SJaTcrbPlJaWqEVy8uew8wEgA9Q8q/hW3N9SA5gDpsCwSCBI6XhL6z Lyrp/DrtTRKgwubAbEZtwYmvbx8UK+92ZOfXbh6CP59wHvQ3xPSBosgrns0jdDD9lHAY KFMqhCBKVf+HK0YSfGwxtx/9obKuOuJiKFNhsIRA/iH+1K6F4ZxHkqdSlnm7QZelliUK FZZRV0o2vQStFarB9XhnY4MfSVQUvDM4ajIp4ulBUqFGZXKH2D6ci4Pvyg8GjvYykPFS jCOI1aL5qw7EUEuWnefEYvHrN4nNgYXnEJ7J76MLB/tpr0FcuarW1yAfOren0F3R29Pm MBpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=d1d31ksu664JyE7fEoR5c10ZZ7uqMBUcrF7mA/5guyo=; b=JR+n2QHoHTOB4PYJ+oACHvr/Crelq+XYS/Wh/zu93lrCX/VZ/9p8DQSt5tz5OqOhis E4GWdbzjFnQB0Q7R5N/X2x2+ich/BXHh7I0DFd36ecMDDnLAjJe/bwGXFpuxV9irAkA5 MqbL9iRao52Njl49DU6VHZYIOKVKkElxaSZIIvCR3XQXQEvgXdmxqFXjaDES4YjTnBBT x6qRHrAZgaLY+M9Ja8Mn8YgxIc32nl2iDwHse3TkOkNcVHvOZg554B8V8O0OWf4WqrPv wU86FqEnSwYIfr12KJyeJTHpG/M5Wh87R1sPgLtUCWtSIRb5DUaEBnPLk2SYgwVd/jBO 7KKg== X-Gm-Message-State: APt69E1oe1oXUikhE4j4dov2zHJyq7i3zQeN0rtT+CXnLb7K/9kueRm+ TBn4XczPolG/uEutvydXe97gbw== X-Google-Smtp-Source: ADUXVKKcjsyaJCdL9iUxDOYN/SVxRSFOz+WNaQfXPtAnPrCKl3tnGMAACl5qIySVwbCyUwAuGMJTvQ== X-Received: by 2002:a65:5d4a:: with SMTP id e10-v6mr2880570pgt.25.1528404925511; Thu, 07 Jun 2018 13:55:25 -0700 (PDT) Received: from arushi-HP-Laptop-15-bs1xx ([2409:4071:2213:6768:8014:5958:c3ae:e52a]) by smtp.gmail.com with ESMTPSA id a23-v6sm40876697pgd.85.2018.06.07.13.55.24 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 07 Jun 2018 13:55:25 -0700 (PDT) Date: Fri, 8 Jun 2018 02:25:16 +0530 From: Arushi Singhal To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH] iptables: tests: shell: add shell test-suite Message-ID: <20180607205516.GA14799@arushi-HP-Laptop-15-bs1xx> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org To run the test suite (as root): % cd iptables/tests/shell % ./run-tests.sh Test files are executables files with the pattern <> or , where N is the expected return code of the executable. Since they are located with `find', test-files can be spreaded in any sub-directories. You can turn on a verbose execution by calling: % ./run-tests.sh -v Before each call to the test-files, `kernel_cleanup' will be called. Also, test-files will receive the environment variable $IPTABLES which contains the path to the iptables binary being tested. You can pass an arbitrary $IPTABLES value as well: % IPTABLES=/../../xtables-multi iptables ./run-tests.sh Signed-off-by: Arushi Singhal --- iptables/tests/shell/run-tests.sh | 127 +++++++++++++++++++++ .../shell/testcases/chain/ip6tables_duplicate_1 | 11 ++ .../shell/testcases/chain/iptables_duplicate_0 | 11 ++ .../shell/testcases/chain/iptables_duplicate_1 | 11 ++ .../tests/shell/testcases/chain/iptables_rename_0 | 6 + .../tests/shell/testcases/chain/iptables_rename_1 | 12 ++ 6 files changed, 178 insertions(+) create mode 100755 iptables/tests/shell/run-tests.sh create mode 100755 iptables/tests/shell/testcases/chain/ip6tables_duplicate_1 create mode 100755 iptables/tests/shell/testcases/chain/iptables_duplicate_0 create mode 100755 iptables/tests/shell/testcases/chain/iptables_duplicate_1 create mode 100755 iptables/tests/shell/testcases/chain/iptables_rename_0 create mode 100755 iptables/tests/shell/testcases/chain/iptables_rename_1 diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh new file mode 100755 index 0000000..b3bdfb1 --- /dev/null +++ b/iptables/tests/shell/run-tests.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +#configuration +TESTDIR="./$(dirname $0)/" +RETURNCODE_SEPARATOR="_" +XTABLES_MULTI="$(dirname $0)/../../xtables-multi" +DIFF=$(which diff) + +msg_error() { + echo "E: $1 ..." >&2 + exit 1 +} + +msg_warn() { + echo "W: $1" >&2 +} + +msg_info() { + echo "I: $1" +} + +if [ "$(id -u)" != "0" ] ; then + msg_error "this requires root!" +fi + +[ -z "$IPTABLES" ] && IPTABLES=$XTABLES_MULTI +if [ ! -x "$IPTABLES" ] ; then + msg_error "no xtables-multi binary!" +else + msg_info "using xtables-multi binary $IPTABLES" +fi + +if [ ! -d "$TESTDIR" ] ; then + msg_error "missing testdir $TESTDIR" +fi + +FIND="$(which find)" +if [ ! -x "$FIND" ] ; then + msg_error "no find binary found" +fi + +MODPROBE="$(which modprobe)" +if [ ! -x "$MODPROBE" ] ; then + msg_error "no modprobe binary found" +fi + +DEPMOD="$(which depmod)" +if [ ! -x "$DEPMOD" ] ; then + msg_error "no depmod binary found" +fi + +if [ "$1" == "-v" ] ; then + VERBOSE=y + shift +fi + +for arg in "$@"; do + if grep ^.*${RETURNCODE_SEPARATOR}[0-9]\\+$ <<< $arg >/dev/null ; then + SINGLE+=" $arg" + VERBOSE=y + else + msg_error "unknown parameter '$arg'" + fi +done + +kernel_cleanup() { + for it in iptables ip6tables; do + for table in filter mangle nat raw; do + $it -t $table -nL >/dev/null 2>&1 || continue # non-existing table + $it -t $table -F # delete rules + $it -t $table -X # delete custom chains + $it -t $table -Z # zero counters + done + done + $DEPMOD -a + $MODPROBE -raq \ + ip_tables iptable_nat iptable_mangle ipt_REJECT +} + +find_tests() { + if [ ! -z "$SINGLE" ] ; then + echo $SINGLE + return + fi + ${FIND} ${TESTDIR} -executable -regex \ + .*${RETURNCODE_SEPARATOR}[0-9]+ | sort +} + + +echo "" +ok=0 +failed=0 + +for testfile in $(find_tests) +do + IPTABLES=$XTABLES_MULTI + prefix=`echo $(basename ${testfile}) | cut -d _ -f1-1` + IPTABLES="$IPTABLES $prefix" + kernel_cleanup + rc_spec=`echo $(basename ${testfile}) | cut -d _ -f3-` + + msg_info "[EXECUTING] $testfile" + test_output=$(IPTABLES=$IPTABLES ${testfile} 2>&1) + rc_got=$? + echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line + + if [ "$rc_got" == "$rc_spec" ] ; then + msg_info "[OK] $testfile" + [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output" + ((ok++)) + + else + ((failed++)) + if [ "$VERBOSE" == "y" ] ; then + msg_warn "[FAILED] $testfile: expected $rc_spec but got $rc_got" + [ ! -z "$test_output" ] && echo "$test_output" + else + msg_warn "[FAILED] $testfile" + fi + fi +done + +echo "" +msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" + +kernel_cleanup +exit 0 diff --git a/iptables/tests/shell/testcases/chain/ip6tables_duplicate_1 b/iptables/tests/shell/testcases/chain/ip6tables_duplicate_1 new file mode 100755 index 0000000..6d42cec --- /dev/null +++ b/iptables/tests/shell/testcases/chain/ip6tables_duplicate_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$IPTABLES -t filter -N c1 +$IPTABLES -t filter -N c1 + +if [ $? -eq 0 ]; then + echo "E: Duplicate chains" >&2 + exit 0 +fi diff --git a/iptables/tests/shell/testcases/chain/iptables_duplicate_0 b/iptables/tests/shell/testcases/chain/iptables_duplicate_0 new file mode 100755 index 0000000..6d42cec --- /dev/null +++ b/iptables/tests/shell/testcases/chain/iptables_duplicate_0 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$IPTABLES -t filter -N c1 +$IPTABLES -t filter -N c1 + +if [ $? -eq 0 ]; then + echo "E: Duplicate chains" >&2 + exit 0 +fi diff --git a/iptables/tests/shell/testcases/chain/iptables_duplicate_1 b/iptables/tests/shell/testcases/chain/iptables_duplicate_1 new file mode 100755 index 0000000..6d42cec --- /dev/null +++ b/iptables/tests/shell/testcases/chain/iptables_duplicate_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$IPTABLES -t filter -N c1 +$IPTABLES -t filter -N c1 + +if [ $? -eq 0 ]; then + echo "E: Duplicate chains" >&2 + exit 0 +fi diff --git a/iptables/tests/shell/testcases/chain/iptables_rename_0 b/iptables/tests/shell/testcases/chain/iptables_rename_0 new file mode 100755 index 0000000..a85369a --- /dev/null +++ b/iptables/tests/shell/testcases/chain/iptables_rename_0 @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e + +$IPTABLES -N c1 +$IPTABLES -E c1 c2 diff --git a/iptables/tests/shell/testcases/chain/iptables_rename_1 b/iptables/tests/shell/testcases/chain/iptables_rename_1 new file mode 100755 index 0000000..7261b6d --- /dev/null +++ b/iptables/tests/shell/testcases/chain/iptables_rename_1 @@ -0,0 +1,12 @@ +#!/bin/bash + +set -e + +$IPTABLES -N c1 +$IPTABLES -N c2 +$IPTABLES -E c1 c2 + +if [ $? -eq 0 ] ; then + echo "E: Renamed with existing chain" >&2 + exit 0 +fi