new file mode 100755
@@ -0,0 +1,129 @@
+#!/bin/bash
+
+#configuration
+TESTDIR="./$(dirname $0)/"
+RETURNCODE_SEPARATOR="_"
+XTABLES_MULTI="$(dirname $0)/../../xtables-multi"
+DIFF=$(which diff)
+
+msg_error() {
+ echo "E: $1 ..." >&2
+ exit 1
+}
+
+msg_warn() {
+ echo "W: $1" >&2
+}
+
+msg_info() {
+ echo "I: $1"
+}
+
+if [ "$(id -u)" != "0" ] ; then
+ msg_error "this requires root!"
+fi
+
+[ -z "$IPTABLES" ] && IPTABLES=$XTABLES_MULTI
+if [ ! -x "$IPTABLES" ] ; then
+ msg_error "no xtables-multi binary!"
+else
+ msg_info "using xtables-multi binary $IPTABLES"
+fi
+
+if [ ! -d "$TESTDIR" ] ; then
+ msg_error "missing testdir $TESTDIR"
+fi
+
+FIND="$(which find)"
+if [ ! -x "$FIND" ] ; then
+ msg_error "no find binary found"
+fi
+
+MODPROBE="$(which modprobe)"
+if [ ! -x "$MODPROBE" ] ; then
+ msg_error "no modprobe binary found"
+fi
+
+DEPMOD="$(which depmod)"
+if [ ! -x "$DEPMOD" ] ; then
+ msg_error "no depmod binary found"
+fi
+
+if [ "$1" == "-v" ] ; then
+ VERBOSE=y
+ shift
+fi
+
+for arg in "$@"; do
+ if grep ^.*${RETURNCODE_SEPARATOR}[0-9]\\+$ <<< $arg >/dev/null ; then
+ SINGLE+=" $arg"
+ VERBOSE=y
+ else
+ msg_error "unknown parameter '$arg'"
+ fi
+done
+
+kernel_cleanup() {
+ for it in iptables ip6tables; do
+ for table in filter mangle nat raw; do
+ $it -t $table -nL >/dev/null 2>&1 || continue # non-existing table
+ $it -t $table -F # delete rules
+ $it -t $table -X # delete custom chains
+ $it -t $table -Z # zero counters
+ done
+ done
+ $DEPMOD -a
+ $MODPROBE -raq \
+ ip_tables iptable_nat iptable_mangle ipt_REJECT
+}
+
+find_tests() {
+ if [ ! -z "$SINGLE" ] ; then
+ echo $SINGLE
+ return
+ fi
+ ${FIND} ${TESTDIR} -executable -regex \
+ .*${RETURNCODE_SEPARATOR}[0-9]+ | sort
+}
+
+
+echo ""
+ok=0
+failed=0
+
+for testfile in $(find_tests)
+do
+
+ for it in iptables ip6tables; do
+ kernel_cleanup
+ rc_spec=`echo $(basename ${testfile}) | cut -d _ -f2-`
+ IPTABLES="$XTABLES_MULTI $it"
+
+ msg_info "[EXECUTING] $testfile"
+ test_output=$(IPTABLES=$IPTABLES ${testfile} 2>&1)
+ rc_got=$?
+ echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line
+
+ if [ "$rc_got" == "$rc_spec" ] ; then
+ msg_info "[OK] $testfile"
+ [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output"
+ ((ok++))
+
+ else
+ ((failed++))
+ if [ "$VERBOSE" == "y" ] ; then
+ msg_warn "[FAILED] $testfile: expected $rc_spec but got $rc_got"
+ [ ! -z "$test_output" ] && echo "$test_output"
+ else
+ msg_warn "[FAILED] $testfile"
+ fi
+ fi
+
+ done
+done
+
+echo ""
+msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))"
+
+kernel_cleanup
+exit 0
new file mode 100755
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -t filter -N c1
+$IPTABLES -t filter -N c1
+
+if [ $? -eq 0 ]; then
+ echo "E: Duplicate chains" >&2
+ exit 0
+fi
new file mode 100755
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -t filter -N c1
+$IPTABLES -t filter -N c1
+
+if [ $? -eq 0 ]; then
+ echo "E: Duplicate chains" >&2
+ exit 0
+fi
new file mode 100755
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -t filter -N c1
+$IPTABLES -t filter -N c1
+
+if [ $? -eq 0 ]; then
+ echo "E: Duplicate chains" >&2
+ exit 0
+fi
new file mode 100755
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -N c1
+$IPTABLES -E c1 c2
new file mode 100755
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -N c1
+$IPTABLES -N c2
+$IPTABLES -E c1 c2
+
+if [ $? -eq 0 ] ; then
+ echo "E: Renamed with existing chain" >&2
+ exit 0
+fi
To run the test suite (as root): % cd iptables/tests/shell % ./run-tests.sh Test files are executables files with the pattern <<name_N>> , where N is the expected return code of the executable. Since they are located with `find', test-files can be spreaded in any sub-directories. You can turn on a verbose execution by calling: % ./run-tests.sh -v Before each call to the test-files, `kernel_cleanup' will be called. Also, test-files will receive the environment variable $IPTABLES which contains the path to the iptables binary being tested. You can pass an arbitrary $IPTABLES value as well: % IPTABLES=/../../xtables-multi iptables ./run-tests.sh Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com> --- changes in v2 - Called the same script setting $IPTABLES to iptables or ip6tables instead of having the same script twice for iptables and ip6tables. iptables/tests/shell/run-tests.sh | 129 +++++++++++++++++++++ .../tests/shell/testcases/chain/0001duplicate_1 | 11 ++ .../tests/shell/testcases/chain/0002duplicate_0 | 11 ++ .../tests/shell/testcases/chain/0003duplicate_1 | 11 ++ iptables/tests/shell/testcases/chain/0004rename_0 | 6 + iptables/tests/shell/testcases/chain/0005rename_1 | 12 ++ 6 files changed, 180 insertions(+) create mode 100755 iptables/tests/shell/run-tests.sh create mode 100755 iptables/tests/shell/testcases/chain/0001duplicate_1 create mode 100755 iptables/tests/shell/testcases/chain/0002duplicate_0 create mode 100755 iptables/tests/shell/testcases/chain/0003duplicate_1 create mode 100755 iptables/tests/shell/testcases/chain/0004rename_0 create mode 100755 iptables/tests/shell/testcases/chain/0005rename_1