From patchwork Thu Oct 18 18:33:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 986112
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=netfilter.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 42bd2z0Pgdz9s8J
	for <incoming@patchwork.ozlabs.org>;
	Fri, 19 Oct 2018 05:33:15 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728679AbeJSCf3 (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 18 Oct 2018 22:35:29 -0400
Received: from mail.us.es ([193.147.175.20]:55460 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1728104AbeJSCf3 (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Thu, 18 Oct 2018 22:35:29 -0400
Received: from antivirus1-rhel7.int (unknown [192.168.2.11])
	by mail.us.es (Postfix) with ESMTP id 3EF182D9AE4
	for <netfilter-devel@vger.kernel.org>;
	Thu, 18 Oct 2018 20:33:12 +0200 (CEST)
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
	by antivirus1-rhel7.int (Postfix) with ESMTP id 304CEDA863
	for <netfilter-devel@vger.kernel.org>;
	Thu, 18 Oct 2018 20:33:12 +0200 (CEST)
Received: by antivirus1-rhel7.int (Postfix, from userid 99)
	id 25BA2DA84E; Thu, 18 Oct 2018 20:33:12 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	antivirus1-rhel7.int
X-Spam-Level: 
X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,
	SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1
Received: from antivirus1-rhel7.int (localhost [127.0.0.1])
	by antivirus1-rhel7.int (Postfix) with ESMTP id 48DD4DA7E1;
	Thu, 18 Oct 2018 20:33:10 +0200 (CEST)
Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int
	(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int);
	Thu, 18 Oct 2018 20:33:10 +0200 (CEST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)
Received: from salvia.here (sys.soleta.eu [212.170.55.40])
	(Authenticated sender: pneira@us.es)
	by entrada.int (Postfix) with ESMTPA id 165274265A31;
	Thu, 18 Oct 2018 20:33:10 +0200 (CEST)
X-SMTPAUTHUS: auth mail.us.es
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: ap420073@gmail.com, fw@strlen.de, phil@nwl.cc
Subject: [PATCH iptables] iptables-test: add -N option to exercise netns
	removal path
Date: Thu, 18 Oct 2018 20:33:07 +0200
Message-Id: <20181018183307.1552-1-pablo@netfilter.org>
X-Mailer: git-send-email 2.11.0
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

We are getting bug reports lately from the netns path, add a new option
to exercise this path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
This is crashing the kernel in a few spots, will retest with recent fixes to
see if we are address all existing problems.

 iptables-test.py | 54 ++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 44 insertions(+), 10 deletions(-)

diff --git a/iptables-test.py b/iptables-test.py
index 9bfb8086aa0a..11b6c05a2b91 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -61,7 +61,7 @@ def delete_rule(iptables, rule, filename, lineno):
     return 0
 
 
-def run_test(iptables, rule, rule_save, res, filename, lineno):
+def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
     '''
     Executes an unit test. Returns the output of delete_rule().
 
@@ -76,6 +76,9 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
     ret = 0
 
     cmd = iptables + " -A " + rule
+    if netns:
+            cmd = "ip netns exec ____vm-iptable-test " + EXECUTEABLE + " " + cmd
+
     ret = execute_cmd(cmd, filename, lineno)
 
     #
@@ -108,8 +111,15 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
             command = IPTABLES_SAVE
         elif splitted[0] == IP6TABLES:
             command = IP6TABLES_SAVE
+
+    if netns:
+            path = "/sbin/ip"
+            command = "netns exec ____vm-iptable-test " + EXECUTEABLE + " " + command
+    else:
+            path = os.path.abspath(os.path.curdir) + "/iptables/" + EXECUTEABLE
+
     args = splitted[1:]
-    proc = subprocess.Popen((os.path.abspath(os.path.curdir) + "/iptables/" + EXECUTEABLE, command),
+    proc = subprocess.Popen(path + " " + command, shell=True,
                             stdin=subprocess.PIPE,
                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     out, err = proc.communicate()
@@ -131,8 +141,17 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
         delete_rule(iptables, rule, filename, lineno)
         return -1
 
+    # Test "ip netns del NETNS" path with rules in place
+    if netns:
+        return 0
+
     return delete_rule(iptables, rule, filename, lineno)
 
+def run_test_netns(iptables, rule, rule_save, res, filename, lineno):
+    execute_cmd("ip netns add ____vm-iptable-test", filename, lineno)
+    ret = run_test(iptables, rule, rule_save, res, filename, lineno, True)
+    execute_cmd("ip netns del ____vm-iptable-test", filename, lineno)
+    return ret
 
 def execute_cmd(cmd, filename, lineno):
     '''
@@ -159,7 +178,7 @@ def execute_cmd(cmd, filename, lineno):
     return ret
 
 
-def run_test_file(filename):
+def run_test_file(filename, netns):
     '''
     Runs a test file
 
@@ -227,12 +246,20 @@ def run_test_file(filename):
 
             res = item[2].rstrip()
 
-            ret = run_test(iptables, rule, rule_save,
-                           res, filename, lineno + 1)
-            if ret < 0:
-                test_passed = False
-                total_test_passed = False
-                break
+            if netns:
+                ret = run_test_netns(iptables, rule, rule_save,
+                                     res, filename, lineno + 1)
+                if ret < 0:
+                   test_passed = False
+                   total_test_passed = False
+                   break
+            else:
+                ret = run_test(iptables, rule, rule_save,
+                               res, filename, lineno + 1, False)
+                if ret < 0:
+                    test_passed = False
+                    total_test_passed = False
+                    break
 
         if test_passed:
             passed += 1
@@ -275,6 +302,8 @@ def main():
                         help='Check for missing tests')
     parser.add_argument('-n', '--nftables', action='store_true',
                         help='Test iptables-over-nftables')
+    parser.add_argument('-N', '--netns', action='store_true',
+                        help='Test netnamespace path')
     args = parser.parse_args()
 
     #
@@ -289,6 +318,11 @@ def main():
     if args.nftables:
         EXECUTEABLE = "xtables-nft-multi"
 
+    if args.netns:
+        netns = True
+    else:
+        netns = False
+
     if os.getuid() != 0:
         print "You need to be root to run this, sorry"
         return
@@ -313,7 +347,7 @@ def main():
     if args.filename:
         file_list = [args.filename]
     for filename in file_list:
-        file_tests, file_passed = run_test_file(filename)
+        file_tests, file_passed = run_test_file(filename, netns)
         if file_tests:
             tests += file_tests
             passed += file_passed