diff mbox series

[iptables,v2,08/14] tests: Extend verbose output and return code tests

Message ID 20181213111607.5457-9-phil@nwl.cc
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series Separate rule cache per chain et al. | expand

Commit Message

Phil Sutter Dec. 13, 2018, 11:16 a.m. UTC 
Recent changes to chain flush and zero routines incorporate proper error
propagation so trying to flush or zero a non-existent chain results in
an error. This is consistent with iptables-legacy, extend tests to make
sure it stays this way.

Also extend verbose output test to make these recent changes didn't mess
it up.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 .../shell/testcases/iptables/0002-verbose-output_0  | 13 +++++++++----
 .../shell/testcases/iptables/0004-return-codes_0    |  6 ++++++
 2 files changed, 15 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
index 2e8059536ea7b..b1ef91f61f481 100755
--- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
+++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
@@ -29,23 +29,28 @@  Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 
 diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -n -L)
 
+[[ -z $($XT_MULTI iptables -v -N foobar) ]] || exit 1
+
 diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -D FORWARD $RULE1)
 diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -D FORWARD $RULE2)
 
 EXPECT="Flushing chain \`INPUT'
 Flushing chain \`FORWARD'
-Flushing chain \`OUTPUT'"
+Flushing chain \`OUTPUT'
+Flushing chain \`foobar'"
 
 diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -F)
 
 EXPECT="Zeroing chain \`INPUT'
 Zeroing chain \`FORWARD'
-Zeroing chain \`OUTPUT'"
+Zeroing chain \`OUTPUT'
+Zeroing chain \`foobar'"
 
 diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -Z)
 
 diff -u <(echo "Flushing chain \`OUTPUT'") <($XT_MULTI iptables -v -F OUTPUT)
 diff -u <(echo "Zeroing chain \`OUTPUT'") <($XT_MULTI iptables -v -Z OUTPUT)
+diff -u <(echo "Flushing chain \`foobar'") <($XT_MULTI iptables -v -F foobar)
+diff -u <(echo "Zeroing chain \`foobar'") <($XT_MULTI iptables -v -Z foobar)
 
-$XT_MULTI iptables -N foo
-diff -u <(echo "Deleting chain \`foo'") <($XT_MULTI iptables -v -X foo)
+diff -u <(echo "Deleting chain \`foobar'") <($XT_MULTI iptables -v -X foobar)
diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
index 5b6e1f6f1bc7a..9d2493992bd69 100755
--- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0
+++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
@@ -23,6 +23,12 @@  cmd 1 iptables -N foo
 # iptables-nft allows this - bug or feature?
 #cmd 2 iptables -N "invalid name"
 
+# test chain flushing/zeroing
+cmd 0 iptables -F foo
+cmd 0 iptables -Z foo
+cmd 1 iptables -F bar
+cmd 1 iptables -Z bar
+
 # test chain rename
 cmd 0 iptables -E foo bar
 cmd 1 iptables -E foo bar