1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#!/bin/bash
# set -x
ipset=${IPSET_BIN:-../src/ipset}
tests="init"
tests="$tests ipmap bitmap:ip"
tests="$tests macipmap portmap"
tests="$tests iphash hash:ip hash:ip6"
tests="$tests ipporthash hash:ip,port hash:ip6,port"
tests="$tests ipmarkhash hash:ip,mark hash:ip6,mark"
tests="$tests ipportiphash hash:ip,port,ip hash:ip6,port,ip6"
tests="$tests nethash hash:net hash:net6 hash:net,port hash:net6,port"
tests="$tests hash:ip,port,net hash:ip6,port,net6 hash:net,net hash:net6,net6"
tests="$tests hash:net,port,net hash:net6,port,net6"
tests="$tests hash:net,iface.t hash:mac.t"
tests="$tests comment setlist restore"
# tests="$tests iptree iptreemap"
# For correct sorting:
LC_ALL=C
export LC_ALL
add_tests() {
# inet|inet6 network
if [ $1 = "inet" ]; then
cmd=iptables-save
add="match_target match_flags"
else
cmd=ip6tables-save
add=match_target6
fi
#line="`dmesg | tail -1 | cut -d " " -f 2-`"
#if [ ! -e /var/log/kern.log -o -z "`grep -F \"$line\" /var/log/kern.log`" ]; then
# echo "The destination for kernel log is not /var/log/kern.log, skipping $1 match and target tests"
# return
#fi
c=${cmd%%-save}
if [ "`$c -m set -h 2>&1| grep 'cannot open shared object'`" ]; then
echo "$c does not support set match, skipping $1 match and target tests"
return
fi
if [ `$cmd -t filter | wc -l` -eq 7 -a \
`$cmd -t filter | grep ACCEPT | wc -l` -eq 3 ]; then
if [ -z "`which sendip`" ]; then
echo "sendip utility is missig: skipping $1 match and target tests"
elif [ -n "`netstat --protocol $1 -n | grep $2`" ]; then
echo "Our test network $2 in use: skipping $1 match and target tests"
else
tests="$tests $add"
fi
:
else
echo "You have got iptables rules: skipping $1 match and target tests"
fi
}
if [ "$1" ]; then
tests="init $@"
else
add_tests inet 10.255.255
add_tests inet6 1002:1002:1002:1002::
fi
# Make sure the scripts are executable
chmod a+x check_* *.sh
for types in $tests; do
$ipset -X test >/dev/null 2>&1
if [ -f $types ]; then
filename=$types
else
filename=$types.t
fi
while read ret cmd; do
case $ret in
\#)
if [ "$cmd" = "eof" ]; then
break
fi
what=$cmd
continue
;;
skip)
eval $cmd
if [ $? -ne 0 ]; then
echo "Skipping tests, '$cmd' failed"
break
fi
continue
;;
*)
;;
esac
echo -ne "$types: $what: "
cmd=`echo $cmd | sed "s|ipset|$ipset 2>.foo.err|"`
eval $cmd
r=$?
# echo $ret $r
if [ "$ret" = "$r" ]; then
echo "passed"
else
echo "FAILED"
echo "Failed test: $cmd"
cat .foo.err
exit 1
fi
# sleep 1
done < $filename
done
# Remove test sets created by setlist.t
$ipset -X >/dev/null 2>&1
for x in $tests; do
case $x in
init)
;;
*)
for x in `lsmod | grep ip_set_ | awk '{print $1}'`; do
rmmod $x >/dev/null 2>&1
done
;;
esac
done
rmmod ip_set >/dev/null 2>&1
rm -f .foo*
echo "All tests are passed"
|