iptables: tests: shell: add shell test-suite

To run the test suite (as root):
 % cd iptables/tests/shell
 % ./run-tests.sh

Test files are executables files with the pattern <<name_N>> , where
N is the expected return code of the executable. Since they are
located with `find', test-files can be spreaded in any sub-directories.

You can turn on a verbose execution by calling:
 % ./run-tests.sh -v

Before each call to the test-files, `kernel_cleanup' will be called.
Also, test-files will receive the environment variable $IPTABLES which
contains the path to the iptables binary being tested.

You can pass an arbitrary $IPTABLES value as well:
 % IPTABLES=/../../xtables-multi iptables ./run-tests.sh

Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

6 files changed, 180 insertions, 0 deletions

diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh
new file mode 100755
index 00000000..cf5cbdc3
--- /dev/null
+++ b/iptables/tests/shell/run-tests.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+
+#configuration
+TESTDIR="./$(dirname $0)/"
+RETURNCODE_SEPARATOR="_"
+XTABLES_MULTI="$(dirname $0)/../../xtables-multi"
+DIFF=$(which diff)
+
+msg_error() {
+        echo "E: $1 ..." >&2
+        exit 1
+}
+
+msg_warn() {
+        echo "W: $1" >&2
+}
+
+msg_info() {
+        echo "I: $1"
+}
+
+if [ "$(id -u)" != "0" ] ; then
+        msg_error "this requires root!"
+fi
+
+[ -z "$IPTABLES" ] && IPTABLES=$XTABLES_MULTI
+if [ ! -x "$IPTABLES" ] ; then
+        msg_error "no xtables-multi binary!"
+else
+        msg_info "using xtables-multi binary $IPTABLES"
+fi
+
+if [ ! -d "$TESTDIR" ] ; then
+        msg_error "missing testdir $TESTDIR"
+fi
+
+FIND="$(which find)"
+if [ ! -x "$FIND" ] ; then
+        msg_error "no find binary found"
+fi
+
+MODPROBE="$(which modprobe)"
+if [ ! -x "$MODPROBE" ] ; then
+        msg_error "no modprobe binary found"
+fi
+
+DEPMOD="$(which depmod)"
+if [ ! -x "$DEPMOD" ] ; then
+        msg_error "no depmod binary found"
+fi
+
+if [ "$1" == "-v" ] ; then
+        VERBOSE=y
+        shift
+fi
+
+for arg in "$@"; do
+        if grep ^.*${RETURNCODE_SEPARATOR}[0-9]\\+$ <<< $arg >/dev/null ; then
+                SINGLE+=" $arg"
+                VERBOSE=y
+        else
+                msg_error "unknown parameter '$arg'"
+        fi
+done
+
+kernel_cleanup() {
+	for it in iptables ip6tables; do
+	for table in filter mangle nat raw; do
+		$it -t $table -nL >/dev/null 2>&1 || continue # non-existing table
+		$it -t $table -F        # delete rules
+		$it -t $table -X        # delete custom chains
+		$it -t $table -Z        # zero counters
+	done
+	done
+	$DEPMOD -a
+	$MODPROBE -raq \
+	ip_tables iptable_nat iptable_mangle ipt_REJECT
+}
+
+find_tests() {
+        if [ ! -z "$SINGLE" ] ; then
+                echo $SINGLE
+                return
+        fi
+        ${FIND} ${TESTDIR} -executable -regex \
+                .*${RETURNCODE_SEPARATOR}[0-9]+ | sort
+}
+
+
+echo ""
+ok=0
+failed=0
+
+for testfile in $(find_tests)
+do
+
+	for it in iptables ip6tables; do
+		kernel_cleanup
+		rc_spec=`echo $(basename ${testfile}) | cut -d _ -f2-`
+		IPTABLES="$XTABLES_MULTI $it"
+
+		msg_info "[EXECUTING]   $testfile"
+		test_output=$(IPTABLES=$IPTABLES ${testfile} 2>&1)
+		rc_got=$?
+		echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line
+
+		if [ "$rc_got" == "$rc_spec" ] ; then
+			msg_info "[OK]          $testfile"
+			[ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output"
+			((ok++))
+
+		else
+			((failed++))
+			if [ "$VERBOSE" == "y" ] ; then
+				msg_warn "[FAILED]      $testfile: expected $rc_spec but got $rc_got"
+				[ ! -z "$test_output" ] && echo "$test_output"
+			else
+				msg_warn "[FAILED]      $testfile"
+			fi
+		fi
+
+	done
+done
+
+echo ""
+msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))"
+
+kernel_cleanup
+exit 0
diff --git a/iptables/tests/shell/testcases/chain/0001duplicate_1 b/iptables/tests/shell/testcases/chain/0001duplicate_1
new file mode 100755
index 00000000..6d42cecf
--- /dev/null
+++ b/iptables/tests/shell/testcases/chain/0001duplicate_1
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -t filter -N c1
+$IPTABLES -t filter -N c1
+
+if [ $? -eq 0 ]; then
+	echo "E: Duplicate chains" >&2
+	exit 0
+fi
diff --git a/iptables/tests/shell/testcases/chain/0002duplicate_0 b/iptables/tests/shell/testcases/chain/0002duplicate_0
new file mode 100755
index 00000000..6d42cecf
--- /dev/null
+++ b/iptables/tests/shell/testcases/chain/0002duplicate_0
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -t filter -N c1
+$IPTABLES -t filter -N c1
+
+if [ $? -eq 0 ]; then
+	echo "E: Duplicate chains" >&2
+	exit 0
+fi
diff --git a/iptables/tests/shell/testcases/chain/0003duplicate_1 b/iptables/tests/shell/testcases/chain/0003duplicate_1
new file mode 100755
index 00000000..6d42cecf
--- /dev/null
+++ b/iptables/tests/shell/testcases/chain/0003duplicate_1
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -t filter -N c1
+$IPTABLES -t filter -N c1
+
+if [ $? -eq 0 ]; then
+	echo "E: Duplicate chains" >&2
+	exit 0
+fi
diff --git a/iptables/tests/shell/testcases/chain/0004rename_0 b/iptables/tests/shell/testcases/chain/0004rename_0
new file mode 100755
index 00000000..a85369a5
--- /dev/null
+++ b/iptables/tests/shell/testcases/chain/0004rename_0
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -N c1
+$IPTABLES -E c1 c2
diff --git a/iptables/tests/shell/testcases/chain/0005rename_1 b/iptables/tests/shell/testcases/chain/0005rename_1
new file mode 100755
index 00000000..7261b6dc
--- /dev/null
+++ b/iptables/tests/shell/testcases/chain/0005rename_1
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+$IPTABLES -N c1
+$IPTABLES -N c2
+$IPTABLES -E c1 c2
+
+if [ $? -eq 0 ] ; then
+        echo "E: Renamed with existing chain" >&2
+        exit 0
+fi