tests: add `NOMATCH` test result

Currently, there are two supported test results: `OK` and `FAIL`.  It is
expected that either the iptables command fails, or it succeeds and
dumping the rule has the correct output.  However, it is possible that
the command may succeed but the output may not be correct.  Add a
`NOMATCH` result to cover this outcome.

Make a few white-space improvements at the same time.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 25 insertions, 11 deletions

diff --git a/iptables-test.py b/iptables-test.py
index 91c77e3d..4a587a29 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -73,9 +73,9 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
     Executes an unit test. Returns the output of delete_rule().
 
     Parameters:
-    :param  iptables: string with the iptables command to execute
+    :param iptables: string with the iptables command to execute
     :param rule: string with iptables arguments for the rule to test
-    :param rule_save: string to find the rule in the output of iptables -save
+    :param rule_save: string to find the rule in the output of iptables-save
     :param res: expected result of the rule. Valid values: "OK", "FAIL"
     :param filename: name of the file tested (used for print_error purposes)
     :param lineno: line number being tested (used for print_error purposes)
@@ -92,7 +92,7 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
     # report failed test
     #
     if ret:
-        if res == "OK":
+        if res != "FAIL":
             reason = "cannot load: " + cmd
             print_error(reason, filename, lineno)
             return -1
@@ -146,10 +146,20 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
     # find the rule
     matching = out.find(rule_save.encode('utf-8'))
     if matching < 0:
-        reason = "cannot find: " + iptables + " -I " + rule
-        print_error(reason, filename, lineno)
-        delete_rule(iptables, rule, filename, lineno)
-        return -1
+        if res == "OK":
+            reason = "cannot find: " + iptables + " -I " + rule
+            print_error(reason, filename, lineno)
+            delete_rule(iptables, rule, filename, lineno)
+            return -1
+        else:
+            # do not report this error
+            return 0
+    else:
+        if res != "OK":
+            reason = "should not match: " + cmd
+            print_error(reason, filename, lineno)
+            delete_rule(iptables, rule, filename, lineno)
+            return -1
 
     # Test "ip netns del NETNS" path with rules in place
     if netns:
@@ -190,14 +200,18 @@ def variant_res(res, variant):
     result. Therefore map @res to itself if given variant is current, invert it
     otherwise.
 
-    :param res: expected result from test spec ("OK" or "FAIL")
+    :param res: expected result from test spec ("OK", "FAIL" or "NOMATCH")
     :param variant: variant @res is scoped to by test spec ("NFT" or "LEGACY")
     '''
     variant_executable = {
-            "NFT": "xtables-nft-multi",
-            "LEGACY": "xtables-legacy-multi"
+        "NFT": "xtables-nft-multi",
+        "LEGACY": "xtables-legacy-multi"
+    }
+    res_inverse = {
+        "OK": "FAIL",
+        "FAIL": "OK",
+        "NOMATCH": "OK"
     }
-    res_inverse = { "OK": "FAIL", "FAIL": "OK" }
 
     if variant_executable[variant] == EXECUTABLE:
         return res