diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-31 12:29:57 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-01 10:12:40 +0200 |
commit | b6a06c1a215f867f7eee4a3f2f40ec14028fe186 (patch) | |
tree | a941776217826cb296c2477e403747f8397437a1 /iptables/tests | |
parent | 3bb497c61d743ba811e7f501e54cc5071216e1f5 (diff) |
xtables: Align return codes with legacy iptables
Make sure return codes match legacy ones at least for a few selected
commands typically used to check ruleset state.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/tests')
-rwxr-xr-x | iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 | 38 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/iptables/0004-return-codes_0 | 38 |
2 files changed, 76 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 b/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 new file mode 100755 index 00000000..f023b791 --- /dev/null +++ b/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 @@ -0,0 +1,38 @@ +#!/bin/sh + +# make sure error return codes are as expected useful cases +# (e.g. commands to check ruleset state) + +global_rc=0 + +cmd() { # (rc, cmd, [args ...]) + rc_exp=$1; shift + + $XT_MULTI "$@" + rc=$? + + [ $rc -eq $rc_exp ] || { + echo "---> expected $rc_exp, got $rc for command '$@'" + global_rc=1 + } +} + +# test chain creation +cmd 0 ip6tables -N foo +cmd 1 ip6tables -N foo +# iptables-nft allows this - bug or feature? +#cmd 2 ip6tables -N "invalid name" + +# test rule adding +cmd 0 ip6tables -A INPUT -j ACCEPT +cmd 1 ip6tables -A noexist -j ACCEPT + +# test rule checking +cmd 0 ip6tables -C INPUT -j ACCEPT +cmd 1 ip6tables -C FORWARD -j ACCEPT +cmd 1 ip6tables -C nonexist -j ACCEPT +cmd 2 ip6tables -C INPUT -j foobar +cmd 2 ip6tables -C INPUT -m foobar -j ACCEPT +cmd 3 ip6tables -t foobar -C INPUT -j ACCEPT + +exit $global_rc diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 new file mode 100755 index 00000000..34dffeee --- /dev/null +++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 @@ -0,0 +1,38 @@ +#!/bin/sh + +# make sure error return codes are as expected useful cases +# (e.g. commands to check ruleset state) + +global_rc=0 + +cmd() { # (rc, cmd, [args ...]) + rc_exp=$1; shift + + $XT_MULTI "$@" + rc=$? + + [ $rc -eq $rc_exp ] || { + echo "---> expected $rc_exp, got $rc for command '$@'" + global_rc=1 + } +} + +# test chain creation +cmd 0 iptables -N foo +cmd 1 iptables -N foo +# iptables-nft allows this - bug or feature? +#cmd 2 iptables -N "invalid name" + +# test rule adding +cmd 0 iptables -A INPUT -j ACCEPT +cmd 1 iptables -A noexist -j ACCEPT + +# test rule checking +cmd 0 iptables -C INPUT -j ACCEPT +cmd 1 iptables -C FORWARD -j ACCEPT +cmd 1 iptables -C nonexist -j ACCEPT +cmd 2 iptables -C INPUT -j foobar +cmd 2 iptables -C INPUT -m foobar -j ACCEPT +cmd 3 iptables -t foobar -C INPUT -j ACCEPT + +exit $global_rc |