diff options
author | Phil Sutter <phil@nwl.cc> | 2019-02-13 11:11:27 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-02-13 20:08:31 +0100 |
commit | 14d3d12fe4426c80be3c171366bad74c9e18c4ca (patch) | |
tree | a733e1c8f6af892a33c5f22bb62b650ccbea123a /iptables/tests | |
parent | 4e13970a6c2ff03f60681b260db6f18290fd0a80 (diff) |
tests: Extend return codes check by error messages
Check that error messages match between legacy and nft code.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/tests')
-rwxr-xr-x | iptables/tests/shell/testcases/iptables/0004-return-codes_0 | 59 |
1 files changed, 46 insertions, 13 deletions
diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 index 9d249399..15f3a3e9 100755 --- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 +++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 @@ -5,44 +5,77 @@ global_rc=0 -cmd() { # (rc, cmd, [args ...]) +cmd() { # (rc, msg, cmd, [args ...]) rc_exp=$1; shift - $XT_MULTI "$@" + msg_exp="" + [ $rc_exp != 0 ] && { + msg_exp="$1"; shift + } + + msg="$($XT_MULTI "$@" 2>&1 >/dev/null)" rc=$? [ $rc -eq $rc_exp ] || { - echo "---> expected $rc_exp, got $rc for command '$@'" + echo "---> expected return code $rc_exp, got $rc for command '$@'" + global_rc=1 + } + + [ -n "$msg_exp" ] || return + grep -q "$msg_exp" <<< $msg || { + echo "---> expected error message '$msg_exp', got '$msg' for command '$@'" global_rc=1 } } +EEXIST_F="File exists." +EEXIST="Chain already exists." +ENOENT="No chain/target/match by that name." +E2BIG_I="Index of insertion too big." +E2BIG_D="Index of deletion too big." +E2BIG_R="Index of replacement too big." +EBADRULE="Bad rule (does a matching rule exist in that chain?)." +ENOTGT="Couldn't load target \`foobar':No such file or directory" +ENOMTH="Couldn't load match \`foobar':No such file or directory" +ENOTBL="can't initialize iptables table \`foobar': Table does not exist" + # test chain creation cmd 0 iptables -N foo -cmd 1 iptables -N foo +cmd 1 "$EEXIST" iptables -N foo # iptables-nft allows this - bug or feature? #cmd 2 iptables -N "invalid name" # test chain flushing/zeroing cmd 0 iptables -F foo cmd 0 iptables -Z foo -cmd 1 iptables -F bar -cmd 1 iptables -Z bar +cmd 1 "$ENOENT" iptables -F bar +cmd 1 "$ENOENT" iptables -Z bar # test chain rename cmd 0 iptables -E foo bar -cmd 1 iptables -E foo bar +cmd 1 "$EEXIST_F" iptables -E foo bar # test rule adding cmd 0 iptables -A INPUT -j ACCEPT -cmd 1 iptables -A noexist -j ACCEPT +cmd 1 "$ENOENT" iptables -A noexist -j ACCEPT + +# test rulenum commands +cmd 1 "$E2BIG_I" iptables -I INPUT 23 -j ACCEPT +cmd 1 "$E2BIG_D" iptables -D INPUT 23 +cmd 1 "$E2BIG_R" iptables -R INPUT 23 -j ACCEPT +cmd 1 "$ENOENT" iptables -I nonexist 23 -j ACCEPT +cmd 1 "$ENOENT" iptables -D nonexist 23 +cmd 1 "$ENOENT" iptables -R nonexist 23 -j ACCEPT # test rule checking cmd 0 iptables -C INPUT -j ACCEPT -cmd 1 iptables -C FORWARD -j ACCEPT -cmd 1 iptables -C nonexist -j ACCEPT -cmd 2 iptables -C INPUT -j foobar -cmd 2 iptables -C INPUT -m foobar -j ACCEPT -cmd 3 iptables -t foobar -C INPUT -j ACCEPT +cmd 1 "$EBADRULE" iptables -C FORWARD -j ACCEPT +cmd 1 "$BADRULE" iptables -C nonexist -j ACCEPT +cmd 2 "$ENOMTH" iptables -C INPUT -m foobar -j ACCEPT +# messages of those don't match, but iptables-nft ones are actually nicer. +#cmd 2 "$ENOTGT" iptables -C INPUT -j foobar +#cmd 3 "$ENOTBL" iptables -t foobar -C INPUT -j ACCEPT +cmd 2 "" iptables -C INPUT -j foobar +cmd 3 "" iptables -t foobar -C INPUT -j ACCEPT exit $global_rc |