summaryrefslogtreecommitdiffstats
path: root/qa/test_api.c
Commit message (Collapse)AuthorAgeFilesLines
* qa: add tests for new bitmask functionsKen-ichirou MATSUZAWA2014-09-111-0/+37
| | | | | | | for nfct_bitmask_clear() and nfct_bitmask_equal() Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: update cmp ATTR_ZONE size mark and zoneKen-ichirou MATSUZAWA2014-06-241-20/+76
| | | | | | | | Test all combinations of flags/attribute states for both ZONE and MARK. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: add cmp ATTR_ZONE regression test casesFlorian Westphal2014-06-191-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | As reported by Ken-ichirou MATSUZAWA: "conntrack -L --zone 0" doesn't list any output. nfct_cmp(mask_obj, ct, NFCT_CMP_MASK) considers ct to not match since the zone attribute in ct is not set for the default (0) zone. libnetfilter_conntrack should be more permissive and return that these are equal iff 'mask_obj' has ATTR_ZONE with a 0 value, and ct object has ATTR_ZONE not set. These 3 checks currently fail, even though they really should not: assert(test_cmp_attr32(ATTR_ZONE, true, false, 0, 0, NFCT_CMP_STRICT) == 1); assert(test_cmp_attr32(ATTR_ZONE, false, true, 0, 0, NFCT_CMP_STRICT) == 1); assert(test_cmp_attr32(ATTR_ZONE, true, false, 0, 0, NFCT_CMP_MASK) == 1); Altough in all 3 cases the zone is only set in one conntrack, the value is zero, so it should be equal to a conntrack object without the zone bit set. Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: nfct_cmp: verify individual attr comparisionFlorian Westphal2013-06-051-10/+166
| | | | | | | | | | | | For each attribute: - copy ct2 attrs to ct1 (so they're the same) - change value of attr - call nfct_cmp to check of cmp now fails Unfortunately, most attributes fail this test at this time, thus added a TODO exclusion list to make the test pass for now. Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: add api test for nfct_cmp and nfct_exp functionsFlorian Westphal2013-06-021-12/+87
| | | | | | | Some of these checks will fail due to errors in nfct_cmp STRICT handling and missing comparision of attributes in the nfexpect_cmp functions. Signed-off-by: Florian Westphal <fw@strlen.de>
* api: add CTA_LABEL_MASK attribute handlingFlorian Westphal2013-05-061-6/+19
| | | | | | | allows to set/clear only a subset of the in-kernel label set, e.g. "set bit 1 and do not change any others". Signed-off-by: Florian Westphal <fw@strlen.de>
* api: add connlabel api and attributeFlorian Westphal2013-05-061-5/+23
| | | | | | | | | | | | | | | | | | | | | | adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal <fw@strlen.de>
* api: add nfct_bitmask objectFlorian Westphal2013-05-061-0/+55
| | | | | | | | | | | | In order to use generic getter/setter API with upcoming conntrack label extension, add helper functions to set/test/unset bits in a vector of arbitrary size. Conntrack labels will then be encoded via nfct_bitmask object. Original idea from Pablo Neira Ayuso. Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: add final OK message after checking release of clone objectsPablo Neira Ayuso2013-03-041-0/+2
| | | | | | For consistency with other tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: fix bogus eror in test_apiPablo Neira Ayuso2013-03-041-2/+2
| | | | | | | | | | | | | Use buf[32] as struct nfct_attr_grp_ipv6 is 32 bytes long. That fixes: == validate set grp API == ERROR: set/get operations don't match for attribute 2 (2 != 1) ERROR: set/get operations don't match for attribute 3 (3 != 1) ERROR: set/get operations don't match for attribute 8 (8 != 1) Shows up with gcc 4.7.1. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix nfct_clone with certain attribute data typesFlorian Westphal2012-11-281-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | some attributes are pointers to malloc'd objects. Simply copying the pointer results in use-after free when the original or the clone is destroyed. Fix it by using nfct_copy instead of memcpy and add proper test case for cloned objects: - nfct_cmp of orig and clone should return 1 (equal) - freeing both the original and the clone should neither leak memory nor result in double-frees. the testsuite changes revealed a few more problems: - ct1->timeout == ct2->timeout returned 0, ie. same timeout was considered "not equal" by nfct_cmp - secctx comparision causes "Invalid address" valgrind warnings when pointer is NULL - NFCT_CP_OVERRIDE did not handle helper attribute and erronously freed ct1 secctx memory. While at it, bump qa_test data dummy to 256 (else, valgrind complains about move-depends-on-uninitialized-memory). Lastly, fix compilation of test_api by killing bogus ATTR_CONNLABEL. Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: fix handling of ATTR_HELPER_INFO attributeFlorian Westphal2012-11-221-3/+10
| | | | | | The attribute is variable-length and must be thus be set via set_attr_l(). Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: add test case for get/set ATTR_GRP_* APIPablo Neira Ayuso2012-04-301-1/+66
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expect: add nfexp_cmpPablo Neira Ayuso2012-01-041-1/+21
| | | | | | | | | This patch adds nfexp_cmp that allows you to compare two expectation objects. This includes the extension of test_api for this new function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expect: extend test_api for the expectation APIPablo Neira Ayuso2012-01-041-0/+52
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: extend test_api to validate set API for conntrack objectsPablo Neira Ayuso2012-01-041-0/+32
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: resolve compiler warningsJan Engelhardt2010-12-301-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | -Wall flags this: make test_api test_filter make[1]: Entering directory `/home/jengelh/code/libnetfilter_conntrack/qa' CC test_api.o test_api.c:16:8: warning: return type defaults to "int" test_api.c: In function "eval_sigterm": test_api.c:23:18: warning: too many arguments for format test_api.c: In function "main": test_api.c:55:2: warning: implicit declaration of function "fork" test_api.c:34:22: warning: unused variable "h" test_api.c:102:1: warning: control reaches end of non-void function test_api.c: In function "eval_sigterm": test_api.c:29:1: warning: control reaches end of non-void function CCLD test_api CC test_filter.o test_filter.c: In function "main": test_filter.c:58:4: warning: implicit declaration of function "inet_addr" test_filter.c:74:2: warning: implicit declaration of function "strerror" test_filter.c:74:2: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ test_filter.c:75:1: warning: control reaches end of non-void function CCLD test_filter make[1]: Leaving directory `/home/jengelh/code/libnetfilter_conntrack/qa' Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* qa: add test file to check for missing indirect function callsPablo Neira Ayuso2008-11-231-0/+102
This patch adds a rudimentary test file to check for possible unset indirect function calls. This automated test should be run after adding a new attribute. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>