From 47d11ab2153447d7291a5c325cf0cf7bc124b05d Mon Sep 17 00:00:00 2001 From: Ana Rey Date: Wed, 20 Nov 2013 12:23:12 +0100 Subject: tests: add unit tests for libnftables These tests create an initial object 'a' whose attributes are set to arbitrary values. Then, that object is converted to a Netlink message which is parsed to obtain the object 'b'. If things go well, the original object 'a' and the transformed object 'b' should be equivalent. Thus, we make sure that object transformations through the main library APIs are correct. These tests have helped to catch the following bugs in this library: (3cf788a72 expr: fix leak in target and match expressions) (4182e574f expr: match: fix wrong flag setting in nft_rule_expr_match_parse) (0bec6bc5e expr: log: release prefix) (2b690deea expr: log: fix missing \0 when sending log prefix to kernel) (e55c7afcf expr: target: fix wrong info length in nft_rule_expr_target_parse) (8fc4d4bd2 expr: log: fix wrong attribute type in nft_rule_expr_log_parse) Signed-off-by: Ana Rey Signed-off-by: Pablo Neira Ayuso --- tests/nft-expr_limit-test.c | 96 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 tests/nft-expr_limit-test.c (limited to 'tests/nft-expr_limit-test.c') diff --git a/tests/nft-expr_limit-test.c b/tests/nft-expr_limit-test.c new file mode 100644 index 0000000..c5730cc --- /dev/null +++ b/tests/nft-expr_limit-test.c @@ -0,0 +1,96 @@ +/* + * (C) 2013 by Ana Rey Botello + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + */ + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include + +static int test_ok = 1; + +static void print_err(const char *msg) +{ + test_ok = 0; + printf("\033[31mERROR:\e[0m %s\n", msg); +} + +static void cmp_nft_rule_expr(struct nft_rule_expr *rule_a, + struct nft_rule_expr *rule_b) +{ + if (nft_rule_expr_get_u64(rule_a, NFT_EXPR_LIMIT_RATE) != + nft_rule_expr_get_u64(rule_b, NFT_EXPR_LIMIT_RATE)) + print_err("Expr CTR_BYTES mismatches"); + if (nft_rule_expr_get_u64(rule_a, NFT_EXPR_LIMIT_UNIT) != + nft_rule_expr_get_u64(rule_b, NFT_EXPR_LIMIT_UNIT)) + print_err("Expr CTR_PACKET mismatches"); +} + +int main(int argc, char *argv[]) +{ + struct nft_rule *a, *b; + struct nft_rule_expr *ex; + struct nlmsghdr *nlh; + char buf[4096]; + struct nft_rule_expr_iter *iter_a, *iter_b; + struct nft_rule_expr *rule_a, *rule_b; + + a = nft_rule_alloc(); + b = nft_rule_alloc(); + if (a == NULL || b == NULL) + print_err("OOM"); + ex = nft_rule_expr_alloc("limit"); + if (ex == NULL) + print_err("OOM"); + + nft_rule_expr_set_u64(ex, NFT_EXPR_LIMIT_RATE, 0x123456789abcdef0); + nft_rule_expr_set_u64(ex, NFT_EXPR_LIMIT_UNIT, 0x123456789abcdef0); + + nft_rule_add_expr(a, ex); + + nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nft_rule_nlmsg_build_payload(nlh, a); + + if (nft_rule_nlmsg_parse(nlh, b) < 0) + print_err("parsing problems"); + + iter_a = nft_rule_expr_iter_create(a); + iter_b = nft_rule_expr_iter_create(b); + if (iter_a == NULL || iter_b == NULL) + print_err("OOM"); + + rule_a = nft_rule_expr_iter_next(iter_a); + rule_b = nft_rule_expr_iter_next(iter_b); + if (rule_a == NULL || rule_b == NULL) + print_err("OOM"); + + cmp_nft_rule_expr(rule_a, rule_b); + + if (nft_rule_expr_iter_next(iter_a) != NULL || + nft_rule_expr_iter_next(iter_b) != NULL) + print_err("More 1 expr."); + + nft_rule_expr_iter_destroy(iter_a); + nft_rule_expr_iter_destroy(iter_b); + nft_rule_free(a); + nft_rule_free(b); + + if (!test_ok) + exit(EXIT_FAILURE); + + printf("%s: \033[32mOK\e[0m\n", argv[0]); + return EXIT_SUCCESS; +} -- cgit v1.2.3