diff options
| author | Thomas Haller <thaller@redhat.com> | 2023-09-18 21:59:24 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-09-19 18:48:26 +0200 |
| commit | b450c12223c4fc3fd8389809dace7dbccd513e95 (patch) | |
| tree | bcaca064b789e380bd4a34117ff00f2ee9251550 | |
| parent | dac1fbe3d35bf5e78320c4402718628866ed9d0a (diff) | |
tests/shell: run `nft --check` on persisted dump files
"nft --check" will trigger a rollback in kernel. The existing dump files
might hit new code paths. Take the opportunity to call the command on
the existing files.
And alternative would be to write a separate tests, that iterates over
all files. However, then we can only run all the commands sequentially
(unless we do something smart). That might be slower than the
opportunity to run the checks in parallel. More importantly, it would be
nice if the check for the dump file is clearly tied to the file's test.
So run it right after the test, from the test wrapper.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rwxr-xr-x | tests/shell/helpers/test-wrapper.sh | 31 | ||||
| -rwxr-xr-x | tests/shell/run-tests.sh | 4 |
2 files changed, 34 insertions, 1 deletions
diff --git a/tests/shell/helpers/test-wrapper.sh b/tests/shell/helpers/test-wrapper.sh index 165a944d..e10360c9 100755 --- a/tests/shell/helpers/test-wrapper.sh +++ b/tests/shell/helpers/test-wrapper.sh @@ -134,6 +134,35 @@ if [ "$rc_dump" -ne 0 ] ; then echo "$DUMPFILE" > "$NFT_TEST_TESTTMPDIR/rc-failed-dump" fi +rc_chkdump=0 +# check that a flush after the test succeeds. We anyway need a clean ruleset +# for the `nft --check` next. +$NFT flush ruleset &> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" || rc_chkdump=1 +if [ -f "$DUMPFILE" ] ; then + # We have a dumpfile. Call `nft --check` to possibly cover new code + # paths. + if [ "$rc_test" -eq 77 ] ; then + # The test was skipped. Possibly we don't have the required + # features to process this file. Ignore any output and exit + # code, but still call the program (for valgrind or sanitizer + # issue we hope to find). + $NFT --check -f "$DUMPFILE" &>/dev/null || : + else + $NFT --check -f "$DUMPFILE" &>> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" || rc_chkdump=1 + fi +fi +if [ -s "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" ] ; then + # Non-empty output? That is wrong. + rc_chkdump=1 +elif [ "$rc_chkdump" -eq 0 ] ; then + rm -rf "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" +fi +if [ "$rc_chkdump" -ne 0 ] ; then + # Ensure we don't have empty output files. Always write something, so + # that `grep ^ -R` lists the file. + echo -e "<<<<<\n\nCalling \`nft --check\` (or \`nft flush ruleset\`) failed for \"$DUMPFILE\"" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" +fi + rc_valgrind=0 [ -f "$NFT_TEST_TESTTMPDIR/rc-failed-valgrind" ] && rc_valgrind=1 @@ -154,6 +183,8 @@ elif [ "$rc_test" -ne 0 ] ; then rc_exit="$rc_test" elif [ "$rc_dump" -ne 0 ] ; then rc_exit=124 +elif [ "$rc_chkdump" -ne 0 ] ; then + rc_exit=121 else rc_exit=0 fi diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index 03021085..5ef6359f 100755 --- a/tests/shell/run-tests.sh +++ b/tests/shell/run-tests.sh @@ -740,7 +740,9 @@ print_test_result() { else ((failed++)) result_msg_level="W" - if [ "$rc_got" -eq 122 ] ; then + if [ "$rc_got" -eq 121 ] ; then + result_msg_status="CHK DUMP" + elif [ "$rc_got" -eq 122 ] ; then result_msg_status="VALGRIND" elif [ "$rc_got" -eq 123 ] ; then result_msg_status="TAINTED" |