diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-29 16:33:38 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-09-11 02:39:46 +0200 |
commit | d90daac1aec5f5233cecaffdcc2847b87896aef7 (patch) | |
tree | fb7f335b024663868c14524876445817d5f5195c /tests/py/nft-test.py | |
parent | 35ea9534d425d762692fa7dbbe9ecbb34a27e216 (diff) |
tests/py: Check differing rule output for sanity
If an added rule's listing differs from the input (either expected or
not), reinsert that output and check payload again to make sure the
asymmetry doesn't lead to (internal) changes in ruleset.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/nft-test.py')
-rwxr-xr-x | tests/py/nft-test.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py index 4e69cd27..1837c9c9 100755 --- a/tests/py/nft-test.py +++ b/tests/py/nft-test.py @@ -823,8 +823,10 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): continue rule_output = output_clean(pre_output, chain) + retest_output = False if len(rule) == 3: teoric_exit = rule[2] + retest_output = True else: teoric_exit = rule[0] @@ -833,6 +835,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): if set_check_element(teoric_exit.rstrip(), rule_output.rstrip()) != 0: warning += 1 + retest_output = True print_differences_warning(filename, lineno, teoric_exit.rstrip(), rule_output, cmd) @@ -846,6 +849,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): return [ret, warning, error, unit_tests] warning += 1 + retest_output = True print_differences_warning(filename, lineno, teoric_exit.rstrip(), rule_output, cmd) @@ -853,6 +857,26 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path): if not force_all_family_option: return [ret, warning, error, unit_tests] + if retest_output: + table_flush(table, filename, lineno) + + # Add rule and check return code + cmd = "add rule %s %s %s" % (table, chain, rule_output.rstrip()) + ret = execute_cmd(cmd, filename, lineno, payload_log, debug="netlink") + + if ret != 0: + test_state = "Replaying rule failed." + reason = cmd + ": " + test_state + print_warning(reason, filename, lineno) + ret = -1 + error += 1 + if not force_all_family_option: + return [ret, warning, error, unit_tests] + # Check for matching payload + elif not payload_check(table_payload_expected, + payload_log, cmd): + error += 1 + if not enable_json_option: continue |