tests/py: Check differing rule output for sanity

If an added rule's listing differs from the input (either expected or not), reinsert that output and check payload again to make sure the asymmetry doesn't lead to (internal) changes in ruleset. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2018-08-29 16:33:38 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-09-11 02:39:46 +0200
commit: d90daac1aec5f5233cecaffdcc2847b87896aef7 (patch)
tree: fb7f335b024663868c14524876445817d5f5195c /tests/py
parent: 35ea9534d425d762692fa7dbbe9ecbb34a27e216 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 4e69cd27..1837c9c9 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -823,8 +823,10 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
                 continue
 
             rule_output = output_clean(pre_output, chain)
+            retest_output = False
             if len(rule) == 3:
                 teoric_exit = rule[2]
+                retest_output = True
             else:
                 teoric_exit = rule[0]
 
@@ -833,6 +835,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
                     if set_check_element(teoric_exit.rstrip(),
                                          rule_output.rstrip()) != 0:
                         warning += 1
+                        retest_output = True
                         print_differences_warning(filename, lineno,
                                                   teoric_exit.rstrip(),
                                                   rule_output, cmd)
@@ -846,6 +849,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
                             return [ret, warning, error, unit_tests]
 
                     warning += 1
+                    retest_output = True
                     print_differences_warning(filename, lineno,
                                               teoric_exit.rstrip(),
                                               rule_output, cmd)
@@ -853,6 +857,26 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
                     if not force_all_family_option:
                         return [ret, warning, error, unit_tests]
 
+            if retest_output:
+                table_flush(table, filename, lineno)
+
+                # Add rule and check return code
+                cmd = "add rule %s %s %s" % (table, chain, rule_output.rstrip())
+                ret = execute_cmd(cmd, filename, lineno, payload_log, debug="netlink")
+
+                if ret != 0:
+                    test_state = "Replaying rule failed."
+                    reason = cmd + ": " + test_state
+                    print_warning(reason, filename, lineno)
+                    ret = -1
+                    error += 1
+                    if not force_all_family_option:
+                        return [ret, warning, error, unit_tests]
+                # Check for matching payload
+                elif not payload_check(table_payload_expected,
+                                       payload_log, cmd):
+                    error += 1
+
             if not enable_json_option:
                 continue
author	Phil Sutter <phil@nwl.cc>	2018-08-29 16:33:38 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-09-11 02:39:46 +0200
commit	d90daac1aec5f5233cecaffdcc2847b87896aef7 (patch)
tree	fb7f335b024663868c14524876445817d5f5195c /tests/py
parent	35ea9534d425d762692fa7dbbe9ecbb34a27e216 (diff)