summaryrefslogtreecommitdiffstats
path: root/tests/shell/run-tests.sh
diff options
context:
space:
mode:
authorArturo Borrero <arturo.borrero.glez@gmail.com>2016-03-17 09:34:47 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2016-03-17 16:42:00 +0100
commit77a74837312ee4e453d379d5ea8bd5a823b4c6fe (patch)
tree40283d095da1215140b4f0036b30b9ce37116622 /tests/shell/run-tests.sh
parent609ae5bbc410e3817d5968a5070c7ede33921240 (diff)
tests/shell: unload modules between tests
This patch adjusts the main test script so it unload all nftables kernel modules between tests. This way we achieve two interesting things: * avoid false errors in some testcases due to module loading order * test the module loading/unloading path itself The false positives is for example, listing ruleset per families, which depends on the loading order of nf_tables_xx modules. We can later add more modules to unload incrementally (for example nf_tables_switchdev). This patch assumes we are working with a kernel which is compiled with nf_tables =m, the case using =y is not supported and can still produce false positives in some testcases due to module ordering. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/run-tests.sh')
-rwxr-xr-xtests/shell/run-tests.sh25
1 files changed, 23 insertions, 2 deletions
diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index df2670b1..c08a3eb6 100755
--- a/tests/shell/run-tests.sh
+++ b/tests/shell/run-tests.sh
@@ -37,16 +37,37 @@ if [ ! -x "$FIND" ] ; then
msg_error "no find binary found"
fi
+MODPROBE="$(which modprobe)"
+if [ ! -x "$MODPROBE" ] ; then
+ msg_error "no modprobe binary found"
+fi
+
if [ "$1" == "-v" ] ; then
VERBOSE=y
fi
+kernel_cleanup() {
+ $NFT flush ruleset
+ $MODPROBE -rq \
+ nft_reject_ipv4 nft_reject_ipv6 nft_bridge_reject \
+ nft_reject_ipv6 nft_reject \
+ nft_redir_ipv4 nft_redir_ipv6 nft_redir \
+ nft_dup_ipv4 nft_dup_ipv6 nft_dup \
+ nft_nat_ipv4 nft_nat_ipv6 nft_nat \
+ nft_masq_ipv4 nft_masq_ipv6 nft_masq \
+ nft_exthdr nft_payload nft_cmp \
+ nft_meta nft_bridge_meta nft_counter nft_log nft_limit \
+ nft_hash nft_rbtree nft_ct nft_compat \
+ nf_tables_inet nf_tables_bridge nf_tables_arp \
+ nf_tables_ipv4 nf_tables_ipv6 nf_tables
+}
+
echo ""
ok=0
failed=0
for testfile in $(${FIND} ${TESTDIR} -executable -regex .*${RETURNCODE_SEPARATOR}[0-9]+)
do
- $NFT flush ruleset
+ kernel_cleanup
rc_spec=$(awk -F${RETURNCODE_SEPARATOR} '{print $NF}' <<< $testfile)
test_output=$(NFT=$NFT ${testfile} ${TESTS_OUTPUT} 2>&1)
@@ -69,4 +90,4 @@ done
echo ""
msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))"
-$NFT flush ruleset
+kernel_cleanup