diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2016-03-17 09:34:47 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-17 16:42:00 +0100 |
commit | 77a74837312ee4e453d379d5ea8bd5a823b4c6fe (patch) | |
tree | 40283d095da1215140b4f0036b30b9ce37116622 /tests/shell | |
parent | 609ae5bbc410e3817d5968a5070c7ede33921240 (diff) |
tests/shell: unload modules between tests
This patch adjusts the main test script so it unload all nftables
kernel modules between tests.
This way we achieve two interesting things:
* avoid false errors in some testcases due to module loading order
* test the module loading/unloading path itself
The false positives is for example, listing ruleset per families, which depends
on the loading order of nf_tables_xx modules.
We can later add more modules to unload incrementally (for
example nf_tables_switchdev).
This patch assumes we are working with a kernel which is compiled with
nf_tables =m, the case using =y is not supported and can still produce false
positives in some testcases due to module ordering.
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/run-tests.sh | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index df2670b1..c08a3eb6 100755 --- a/tests/shell/run-tests.sh +++ b/tests/shell/run-tests.sh @@ -37,16 +37,37 @@ if [ ! -x "$FIND" ] ; then msg_error "no find binary found" fi +MODPROBE="$(which modprobe)" +if [ ! -x "$MODPROBE" ] ; then + msg_error "no modprobe binary found" +fi + if [ "$1" == "-v" ] ; then VERBOSE=y fi +kernel_cleanup() { + $NFT flush ruleset + $MODPROBE -rq \ + nft_reject_ipv4 nft_reject_ipv6 nft_bridge_reject \ + nft_reject_ipv6 nft_reject \ + nft_redir_ipv4 nft_redir_ipv6 nft_redir \ + nft_dup_ipv4 nft_dup_ipv6 nft_dup \ + nft_nat_ipv4 nft_nat_ipv6 nft_nat \ + nft_masq_ipv4 nft_masq_ipv6 nft_masq \ + nft_exthdr nft_payload nft_cmp \ + nft_meta nft_bridge_meta nft_counter nft_log nft_limit \ + nft_hash nft_rbtree nft_ct nft_compat \ + nf_tables_inet nf_tables_bridge nf_tables_arp \ + nf_tables_ipv4 nf_tables_ipv6 nf_tables +} + echo "" ok=0 failed=0 for testfile in $(${FIND} ${TESTDIR} -executable -regex .*${RETURNCODE_SEPARATOR}[0-9]+) do - $NFT flush ruleset + kernel_cleanup rc_spec=$(awk -F${RETURNCODE_SEPARATOR} '{print $NF}' <<< $testfile) test_output=$(NFT=$NFT ${testfile} ${TESTS_OUTPUT} 2>&1) @@ -69,4 +90,4 @@ done echo "" msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" -$NFT flush ruleset +kernel_cleanup |