summaryrefslogtreecommitdiffstats
path: root/tests/shell/run-tests.sh
Commit message (Collapse)AuthorAgeFilesLines
* tests/shell: Allow to specify multiple testcasesPhil Sutter2018-03-201-4/+6
| | | | | | | | | | | Extend run-tests.sh a bit so that all remaining arguments after option parsing are treated as filenames to test and complain if one doesn't seem like such. This allows for doing stuff like: | ./run-tests.sh testcases/include/000* Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: Use custom nft binary for ruleset listingPhil Sutter2018-03-161-1/+1
| | | | | | | | Don't assume the system's nft binary is able to correctly list rulesets generated in tests. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: autogenerate dump verificationLaura Garcia Liebana2018-03-091-7/+39
| | | | | | | | | | | | | | | | | | | | Complete the automated shell tests with the verification of the test file dump, only for positive tests and if the test execution was successful. It's able to generate the dump file with the -g option. Example: # ./run-tests.sh -g testcases/chains/0001jumps_0 The dump files are generated in the same path in the folder named dumps/ with .nft extension. It has been avoided the dump verification code in every test file. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: add flowtable testsPablo Neira Ayuso2018-03-051-1/+3
| | | | | | Add basic flowtable tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: shell: update shell/run-tests.sh to refer to relative path of testcaseHarsha Sharma2017-10-091-1/+1
| | | | | | | | Refer to relative path for tests from any directory if path for testcases is specified. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: shell: execute shell/run-tests.sh from any directoryHarsha Sharma2017-10-061-1/+1
| | | | | | | Update shell/run-tests.sh to refer /src/nft with a relative path Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: remove nft_set_bitmap on each runPablo Neira Ayuso2017-02-161-1/+1
| | | | | | Update shell/run-tests.sh to remove this new module too. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: allow to execute a single testcaseArturo Borrero Gonzalez2016-11-241-0/+11
| | | | | | | | | | | | | Using, for example: % sudo ./run-tests.sh testcase/mytest_0 Will result in an execution of this single testcase rather than the complete suite. This is useful while working with a concrete testcase. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rt: introduce routing expressionAnders K. Pedersen2016-10-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce rt expression for routing related data with support for nexthop (i.e. the directly connected IP address that an outgoing packet is sent to), which can be used either for matching or accounting, eg. # nft add rule filter postrouting \ ip daddr 192.168.1.0/24 rt nexthop != 192.168.0.1 drop This will drop any traffic to 192.168.1.0/24 that is not routed via 192.168.0.1. # nft add rule filter postrouting \ flow table acct { rt nexthop timeout 600s counter } # nft add rule ip6 filter postrouting \ flow table acct { rt nexthop timeout 600s counter } These rules count outgoing traffic per nexthop. Note that the timeout releases an entry if no traffic is seen for this nexthop within 10 minutes. # nft add rule inet filter postrouting \ ether type ip \ flow table acct { rt nexthop timeout 600s counter } # nft add rule inet filter postrouting \ ether type ip6 \ flow table acct { rt nexthop timeout 600s counter } Same as above, but via the inet family, where the ether type must be specified explicitly. "rt classid" is also implemented identical to "meta rtclassid", since it is more logical to have this match in the routing expression going forward. Signed-off-by: Anders K. Pedersen <akp@cohaesio.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: update kernel modules to cleanArturo Borrero Gonzalez2016-10-211-2/+4
| | | | | | | | | | | | | | | Let's keep the kernel_cleanup() function updated with latest kernel changes: * added nft_quota, nft_queue, nft_numgen, nft_range * rename nft_hash to nft_set_hash * keep nft_hash as well * rename nft_rbtree to nft_set_rbtree The idea is to run each test in a clean evironment. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: run-tests.sh: use src/nft binary by defaultArturo Borrero2016-06-231-1/+2
| | | | | | | | Better use the local tree nft binary rather than the installed one. Requested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: delete unused variable in run-tests.shArturo Borrero2016-06-151-1/+1
| | | | | | | | | This ${TESTS_OUTPUT} variable is empty. Delete it. It was probably an idea about dinamically redirecting testscases output. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell/run-tests.sh: print hint about testcase being executedArturo Borrero2016-05-131-0/+4
| | | | | | | | | | | Print a line with the name of the testcase being executed, and then delete it with the result. There are tests which may take a long time and its good to know what is doing the testsuite. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell/run-tests.sh: execute tests in sorted orderArturo Borrero2016-05-131-1/+6
| | | | | | | | | Let's sort tests files before iterating over them. Put the find string in a separated function so it's more readable. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: shell: also unload NAT modulesArturo Borrero2016-04-131-0/+1
| | | | | | | Also unload NAT modules between tests. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell/run-tests.sh: tune kernel cleanupArturo Borrero2016-03-221-6/+5
| | | | | | | | | | | | | | | | | The modprobe call can return != 0 if, for example, a module was builtin and we are triying to remove it, so force return code of 0 at the end of the script. This patch also adds the '-a' switch to modprobe so it doesn't stop unloading modules if one of them fails (for example, it was builtin). While at it, fix several module names, for example: 'nft_bridge_reject' vs 'nft_reject_bridge', delete bogus module names. Reported-by: Piyush Pangtey <gokuvsvegita@gmail.com> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tested-by: Piyush Pangtey <gokuvsvegita@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: unload modules between testsArturo Borrero2016-03-171-2/+23
| | | | | | | | | | | | | | | | | | | | | | | This patch adjusts the main test script so it unload all nftables kernel modules between tests. This way we achieve two interesting things: * avoid false errors in some testcases due to module loading order * test the module loading/unloading path itself The false positives is for example, listing ruleset per families, which depends on the loading order of nf_tables_xx modules. We can later add more modules to unload incrementally (for example nf_tables_switchdev). This patch assumes we are working with a kernel which is compiled with nf_tables =m, the case using =y is not supported and can still produce false positives in some testcases due to module ordering. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/: add shell test-suiteArturo Borrero2015-12-181-0/+72
This new test-suite is intended to perform tests of higher level than the other reggresion test-suite. It can run arbitrary executables which can perform any test apart of testing the nft syntax or netlink code (which is what the regression tests does). To run the test suite (as root): % cd tests/shell % ./run-tests.sh Test files are executables files with the pattern <<name_N>>, where N is the expected return code of the executable. Since they are located with `find', test-files can be spreaded in any sub-directories. You can turn on a verbose execution by calling: % ./run-tests.sh -v Before each call to the test-files, `nft flush ruleset' will be called. Also, test-files will receive the environment variable $NFT which contains the path to the nftables binary being tested. You can pass an arbitrary $NFT value as well: % NFT=../../src/nft ./run-tests.sh Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>