diff options
author | Arushi Singhal <arushisinghal19971997@gmail.com> | 2018-06-09 23:04:27 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-12 19:50:58 +0200 |
commit | 38b4166d2f7e1cbd9b4e62805b7fad6352710131 (patch) | |
tree | c5fcdd81f5c7be37d66081088dacfef5235fb825 | |
parent | 1e6427abc0221a5e7ed3f943cbf05acb8682c721 (diff) |
iptables: tests: shell: add shell test-suite
To run the test suite (as root):
% cd iptables/tests/shell
% ./run-tests.sh
Test files are executables files with the pattern <<name_N>> , where
N is the expected return code of the executable. Since they are
located with `find', test-files can be spreaded in any sub-directories.
You can turn on a verbose execution by calling:
% ./run-tests.sh -v
Before each call to the test-files, `kernel_cleanup' will be called.
Also, test-files will receive the environment variable $IPTABLES which
contains the path to the iptables binary being tested.
You can pass an arbitrary $IPTABLES value as well:
% IPTABLES=/../../xtables-multi iptables ./run-tests.sh
Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rwxr-xr-x | iptables/tests/shell/run-tests.sh | 129 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/chain/0001duplicate_1 | 11 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/chain/0002duplicate_0 | 11 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/chain/0003duplicate_1 | 11 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/chain/0004rename_0 | 6 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/chain/0005rename_1 | 12 |
6 files changed, 180 insertions, 0 deletions
diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh new file mode 100755 index 00000000..cf5cbdc3 --- /dev/null +++ b/iptables/tests/shell/run-tests.sh @@ -0,0 +1,129 @@ +#!/bin/bash + +#configuration +TESTDIR="./$(dirname $0)/" +RETURNCODE_SEPARATOR="_" +XTABLES_MULTI="$(dirname $0)/../../xtables-multi" +DIFF=$(which diff) + +msg_error() { + echo "E: $1 ..." >&2 + exit 1 +} + +msg_warn() { + echo "W: $1" >&2 +} + +msg_info() { + echo "I: $1" +} + +if [ "$(id -u)" != "0" ] ; then + msg_error "this requires root!" +fi + +[ -z "$IPTABLES" ] && IPTABLES=$XTABLES_MULTI +if [ ! -x "$IPTABLES" ] ; then + msg_error "no xtables-multi binary!" +else + msg_info "using xtables-multi binary $IPTABLES" +fi + +if [ ! -d "$TESTDIR" ] ; then + msg_error "missing testdir $TESTDIR" +fi + +FIND="$(which find)" +if [ ! -x "$FIND" ] ; then + msg_error "no find binary found" +fi + +MODPROBE="$(which modprobe)" +if [ ! -x "$MODPROBE" ] ; then + msg_error "no modprobe binary found" +fi + +DEPMOD="$(which depmod)" +if [ ! -x "$DEPMOD" ] ; then + msg_error "no depmod binary found" +fi + +if [ "$1" == "-v" ] ; then + VERBOSE=y + shift +fi + +for arg in "$@"; do + if grep ^.*${RETURNCODE_SEPARATOR}[0-9]\\+$ <<< $arg >/dev/null ; then + SINGLE+=" $arg" + VERBOSE=y + else + msg_error "unknown parameter '$arg'" + fi +done + +kernel_cleanup() { + for it in iptables ip6tables; do + for table in filter mangle nat raw; do + $it -t $table -nL >/dev/null 2>&1 || continue # non-existing table + $it -t $table -F # delete rules + $it -t $table -X # delete custom chains + $it -t $table -Z # zero counters + done + done + $DEPMOD -a + $MODPROBE -raq \ + ip_tables iptable_nat iptable_mangle ipt_REJECT +} + +find_tests() { + if [ ! -z "$SINGLE" ] ; then + echo $SINGLE + return + fi + ${FIND} ${TESTDIR} -executable -regex \ + .*${RETURNCODE_SEPARATOR}[0-9]+ | sort +} + + +echo "" +ok=0 +failed=0 + +for testfile in $(find_tests) +do + + for it in iptables ip6tables; do + kernel_cleanup + rc_spec=`echo $(basename ${testfile}) | cut -d _ -f2-` + IPTABLES="$XTABLES_MULTI $it" + + msg_info "[EXECUTING] $testfile" + test_output=$(IPTABLES=$IPTABLES ${testfile} 2>&1) + rc_got=$? + echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line + + if [ "$rc_got" == "$rc_spec" ] ; then + msg_info "[OK] $testfile" + [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output" + ((ok++)) + + else + ((failed++)) + if [ "$VERBOSE" == "y" ] ; then + msg_warn "[FAILED] $testfile: expected $rc_spec but got $rc_got" + [ ! -z "$test_output" ] && echo "$test_output" + else + msg_warn "[FAILED] $testfile" + fi + fi + + done +done + +echo "" +msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" + +kernel_cleanup +exit 0 diff --git a/iptables/tests/shell/testcases/chain/0001duplicate_1 b/iptables/tests/shell/testcases/chain/0001duplicate_1 new file mode 100755 index 00000000..6d42cecf --- /dev/null +++ b/iptables/tests/shell/testcases/chain/0001duplicate_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$IPTABLES -t filter -N c1 +$IPTABLES -t filter -N c1 + +if [ $? -eq 0 ]; then + echo "E: Duplicate chains" >&2 + exit 0 +fi diff --git a/iptables/tests/shell/testcases/chain/0002duplicate_0 b/iptables/tests/shell/testcases/chain/0002duplicate_0 new file mode 100755 index 00000000..6d42cecf --- /dev/null +++ b/iptables/tests/shell/testcases/chain/0002duplicate_0 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$IPTABLES -t filter -N c1 +$IPTABLES -t filter -N c1 + +if [ $? -eq 0 ]; then + echo "E: Duplicate chains" >&2 + exit 0 +fi diff --git a/iptables/tests/shell/testcases/chain/0003duplicate_1 b/iptables/tests/shell/testcases/chain/0003duplicate_1 new file mode 100755 index 00000000..6d42cecf --- /dev/null +++ b/iptables/tests/shell/testcases/chain/0003duplicate_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$IPTABLES -t filter -N c1 +$IPTABLES -t filter -N c1 + +if [ $? -eq 0 ]; then + echo "E: Duplicate chains" >&2 + exit 0 +fi diff --git a/iptables/tests/shell/testcases/chain/0004rename_0 b/iptables/tests/shell/testcases/chain/0004rename_0 new file mode 100755 index 00000000..a85369a5 --- /dev/null +++ b/iptables/tests/shell/testcases/chain/0004rename_0 @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e + +$IPTABLES -N c1 +$IPTABLES -E c1 c2 diff --git a/iptables/tests/shell/testcases/chain/0005rename_1 b/iptables/tests/shell/testcases/chain/0005rename_1 new file mode 100755 index 00000000..7261b6dc --- /dev/null +++ b/iptables/tests/shell/testcases/chain/0005rename_1 @@ -0,0 +1,12 @@ +#!/bin/bash + +set -e + +$IPTABLES -N c1 +$IPTABLES -N c2 +$IPTABLES -E c1 c2 + +if [ $? -eq 0 ] ; then + echo "E: Renamed with existing chain" >&2 + exit 0 +fi |