iptables-test: fix netns test

The libxt_rateest test always fails because dependent command is not executed in netns. (@iptables -I INPUT -j RATEEST --rateest-name RE1 --rateest-interval \ 250.0ms --rateest-ewmalog 500.0ms) After this path, adding netns command is executed first. Then test commands are executed. Fixes: 0123183f43a9 ("iptables-test: add -N option to exercise netns removal path") Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Taehee Yoo <ap420073@gmail.com> 2018-11-01 23:32:50 +0900
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-11-01 23:32:55 +0100
commit: 9ff99156b63ee39af3e8fce5ae5b0a2e2e8f0170 (patch)
tree: b4637e05ad000f46e56c3c73da3aa33bfb9b6f69 /iptables-test.py
parent: 8c918db6a7afc171fb2baf9c20ec6385940d2bfc (diff)
1 files changed, 9 insertions, 13 deletions
diff --git a/iptables-test.py b/iptables-test.py
index 5e6bfb7e..331fe59d 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -147,12 +147,6 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
 
     return delete_rule(iptables, rule, filename, lineno)
 
-def run_test_netns(iptables, rule, rule_save, res, filename, lineno):
-    execute_cmd("ip netns add ____iptables-container-test", filename, lineno)
-    ret = run_test(iptables, rule, rule_save, res, filename, lineno, True)
-    execute_cmd("ip netns del ____iptables-container-test", filename, lineno)
-    return ret
-
 def execute_cmd(cmd, filename, lineno):
     '''
     Executes a command, checking for segfaults and returning the command exit
@@ -207,6 +201,9 @@ def run_test_file(filename, netns):
     table = ""
     total_test_passed = True
 
+    if netns:
+        execute_cmd("ip netns add ____iptables-container-test", filename, 0)
+
     for lineno, line in enumerate(f):
         if line[0] == "#":
             continue
@@ -218,6 +215,8 @@ def run_test_file(filename, netns):
         # external non-iptables invocation, executed as is.
         if line[0] == "@":
             external_cmd = line.rstrip()[1:]
+            if netns:
+                external_cmd = "ip netns exec ____iptables-container-test " + EXECUTEABLE + " " + external_cmd
             execute_cmd(external_cmd, filename, lineno)
             continue
 
@@ -245,13 +244,8 @@ def run_test_file(filename, netns):
                 rule_save = chain + " " + item[1]
 
             res = item[2].rstrip()
-
-            if netns:
-                ret = run_test_netns(iptables, rule, rule_save,
-                                     res, filename, lineno + 1)
-            else:
-                ret = run_test(iptables, rule, rule_save,
-                               res, filename, lineno + 1, False)
+            ret = run_test(iptables, rule, rule_save,
+                           res, filename, lineno + 1, netns)
 
             if ret < 0:
                 test_passed = False
@@ -261,6 +255,8 @@ def run_test_file(filename, netns):
         if test_passed:
             passed += 1
 
+    if netns:
+        execute_cmd("ip netns del ____iptables-container-test", filename, 0)
     if total_test_passed:
         print filename + ": " + Colors.GREEN + "OK" + Colors.ENDC
author	Taehee Yoo <ap420073@gmail.com>	2018-11-01 23:32:50 +0900
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-11-01 23:32:55 +0100
commit	9ff99156b63ee39af3e8fce5ae5b0a2e2e8f0170 (patch)
tree	b4637e05ad000f46e56c3c73da3aa33bfb9b6f69 /iptables-test.py
parent	8c918db6a7afc171fb2baf9c20ec6385940d2bfc (diff)