summaryrefslogtreecommitdiffstats
path: root/iptables/tests/shell
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-08-31 12:29:57 +0200
committerFlorian Westphal <fw@strlen.de>2018-09-01 10:12:40 +0200
commitb6a06c1a215f867f7eee4a3f2f40ec14028fe186 (patch)
treea941776217826cb296c2477e403747f8397437a1 /iptables/tests/shell
parent3bb497c61d743ba811e7f501e54cc5071216e1f5 (diff)
xtables: Align return codes with legacy iptables
Make sure return codes match legacy ones at least for a few selected commands typically used to check ruleset state. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/tests/shell')
-rwxr-xr-xiptables/tests/shell/testcases/ip6tables/0004-return-codes_038
-rwxr-xr-xiptables/tests/shell/testcases/iptables/0004-return-codes_038
2 files changed, 76 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 b/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0
new file mode 100755
index 00000000..f023b791
--- /dev/null
+++ b/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# make sure error return codes are as expected useful cases
+# (e.g. commands to check ruleset state)
+
+global_rc=0
+
+cmd() { # (rc, cmd, [args ...])
+ rc_exp=$1; shift
+
+ $XT_MULTI "$@"
+ rc=$?
+
+ [ $rc -eq $rc_exp ] || {
+ echo "---> expected $rc_exp, got $rc for command '$@'"
+ global_rc=1
+ }
+}
+
+# test chain creation
+cmd 0 ip6tables -N foo
+cmd 1 ip6tables -N foo
+# iptables-nft allows this - bug or feature?
+#cmd 2 ip6tables -N "invalid name"
+
+# test rule adding
+cmd 0 ip6tables -A INPUT -j ACCEPT
+cmd 1 ip6tables -A noexist -j ACCEPT
+
+# test rule checking
+cmd 0 ip6tables -C INPUT -j ACCEPT
+cmd 1 ip6tables -C FORWARD -j ACCEPT
+cmd 1 ip6tables -C nonexist -j ACCEPT
+cmd 2 ip6tables -C INPUT -j foobar
+cmd 2 ip6tables -C INPUT -m foobar -j ACCEPT
+cmd 3 ip6tables -t foobar -C INPUT -j ACCEPT
+
+exit $global_rc
diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
new file mode 100755
index 00000000..34dffeee
--- /dev/null
+++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# make sure error return codes are as expected useful cases
+# (e.g. commands to check ruleset state)
+
+global_rc=0
+
+cmd() { # (rc, cmd, [args ...])
+ rc_exp=$1; shift
+
+ $XT_MULTI "$@"
+ rc=$?
+
+ [ $rc -eq $rc_exp ] || {
+ echo "---> expected $rc_exp, got $rc for command '$@'"
+ global_rc=1
+ }
+}
+
+# test chain creation
+cmd 0 iptables -N foo
+cmd 1 iptables -N foo
+# iptables-nft allows this - bug or feature?
+#cmd 2 iptables -N "invalid name"
+
+# test rule adding
+cmd 0 iptables -A INPUT -j ACCEPT
+cmd 1 iptables -A noexist -j ACCEPT
+
+# test rule checking
+cmd 0 iptables -C INPUT -j ACCEPT
+cmd 1 iptables -C FORWARD -j ACCEPT
+cmd 1 iptables -C nonexist -j ACCEPT
+cmd 2 iptables -C INPUT -j foobar
+cmd 2 iptables -C INPUT -m foobar -j ACCEPT
+cmd 3 iptables -t foobar -C INPUT -j ACCEPT
+
+exit $global_rc