summaryrefslogtreecommitdiffstats
path: root/iptables-test.py
Commit message (Collapse)AuthorAgeFilesLines
* arptables: add basic test infra for arptables-nftFlorian Westphal2018-11-121-1/+10
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-tests: add % to run iptables commandsPablo Neira Ayuso2018-11-031-0/+8
| | | | | | | Lines starting by % allows you to run iptables commands, use it for rateest test. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-tests: do not append xtables-multi to external commandsPablo Neira Ayuso2018-11-031-1/+1
| | | | | | | | | Lines starting by @ can be used to invoke an external command of any kind. Do not add xtables-multi here since we may want to execute a non-iptables command. Fixes: 9ff99156b63e ("iptables-test: fix netns test") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add basic ebtables test supportFlorian Westphal2018-11-031-3/+10
| | | | | | | now that we have ebtables-save, lets add test cases for ebtables-nft as well. Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-test: fix netns testTaehee Yoo2018-11-011-13/+9
| | | | | | | | | | | | | | | | The libxt_rateest test always fails because dependent command is not executed in netns. (@iptables -I INPUT -j RATEEST --rateest-name RE1 --rateest-interval \ 250.0ms --rateest-ewmalog 500.0ms) After this path, adding netns command is executed first. Then test commands are executed. Fixes: 0123183f43a9 ("iptables-test: add -N option to exercise netns removal path") Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-test: add -N option to exercise netns removal pathPablo Neira Ayuso2018-10-201-6/+32
| | | | | | | We are getting bug reports lately from the netns path, add a new option to exercise this path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xtables: rename xt-multi binaries to -nft, -legacyFlorian Westphal2018-06-271-2/+4
| | | | | | | | | | | | | | This adds a clear distinction between old iptables (formerly xtables-multi, now xtables-legacy-multi) and new iptables (formerly xtables-compat-multi, now xtables-nft-multi). Users will get the ip/ip6tables names via symbolic links, having a distinct name postfix for the legacy/nft variants helps to make a clear distinction, as iptables-nft will always use nf_tables and iptables-legacy always uses get/setsockopt wheres "iptables" could be symlinked to either -nft or -legacy. Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-test: fix bug with rateestFlorian Westphal2018-05-071-2/+5
| | | | | | | | | | | | | | rateest test needs to insert rateest targets with @progname syntax. However, this used the system-installed binary rather than the one from git. Morever, it did not respect --nftables switch, i.e. add occurs with iptables so iptables-compat won't find it. Fixes: d7ac61b58e78 ("add nft switch and test binaries from git") Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-test: add nft switch and test binaries from gitFlorian Westphal2018-04-281-3/+14
| | | | | | | | | instead of testing the system-wide installed iptables, test the version from git instead. Also add a --nftables switch to feed the test cases to xt-compat. Signed-off-by: Florian Westphal <fw@strlen.de>
* add iptables unit test infrastructurePablo Neira Ayuso2013-10-071-0/+311
This patch adds a python script to verify unit test cases. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>