summaryrefslogtreecommitdiffstats
path: root/iptables-test.py
Commit message (Collapse)AuthorAgeFilesLines
* tests: iptables-test: Fix conditional colors on stderrHEADmasterPhil Sutter12 hours1-4/+5
| | | | | | | | | | Štěpán's patch to make colored output depend on whether output is a TTY clashed with my change to print errors to stderr instead of stdout. Fix this by telling maybe_colored() if it should print colors or not as only caller knows where output is sent to. Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test.py: print with color escapes only when stdout isattyŠtěpán Němec10 days1-10/+13
| | | | | | | | When the output doesn't go to a terminal (typical case: log files), the escape sequences are just noise. Signed-off-by: Štěpán Němec <snemec@redhat.com> Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: iptables-test: Exit non-zero on errorPhil Sutter10 days1-1/+2
| | | | | | If any test fails, return a non-zero exit code. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: iptables-test: Print errors to stderrPhil Sutter10 days1-4/+5
| | | | | | | No big deal, just pass the extra parameter to the four error print calls. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: iptables-test: Fix missing chain casePhil Sutter10 days1-2/+5
| | | | | | | | | If a chain line was really missing, Python complained about reference before assignment of 'chain_array' variable. While being at it, reuse print_error() function for reporting and allow to continue with the next input file instead of exiting. Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test: Make netns spawning more robustPhil Sutter2021-08-111-7/+30
| | | | | | | On systems without unshare Python module, try to call unshare binary with oneself as parameters. Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test.py: Try to unshare netns by defaultPhil Sutter2020-11-171-0/+7
| | | | | | | | If user did not explicitly requst to "test netnamespace path", try an import of 'unshare' module and call unshare() to avoid killing the local host's network by accident. Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test.py: Accept multiple test files on commandlinePhil Sutter2020-11-171-2/+2
| | | | | | | | This allows to call the script like so: | # ./iptables-test.py -n extensions/libebt_*.t Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test: Don't choke on empty linesPhil Sutter2020-05-111-1/+1
| | | | | | | | | | | | | | | | | | | | The script code wasn't expecting empty lines: | Traceback (most recent call last): | File "./iptables-test.py", line 380, in <module> | main() | File "./iptables-test.py", line 370, in main | file_tests, file_passed = run_test_file(filename, args.netns) | File "./iptables-test.py", line 265, in run_test_file | if item[1] == "=": | IndexError: list index out of range Fix this by ignoring empty lines or those consisting of whitespace only. While being at it, remove the empty line from libxt_IDLETIMER.t which exposed the problem. Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test.py: Fix --host modePhil Sutter2020-02-241-3/+2
| | | | | | | | | In some cases, the script still called repo binaries. Avoid this when in --host mode to allow testing without the need to compile sources in beforehand. Fixes: 1b5d762c1865e ("iptables-test: Support testing host binaries") Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables-test: Run tests in lexical orderPhil Sutter2019-10-171-2/+6
| | | | | | | | To quickly see if a given test was run or not, sort the file list. Also filter non-test files right when preparing the list. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-test: Support testing host binariesPhil Sutter2019-09-151-2/+6
| | | | | | | | Introduce --host parameter to run the testsuite against host's binaries instead of built ones. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de>
* iptables-tests: fix python3Shekhar Sharma2019-06-261-11/+11
| | | | | | | | | This converts the iptables-test.py file to run on both python2 and python3. The error regarding out.find() has been fixed by using method .encode('utf-8') in its argument. Signed-off-by: Shekhar Sharma <shekhar250198@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* arptables: add basic test infra for arptables-nftFlorian Westphal2018-11-121-1/+10
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-tests: add % to run iptables commandsPablo Neira Ayuso2018-11-031-0/+8
| | | | | | | Lines starting by % allows you to run iptables commands, use it for rateest test. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-tests: do not append xtables-multi to external commandsPablo Neira Ayuso2018-11-031-1/+1
| | | | | | | | | Lines starting by @ can be used to invoke an external command of any kind. Do not add xtables-multi here since we may want to execute a non-iptables command. Fixes: 9ff99156b63e ("iptables-test: fix netns test") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add basic ebtables test supportFlorian Westphal2018-11-031-3/+10
| | | | | | | now that we have ebtables-save, lets add test cases for ebtables-nft as well. Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-test: fix netns testTaehee Yoo2018-11-011-13/+9
| | | | | | | | | | | | | | | | The libxt_rateest test always fails because dependent command is not executed in netns. (@iptables -I INPUT -j RATEEST --rateest-name RE1 --rateest-interval \ 250.0ms --rateest-ewmalog 500.0ms) After this path, adding netns command is executed first. Then test commands are executed. Fixes: 0123183f43a9 ("iptables-test: add -N option to exercise netns removal path") Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-test: add -N option to exercise netns removal pathPablo Neira Ayuso2018-10-201-6/+32
| | | | | | | We are getting bug reports lately from the netns path, add a new option to exercise this path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xtables: rename xt-multi binaries to -nft, -legacyFlorian Westphal2018-06-271-2/+4
| | | | | | | | | | | | | | This adds a clear distinction between old iptables (formerly xtables-multi, now xtables-legacy-multi) and new iptables (formerly xtables-compat-multi, now xtables-nft-multi). Users will get the ip/ip6tables names via symbolic links, having a distinct name postfix for the legacy/nft variants helps to make a clear distinction, as iptables-nft will always use nf_tables and iptables-legacy always uses get/setsockopt wheres "iptables" could be symlinked to either -nft or -legacy. Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-test: fix bug with rateestFlorian Westphal2018-05-071-2/+5
| | | | | | | | | | | | | | rateest test needs to insert rateest targets with @progname syntax. However, this used the system-installed binary rather than the one from git. Morever, it did not respect --nftables switch, i.e. add occurs with iptables so iptables-compat won't find it. Fixes: d7ac61b58e78 ("add nft switch and test binaries from git") Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-test: add nft switch and test binaries from gitFlorian Westphal2018-04-281-3/+14
| | | | | | | | | instead of testing the system-wide installed iptables, test the version from git instead. Also add a --nftables switch to feed the test cases to xt-compat. Signed-off-by: Florian Westphal <fw@strlen.de>
* add iptables unit test infrastructurePablo Neira Ayuso2013-10-071-0/+311
This patch adds a python script to verify unit test cases. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>