From 9ff99156b63ee39af3e8fce5ae5b0a2e2e8f0170 Mon Sep 17 00:00:00 2001
From: Taehee Yoo <ap420073@gmail.com>
Date: Thu, 1 Nov 2018 23:32:50 +0900
Subject: iptables-test: fix netns test

The libxt_rateest test always fails because dependent command is not
executed in netns.

(@iptables -I INPUT -j RATEEST --rateest-name RE1 --rateest-interval \
 250.0ms --rateest-ewmalog 500.0ms)

After this path, adding netns command is executed first.
Then test commands are executed.

Fixes: 0123183f43a9 ("iptables-test: add -N option to exercise netns removal path")
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables-test.py | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

(limited to 'iptables-test.py')

diff --git a/iptables-test.py b/iptables-test.py
index 5e6bfb7e..331fe59d 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -147,12 +147,6 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns):
 
     return delete_rule(iptables, rule, filename, lineno)
 
-def run_test_netns(iptables, rule, rule_save, res, filename, lineno):
-    execute_cmd("ip netns add ____iptables-container-test", filename, lineno)
-    ret = run_test(iptables, rule, rule_save, res, filename, lineno, True)
-    execute_cmd("ip netns del ____iptables-container-test", filename, lineno)
-    return ret
-
 def execute_cmd(cmd, filename, lineno):
     '''
     Executes a command, checking for segfaults and returning the command exit
@@ -207,6 +201,9 @@ def run_test_file(filename, netns):
     table = ""
     total_test_passed = True
 
+    if netns:
+        execute_cmd("ip netns add ____iptables-container-test", filename, 0)
+
     for lineno, line in enumerate(f):
         if line[0] == "#":
             continue
@@ -218,6 +215,8 @@ def run_test_file(filename, netns):
         # external non-iptables invocation, executed as is.
         if line[0] == "@":
             external_cmd = line.rstrip()[1:]
+            if netns:
+                external_cmd = "ip netns exec ____iptables-container-test " + EXECUTEABLE + " " + external_cmd
             execute_cmd(external_cmd, filename, lineno)
             continue
 
@@ -245,13 +244,8 @@ def run_test_file(filename, netns):
                 rule_save = chain + " " + item[1]
 
             res = item[2].rstrip()
-
-            if netns:
-                ret = run_test_netns(iptables, rule, rule_save,
-                                     res, filename, lineno + 1)
-            else:
-                ret = run_test(iptables, rule, rule_save,
-                               res, filename, lineno + 1, False)
+            ret = run_test(iptables, rule, rule_save,
+                           res, filename, lineno + 1, netns)
 
             if ret < 0:
                 test_passed = False
@@ -261,6 +255,8 @@ def run_test_file(filename, netns):
         if test_passed:
             passed += 1
 
+    if netns:
+        execute_cmd("ip netns del ____iptables-container-test", filename, 0)
     if total_test_passed:
         print filename + ": " + Colors.GREEN + "OK" + Colors.ENDC
 
-- 
cgit v1.2.3