summaryrefslogtreecommitdiffstats
path: root/qa
Commit message (Collapse)AuthorAgeFilesLines
* api: add connlabel api and attributeFlorian Westphal2013-05-064-6/+108
| | | | | | | | | | | | | | | | | | | | | | adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal <fw@strlen.de>
* api: add nfct_bitmask objectFlorian Westphal2013-05-061-0/+55
| | | | | | | | | | | | In order to use generic getter/setter API with upcoming conntrack label extension, add helper functions to set/test/unset bits in a vector of arbitrary size. Conntrack labels will then be encoded via nfct_bitmask object. Original idea from Pablo Neira Ayuso. Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: add final OK message after checking release of clone objectsPablo Neira Ayuso2013-03-041-0/+2
| | | | | | For consistency with other tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: fix bogus eror in test_apiPablo Neira Ayuso2013-03-041-2/+2
| | | | | | | | | | | | | Use buf[32] as struct nfct_attr_grp_ipv6 is 32 bytes long. That fixes: == validate set grp API == ERROR: set/get operations don't match for attribute 2 (2 != 1) ERROR: set/get operations don't match for attribute 3 (3 != 1) ERROR: set/get operations don't match for attribute 8 (8 != 1) Shows up with gcc 4.7.1. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix nfct_clone with certain attribute data typesFlorian Westphal2012-11-281-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | some attributes are pointers to malloc'd objects. Simply copying the pointer results in use-after free when the original or the clone is destroyed. Fix it by using nfct_copy instead of memcpy and add proper test case for cloned objects: - nfct_cmp of orig and clone should return 1 (equal) - freeing both the original and the clone should neither leak memory nor result in double-frees. the testsuite changes revealed a few more problems: - ct1->timeout == ct2->timeout returned 0, ie. same timeout was considered "not equal" by nfct_cmp - secctx comparision causes "Invalid address" valgrind warnings when pointer is NULL - NFCT_CP_OVERRIDE did not handle helper attribute and erronously freed ct1 secctx memory. While at it, bump qa_test data dummy to 256 (else, valgrind complains about move-depends-on-uninitialized-memory). Lastly, fix compilation of test_api by killing bogus ATTR_CONNLABEL. Signed-off-by: Florian Westphal <fw@strlen.de>
* qa: fix handling of ATTR_HELPER_INFO attributeFlorian Westphal2012-11-221-3/+10
| | | | | | The attribute is variable-length and must be thus be set via set_attr_l(). Signed-off-by: Florian Westphal <fw@strlen.de>
* Update .gitignoreJan Engelhardt2012-05-191-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* qa: change an if to elseifJan Engelhardt2012-05-191-1/+1
| | | | | | | The compiler is probably smart enough to see that the type cannot change, but make an "else" out of it, just for fun. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove unused LDFLAGSJan Engelhardt2012-05-191-4/+0
| | | | | | | "-ldl" is not needed since the programs themselves never use functions from libdl. Also, -dynamic is not required at all. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* qa: add test case for get/set ATTR_GRP_* APIPablo Neira Ayuso2012-04-301-1/+66
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: several improvements for the ct_stress toolsPablo Neira Ayuso2012-03-122-9/+21
| | | | | | | | This patch improves several aspects of the QA tools to stress the conntrack system via ctnetlink and to check reliable event delivery. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: add some stress tools to test conntrack via ctnetlinkPablo Neira Ayuso2012-03-063-1/+143
| | | | | | | | | | | | | | | | | | | | | ct_stress adds plenty of flows in assured state (worst case for the conntrack table). ct_events_reliable forces reliable event delivery. You have to use this tools together: ./ct_events_reliable & then: ./ct_stress 65535 # your ct table size If things go well, you will end up hitting ENOMEM. Both as root, of course. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expect: add nfexp_cmpPablo Neira Ayuso2012-01-041-1/+21
| | | | | | | | | This patch adds nfexp_cmp that allows you to compare two expectation objects. This includes the extension of test_api for this new function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expect: extend test_api for the expectation APIPablo Neira Ayuso2012-01-041-0/+52
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: extend test_api to validate set API for conntrack objectsPablo Neira Ayuso2012-01-041-0/+32
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: resolve compiler warningsJan Engelhardt2010-12-302-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | -Wall flags this: make test_api test_filter make[1]: Entering directory `/home/jengelh/code/libnetfilter_conntrack/qa' CC test_api.o test_api.c:16:8: warning: return type defaults to "int" test_api.c: In function "eval_sigterm": test_api.c:23:18: warning: too many arguments for format test_api.c: In function "main": test_api.c:55:2: warning: implicit declaration of function "fork" test_api.c:34:22: warning: unused variable "h" test_api.c:102:1: warning: control reaches end of non-void function test_api.c: In function "eval_sigterm": test_api.c:29:1: warning: control reaches end of non-void function CCLD test_api CC test_filter.o test_filter.c: In function "main": test_filter.c:58:4: warning: implicit declaration of function "inet_addr" test_filter.c:74:2: warning: implicit declaration of function "strerror" test_filter.c:74:2: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ test_filter.c:75:1: warning: control reaches end of non-void function CCLD test_filter make[1]: Leaving directory `/home/jengelh/code/libnetfilter_conntrack/qa' Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* utils: use sizeof(buf) over hardcoded numberJan Engelhardt2010-11-091-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Update .gitignoreJan Engelhardt2010-10-301-0/+2
|
* bsf: major rework of the BSF generation codePablo Neira Ayuso2008-11-252-1/+80
| | | | | | | | | | | | | | | | This patch reworks the BSF automatic generation code. This feature needs more love and it has several limitations like that the maximum number of IPs are 127 due to BSF code restrictions. See this patch as a first step forward. This patch also adds the stack data type, which is used to resolve jump dynamically instead of the previous static approach. This patch also includes fixes in the limitations, previous calculations were wrong. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: add test file to check for missing indirect function callsPablo Neira Ayuso2008-11-232-0/+109
This patch adds a rudimentary test file to check for possible unset indirect function calls. This automated test should be run after adding a new attribute. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>