diff options
author | Phil Sutter <phil@nwl.cc> | 2017-08-15 01:43:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-08-15 12:36:11 +0200 |
commit | b2506e5504fed23ca9229ea398cab8998aa03712 (patch) | |
tree | ce41bfbe414f660041837fb289799cbb2c2ba1ca /tests | |
parent | 0155bc4df3e9985e4784baff7752959e1b817900 (diff) |
tests: Merge monitor and echo test suites
The two test suites were pretty similar already, and since echo output
is supposed to be identical to monitor output apart from delete
commands, they can be merged together with litte effort.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/echo/run-tests.sh | 45 | ||||
-rw-r--r-- | tests/echo/testcases/simple.t | 12 | ||||
-rwxr-xr-x | tests/monitor/run-tests.sh | 107 | ||||
-rw-r--r-- | tests/monitor/testcases/simple.t | 20 |
4 files changed, 96 insertions, 88 deletions
diff --git a/tests/echo/run-tests.sh b/tests/echo/run-tests.sh deleted file mode 100755 index da7934d1..00000000 --- a/tests/echo/run-tests.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -cd $(dirname $0) -nft=../../src/nft -nft_opts="-nn -a --echo" -debug=false - -debug_echo() { - $debug || return - - echo "$@" -} - -trap "$nft flush ruleset" EXIT - -for testcase in testcases/*.t; do - echo "running tests from file $(basename $testcase)" - # files are like this: - # - # <input command>[;;<output regexp>] - - $nft flush ruleset - - while read line; do - [[ -z "$line" || "$line" == "#"* ]] && continue - - # XXX: this only works if there is no semicolon in output - input="${line%;;*}" - output="${line##*;;}" - - [[ -z $output ]] && output="$input" - - debug_echo "calling '$nft $nft_opts $input'" - cmd_out=$($nft $nft_opts $input) - # strip trailing whitespace (happens when adding a named set) - cmd_out="${cmd_out% }" - debug_echo "got output '$cmd_out'" - [[ $cmd_out == $output ]] || { - echo "Warning: Output differs:" - echo "# nft $nft_opts $input" - echo "- $output" - echo "+ $cmd_out" - } - done <$testcase -done diff --git a/tests/echo/testcases/simple.t b/tests/echo/testcases/simple.t deleted file mode 100644 index 566fd7e0..00000000 --- a/tests/echo/testcases/simple.t +++ /dev/null @@ -1,12 +0,0 @@ -add table ip t -add chain ip t c - -# note the added handle output -add rule ip t c accept;;add rule ip t c accept # handle * -add rule ip t c tcp dport { 22, 80, 443 } accept;;add rule ip t c tcp dport { 22, 80, 443 } accept # handle * - -add set ip t ipset { type ipv4_addr; } -add element ip t ipset { 192.168.0.1 } - -# counter output comes with statistics -add counter ip t cnt;;add counter ip t cnt * diff --git a/tests/monitor/run-tests.sh b/tests/monitor/run-tests.sh index 9fd0e504..23d4e212 100755 --- a/tests/monitor/run-tests.sh +++ b/tests/monitor/run-tests.sh @@ -1,8 +1,9 @@ #!/bin/bash cd $(dirname $0) - nft=../../src/nft +debug=false + mydiff() { diff -w -I '^# ' "$@" } @@ -20,20 +21,38 @@ output_file=$(mktemp -p $testdir) cmd_append() { echo "$*" >>$command_file } -output_append() { +monitor_output_append() { [[ "$*" == '-' ]] && { cat $command_file >>$output_file return } echo "$*" >>$output_file } -run_test() { +echo_output_append() { + # this is a bit tricky: for replace commands, nft prints a delete + # command - so in case there is a replace command in $command_file, + # just assume any other commands in the same file are sane + grep -q '^replace' $command_file >/dev/null 2>&1 && { + monitor_output_append "$*" + return + } + [[ "$*" == '-' ]] && { + grep '^\(add\|replace\|insert\)' $command_file >>$output_file + return + } + [[ "$*" =~ ^add|replace|insert ]] && echo "$*" >>$output_file +} +monitor_run_test() { monitor_output=$(mktemp -p $testdir) - $nft monitor >$monitor_output & + $nft -nn monitor >$monitor_output & monitor_pid=$! sleep 0.5 + $debug && { + echo "command file:" + cat $command_file + } $nft -f $command_file || { echo "nft command failed!" kill $monitor_pid @@ -54,33 +73,59 @@ run_test() { touch $output_file } -for testcase in testcases/*.t; do - echo "running tests from file $(basename $testcase)" - # files are like this: - # - # I add table ip t - # O add table ip t - # I add chain ip t c - # O add chain ip t c +echo_run_test() { + echo_output=$(mktemp -p $testdir) + $debug && { + echo "command file:" + cat $command_file + } + $nft -nn -e -f $command_file >$echo_output || { + echo "nft command failed!" + exit 1 + } + if ! mydiff -q $echo_output $output_file >/dev/null 2>&1; then + echo "echo output differs!" + mydiff -u $output_file $echo_output + exit 1 + fi + rm $command_file + rm $output_file + touch $command_file + touch $output_file +} + +for variant in monitor echo; do + run_test=${variant}_run_test + output_append=${variant}_output_append + + for testcase in testcases/*.t; do + echo "$variant: running tests from file $(basename $testcase)" + # files are like this: + # + # I add table ip t + # O add table ip t + # I add chain ip t c + # O add chain ip t c - $nft flush ruleset + $nft flush ruleset - input_complete=false - while read dir line; do - case $dir in - I) - $input_complete && run_test - input_complete=false - cmd_append "$line" - ;; - O) - input_complete=true - output_append "$line" - ;; - '#'|'') - # ignore comments and empty lines - ;; - esac - done <$testcase - $input_complete && run_test + input_complete=false + while read dir line; do + case $dir in + I) + $input_complete && $run_test + input_complete=false + cmd_append "$line" + ;; + O) + input_complete=true + $output_append "$line" + ;; + '#'|'') + # ignore comments and empty lines + ;; + esac + done <$testcase + $input_complete && $run_test + done done diff --git a/tests/monitor/testcases/simple.t b/tests/monitor/testcases/simple.t new file mode 100644 index 00000000..e4dc073e --- /dev/null +++ b/tests/monitor/testcases/simple.t @@ -0,0 +1,20 @@ +# first the setup +I add table ip t +I add chain ip t c +O - + +I add rule ip t c accept +O - + +I add rule ip t c tcp dport { 22, 80, 443 } accept +O - + +I insert rule ip t c counter accept +O add rule ip t c counter packets 0 bytes 0 accept + +I replace rule ip t c handle 2 accept comment "foo bar" +O delete rule ip t c handle 2 +O add rule ip t c accept comment "foo bar" + +I add counter ip t cnt +O add counter ip t cnt { packets 0 bytes 0 } |