source-git / nftables

Clone
Source Code
GIT

Blame tests/shell/run-tests.sh

c8 c8s master
  1.   c22acc34cd1c63be0a3bd65bd8c23e5bc6b5e28b
  2.   tests
  3.   shell
  4.   run-tests.sh
Blob History Raw
Packit c5a612 
#!/bin/bash
Packit c5a612
Packit c5a612 
# Configuration
Packit c5a612 
TESTDIR="./$(dirname $0)/testcases"
Packit c5a612 
SRC_NFT="$(dirname $0)/../../src/nft"
Packit c5a612 
DIFF=$(which diff)
Packit c5a612
Packit c5a612 
msg_error() {
Packit c5a612 
	echo "E: $1 ..." >&2
Packit c5a612 
	exit 1
Packit c5a612 
}
Packit c5a612
Packit c5a612 
msg_warn() {
Packit c5a612 
	echo "W: $1" >&2
Packit c5a612 
}
Packit c5a612
Packit c5a612 
msg_info() {
Packit c5a612 
	echo "I: $1"
Packit c5a612 
}
Packit c5a612
Packit c5a612 
if [ "$(id -u)" != "0" ] ; then
Packit c5a612 
	msg_error "this requires root!"
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
[ -z "$NFT" ] && NFT=$SRC_NFT
Packit c5a612 
if [ ! -x "$NFT" ] ; then
Packit c5a612 
	msg_error "no nft binary!"
Packit c5a612 
else
Packit c5a612 
	msg_info "using nft binary $NFT"
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
if [ ! -d "$TESTDIR" ] ; then
Packit c5a612 
	msg_error "missing testdir $TESTDIR"
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
FIND="$(which find)"
Packit c5a612 
if [ ! -x "$FIND" ] ; then
Packit c5a612 
	msg_error "no find binary found"
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
MODPROBE="$(which modprobe)"
Packit c5a612 
if [ ! -x "$MODPROBE" ] ; then
Packit c5a612 
	msg_error "no modprobe binary found"
Packit c5a612 
fi
Packit c5a612
Packit Service c22acc 
DIFF="$(which diff)"
Packit Service c22acc 
if [ ! -x "$DIFF" ] ; then
Packit Service c22acc 
	DIFF=true
Packit Service c22acc 
fi
Packit Service c22acc
Packit c5a612 
if [ "$1" == "-v" ] ; then
Packit c5a612 
	VERBOSE=y
Packit c5a612 
	shift
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
if [ "$1" == "-g" ] ; then
Packit c5a612 
	DUMPGEN=y
Packit c5a612 
	shift
Packit c5a612 
fi
Packit c5a612
Packit c5a612 
for arg in "$@"; do
Packit c5a612 
	SINGLE+=" $arg"
Packit c5a612 
	VERBOSE=y
Packit c5a612 
done
Packit c5a612
Packit c5a612 
kernel_cleanup() {
Packit c5a612 
	$NFT flush ruleset
Packit c5a612 
	$MODPROBE -raq \
Packit c5a612 
	nft_reject_ipv4 nft_reject_bridge nft_reject_ipv6 nft_reject \
Packit c5a612 
	nft_redir_ipv4 nft_redir_ipv6 nft_redir \
Packit c5a612 
	nft_dup_ipv4 nft_dup_ipv6 nft_dup nft_nat \
Packit c5a612 
	nft_masq_ipv4 nft_masq_ipv6 nft_masq \
Packit c5a612 
	nft_exthdr nft_payload nft_cmp nft_range \
Packit c5a612 
	nft_quota nft_queue nft_numgen nft_osf nft_socket nft_tproxy \
Packit c5a612 
	nft_meta nft_meta_bridge nft_counter nft_log nft_limit \
Packit c5a612 
	nft_fib nft_fib_ipv4 nft_fib_ipv6 \
Packit c5a612 
	nft_hash nft_ct nft_compat nft_rt nft_objref \
Packit c5a612 
	nft_set_hash nft_set_rbtree nft_set_bitmap \
Packit c5a612 
	nft_chain_nat_ipv4 nft_chain_nat_ipv6 \
Packit c5a612 
	nft_chain_route_ipv4 nft_chain_route_ipv6 \
Packit c5a612 
	nft_dup_netdev nft_fwd_netdev \
Packit c5a612 
	nft_reject nft_reject_inet \
Packit c5a612 
	nf_tables_set nf_tables \
Packit c5a612 
	nf_flow_table nf_flow_table_ipv4 nf_flow_tables_ipv6 \
Packit c5a612 
	nf_flow_table_inet nft_flow_offload
Packit c5a612 
}
Packit c5a612
Packit c5a612 
find_tests() {
Packit c5a612 
	if [ ! -z "$SINGLE" ] ; then
Packit c5a612 
		echo $SINGLE
Packit c5a612 
		return
Packit c5a612 
	fi
Packit c5a612 
	${FIND} ${TESTDIR} -type f -executable | sort
Packit c5a612 
}
Packit c5a612
Packit c5a612 
echo ""
Packit c5a612 
ok=0
Packit c5a612 
failed=0
Packit c5a612 
for testfile in $(find_tests)
Packit c5a612 
do
Packit c5a612 
	kernel_cleanup
Packit c5a612
Packit c5a612 
	msg_info "[EXECUTING]	$testfile"
Packit Service c22acc 
	test_output=$(NFT=$NFT DIFF=$DIFF ${testfile} 2>&1)
Packit c5a612 
	rc_got=$?
Packit c5a612 
	echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line
Packit c5a612
Packit c5a612 
	if [ "$rc_got" -eq 0 ] ; then
Packit c5a612 
		# check nft dump only for positive tests
Packit c5a612 
		dumppath="$(dirname ${testfile})/dumps"
Packit c5a612 
		dumpfile="${dumppath}/$(basename ${testfile}).nft"
Packit c5a612 
		rc_spec=0
Packit c5a612 
		if [ "$rc_got" -eq 0 ] && [ -f ${dumpfile} ]; then
Packit c5a612 
			test_output=$(${DIFF} -u ${dumpfile} <($NFT list ruleset) 2>&1)
Packit c5a612 
			rc_spec=$?
Packit c5a612 
		fi
Packit c5a612
Packit c5a612 
		if [ "$rc_spec" -eq 0 ]; then
Packit c5a612 
			msg_info "[OK]		$testfile"
Packit c5a612 
			[ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output"
Packit c5a612 
			((ok++))
Packit c5a612
Packit c5a612 
			if [ "$DUMPGEN" == "y" ] && [ "$rc_got" == 0 ] && [ ! -f "${dumpfile}" ]; then
Packit c5a612 
				mkdir -p "${dumppath}"
Packit c5a612 
				nft list ruleset > "${dumpfile}"
Packit c5a612 
			fi
Packit c5a612 
		else
Packit c5a612 
			((failed++))
Packit c5a612 
			if [ "$VERBOSE" == "y" ] ; then
Packit c5a612 
				msg_warn "[DUMP FAIL]	$testfile: dump diff detected"
Packit c5a612 
				[ ! -z "$test_output" ] && echo "$test_output"
Packit c5a612 
			else
Packit c5a612 
				msg_warn "[DUMP FAIL]	$testfile"
Packit c5a612 
			fi
Packit c5a612 
		fi
Packit c5a612 
	else
Packit c5a612 
		((failed++))
Packit c5a612 
		if [ "$VERBOSE" == "y" ] ; then
Packit c5a612 
			msg_warn "[FAILED]	$testfile: got $rc_got"
Packit c5a612 
			[ ! -z "$test_output" ] && echo "$test_output"
Packit c5a612 
		else
Packit c5a612 
			msg_warn "[FAILED]	$testfile"
Packit c5a612 
		fi
Packit c5a612 
	fi
Packit c5a612 
done
Packit c5a612
Packit c5a612 
echo ""
Packit c5a612 
msg_info "results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))"
Packit c5a612
Packit c5a612 
kernel_cleanup
Packit c5a612 
exit $failed

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation