1#!/bin/bash 2 3#configuration 4TESTDIR="./$(dirname $0)/" 5RETURNCODE_SEPARATOR="_" 6 7usage() { 8 cat <<EOF 9Usage: $(basename $0) [-v|--verbose] [-H|--host] [-V|--valgrind] 10 [[-l|--legacy]|[-n|--nft]] [testscript ...] 11 12-v | --verbose Enable verbose mode (do not drop testscript output). 13-H | --host Run tests against installed binaries in \$PATH, 14 not those built in this source tree. 15-V | --valgrind Enable leak checking via valgrind. 16-l | --legacy Test legacy variant only. Conflicts with --nft. 17-n | --nft Test nft variant only. Conflicts with --legacy. 18testscript Run only specific test(s). Implies --verbose. 19EOF 20} 21 22msg_error() { 23 echo "E: $1 ..." >&2 24} 25 26msg_warn() { 27 echo "W: $1" >&2 28} 29 30msg_info() { 31 echo "I: $1" 32} 33 34if [ "$(id -u)" != "0" ] ; then 35 msg_error "this requires root!" 36 exit 77 37fi 38 39if [ ! -d "$TESTDIR" ] ; then 40 msg_error "missing testdir $TESTDIR" 41 exit 99 42fi 43 44# support matching repeated pattern in SINGLE check below 45shopt -s extglob 46 47while [ -n "$1" ]; do 48 case "$1" in 49 -v|--verbose) 50 VERBOSE=y 51 shift 52 ;; 53 -H|--host) 54 HOST=y 55 shift 56 ;; 57 -l|--legacy) 58 LEGACY_ONLY=y 59 shift 60 ;; 61 -n|--nft) 62 NFT_ONLY=y 63 shift 64 ;; 65 -V|--valgrind) 66 VALGRIND=y 67 shift 68 ;; 69 -h|--help) 70 usage 71 exit 0 72 ;; 73 *${RETURNCODE_SEPARATOR}+([0-9])) 74 SINGLE+=" $1" 75 VERBOSE=y 76 shift 77 ;; 78 *) 79 msg_error "unknown parameter '$1'" 80 exit 99 81 ;; 82 esac 83done 84 85if [ "$HOST" != "y" ]; then 86 XTABLES_NFT_MULTI="$(dirname $0)/../../xtables-nft-multi" 87 XTABLES_LEGACY_MULTI="$(dirname $0)/../../xtables-legacy-multi" 88 89 export XTABLES_LIBDIR=${TESTDIR}/../../../extensions 90 91 # maybe this is 'make distcheck' calling us from a build tree 92 if [ ! -e "$XTABLES_NFT_MULTI" -a \ 93 ! -e "$XTABLES_LEGACY_MULTI" -a \ 94 -e "./iptables/xtables-nft-multi" -a \ 95 -e "./iptables/xtables-legacy-multi" ]; then 96 msg_warn "Running in separate build-tree, using binaries from $PWD/iptables" 97 XTABLES_NFT_MULTI="$PWD/iptables/xtables-nft-multi" 98 XTABLES_LEGACY_MULTI="$PWD/iptables/xtables-legacy-multi" 99 export XTABLES_LIBDIR="$PWD/extensions" 100 fi 101else 102 XTABLES_NFT_MULTI="xtables-nft-multi" 103 XTABLES_LEGACY_MULTI="xtables-legacy-multi" 104fi 105 106printscript() { # (cmd, tmpd) 107 cat <<EOF 108#!/bin/bash 109 110CMD="$1" 111 112# note: valgrind man page warns about --log-file with --trace-children, the 113# last child executed overwrites previous reports unless %p or %q is used. 114# Since libtool wrapper calls exec but none of the iptables tools do, this is 115# perfect for us as it effectively hides bash-related errors 116 117valgrind --log-file=$2/valgrind.log --trace-children=yes \ 118 --leak-check=full --show-leak-kinds=all \$CMD "\$@" 119RC=\$? 120 121# don't keep uninteresting logs 122if grep -q 'no leaks are possible' $2/valgrind.log; then 123 rm $2/valgrind.log 124else 125 mv $2/valgrind.log $2/valgrind_\$\$.log 126fi 127 128# drop logs for failing commands for now 129[ \$RC -eq 0 ] || rm $2/valgrind_\$\$.log 130 131exit \$RC 132EOF 133} 134 135if [ "$VALGRIND" == "y" ]; then 136 tmpd=$(mktemp -d) 137 msg_info "writing valgrind logs to $tmpd" 138 # let nobody write logs, too (././testcases/iptables/0008-unprivileged_0) 139 chmod 777 $tmpd 140 printscript "$XTABLES_NFT_MULTI" "$tmpd" >${tmpd}/xtables-nft-multi 141 printscript "$XTABLES_LEGACY_MULTI" "$tmpd" >${tmpd}/xtables-legacy-multi 142 trap "rm ${tmpd}/xtables-*-multi" EXIT 143 chmod a+x ${tmpd}/xtables-nft-multi ${tmpd}/xtables-legacy-multi 144 145 XTABLES_NFT_MULTI="${tmpd}/xtables-nft-multi" 146 XTABLES_LEGACY_MULTI="${tmpd}/xtables-legacy-multi" 147 148fi 149 150find_tests() { 151 if [ ! -z "$SINGLE" ] ; then 152 echo $SINGLE 153 return 154 fi 155 find ${TESTDIR} -executable -regex \ 156 .*${RETURNCODE_SEPARATOR}[0-9]+ | sort 157} 158 159ok=0 160failed=0 161 162do_test() { 163 testfile="$1" 164 xtables_multi="$2" 165 166 rc_spec=`echo $(basename ${testfile}) | cut -d _ -f2-` 167 168 [ -t 1 ] && msg_info "[EXECUTING] $testfile" 169 170 if [ "$VERBOSE" = "y" ]; then 171 XT_MULTI=$xtables_multi unshare -n ${testfile} 172 rc_got=$? 173 else 174 XT_MULTI=$xtables_multi unshare -n ${testfile} > /dev/null 2>&1 175 rc_got=$? 176 [ -t 1 ] && echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line 177 fi 178 179 if [ "$rc_got" == "$rc_spec" ] ; then 180 msg_info "[OK] $testfile" 181 ((ok++)) 182 else 183 ((failed++)) 184 msg_warn "[FAILED] $testfile: expected $rc_spec but got $rc_got" 185 fi 186} 187 188echo "" 189if [ "$NFT_ONLY" != "y" ]; then 190 for testfile in $(find_tests);do 191 do_test "$testfile" "$XTABLES_LEGACY_MULTI" 192 done 193 msg_info "legacy results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" 194 195fi 196legacy_ok=$ok 197legacy_fail=$failed 198ok=0 199failed=0 200if [ "$LEGACY_ONLY" != "y" ]; then 201 for testfile in $(find_tests);do 202 do_test "$testfile" "$XTABLES_NFT_MULTI" 203 done 204 msg_info "nft results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" 205fi 206 207ok=$((legacy_ok+ok)) 208failed=$((legacy_fail+failed)) 209 210msg_info "combined results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" 211 212exit -$failed 213