1#!/bin/bash 2 3#configuration 4TESTDIR="./$(dirname $0)/" 5RETURNCODE_SEPARATOR="_" 6 7usage() { 8 cat <<EOF 9Usage: $(basename $0) [-v|--verbose] [-H|--host] [-V|--valgrind] 10 [[-l|--legacy]|[-n|--nft]] [testscript ...] 11 12-v | --verbose Enable verbose mode (do not drop testscript output). 13-H | --host Run tests against installed binaries in \$PATH, 14 not those built in this source tree. 15-V | --valgrind Enable leak checking via valgrind. 16-l | --legacy Test legacy variant only. Conflicts with --nft. 17-n | --nft Test nft variant only. Conflicts with --legacy. 18testscript Run only specific test(s). Implies --verbose. 19EOF 20} 21 22msg_error() { 23 echo "E: $1 ..." >&2 24} 25 26msg_warn() { 27 echo "W: $1" >&2 28} 29 30msg_info() { 31 echo "I: $1" 32} 33 34if [ "$(id -u)" != "0" ] ; then 35 msg_error "this requires root!" 36 exit 77 37fi 38 39if [ ! -d "$TESTDIR" ] ; then 40 msg_error "missing testdir $TESTDIR" 41 exit 99 42fi 43 44# support matching repeated pattern in SINGLE check below 45shopt -s extglob 46 47while [ -n "$1" ]; do 48 case "$1" in 49 -v|--verbose) 50 VERBOSE=y 51 shift 52 ;; 53 -H|--host) 54 HOST=y 55 shift 56 ;; 57 -l|--legacy) 58 LEGACY_ONLY=y 59 shift 60 ;; 61 -n|--nft) 62 NFT_ONLY=y 63 shift 64 ;; 65 -V|--valgrind) 66 VALGRIND=y 67 shift 68 ;; 69 -h|--help) 70 usage 71 exit 0 72 ;; 73 *${RETURNCODE_SEPARATOR}+([0-9])) 74 SINGLE+=" $1" 75 VERBOSE=y 76 shift 77 ;; 78 *) 79 msg_error "unknown parameter '$1'" 80 exit 99 81 ;; 82 esac 83done 84 85if [ "$HOST" != "y" ]; then 86 XTABLES_NFT_MULTI="$(dirname $0)/../../xtables-nft-multi" 87 XTABLES_LEGACY_MULTI="$(dirname $0)/../../xtables-legacy-multi" 88 89 export XTABLES_LIBDIR=${TESTDIR}/../../../extensions 90else 91 XTABLES_NFT_MULTI="xtables-nft-multi" 92 XTABLES_LEGACY_MULTI="xtables-legacy-multi" 93fi 94 95printscript() { # (cmd, tmpd) 96 cat <<EOF 97#!/bin/bash 98 99CMD="$1" 100 101# note: valgrind man page warns about --log-file with --trace-children, the 102# last child executed overwrites previous reports unless %p or %q is used. 103# Since libtool wrapper calls exec but none of the iptables tools do, this is 104# perfect for us as it effectively hides bash-related errors 105 106valgrind --log-file=$2/valgrind.log --trace-children=yes \ 107 --leak-check=full --show-leak-kinds=all \$CMD "\$@" 108RC=\$? 109 110# don't keep uninteresting logs 111if grep -q 'no leaks are possible' $2/valgrind.log; then 112 rm $2/valgrind.log 113else 114 mv $2/valgrind.log $2/valgrind_\$\$.log 115fi 116 117# drop logs for failing commands for now 118[ \$RC -eq 0 ] || rm $2/valgrind_\$\$.log 119 120exit \$RC 121EOF 122} 123 124if [ "$VALGRIND" == "y" ]; then 125 tmpd=$(mktemp -d) 126 msg_info "writing valgrind logs to $tmpd" 127 # let nobody write logs, too (././testcases/iptables/0008-unprivileged_0) 128 chmod 777 $tmpd 129 printscript "$XTABLES_NFT_MULTI" "$tmpd" >${tmpd}/xtables-nft-multi 130 printscript "$XTABLES_LEGACY_MULTI" "$tmpd" >${tmpd}/xtables-legacy-multi 131 trap "rm ${tmpd}/xtables-*-multi" EXIT 132 chmod a+x ${tmpd}/xtables-nft-multi ${tmpd}/xtables-legacy-multi 133 134 XTABLES_NFT_MULTI="${tmpd}/xtables-nft-multi" 135 XTABLES_LEGACY_MULTI="${tmpd}/xtables-legacy-multi" 136 137fi 138 139find_tests() { 140 if [ ! -z "$SINGLE" ] ; then 141 echo $SINGLE 142 return 143 fi 144 find ${TESTDIR} -executable -regex \ 145 .*${RETURNCODE_SEPARATOR}[0-9]+ | sort 146} 147 148ok=0 149failed=0 150 151do_test() { 152 testfile="$1" 153 xtables_multi="$2" 154 155 rc_spec=`echo $(basename ${testfile}) | cut -d _ -f2-` 156 157 msg_info "[EXECUTING] $testfile" 158 159 if [ "$VERBOSE" = "y" ]; then 160 XT_MULTI=$xtables_multi unshare -n ${testfile} 161 rc_got=$? 162 else 163 XT_MULTI=$xtables_multi unshare -n ${testfile} > /dev/null 2>&1 164 rc_got=$? 165 echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line 166 fi 167 168 if [ "$rc_got" == "$rc_spec" ] ; then 169 msg_info "[OK] $testfile" 170 ((ok++)) 171 else 172 ((failed++)) 173 msg_warn "[FAILED] $testfile: expected $rc_spec but got $rc_got" 174 fi 175} 176 177echo "" 178if [ "$NFT_ONLY" != "y" ]; then 179 for testfile in $(find_tests);do 180 do_test "$testfile" "$XTABLES_LEGACY_MULTI" 181 done 182 msg_info "legacy results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" 183 184fi 185legacy_ok=$ok 186legacy_fail=$failed 187ok=0 188failed=0 189if [ "$LEGACY_ONLY" != "y" ]; then 190 for testfile in $(find_tests);do 191 do_test "$testfile" "$XTABLES_NFT_MULTI" 192 done 193 msg_info "nft results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" 194fi 195 196ok=$((legacy_ok+ok)) 197failed=$((legacy_fail+failed)) 198 199msg_info "combined results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" 200 201exit -$failed 202