[netfilter-cvslog] r3491 - in trunk: nfsim/core
nfsim-testsuite/01iptables nfsim-testsuite/02conntrack
nfsim-testsuite/03NAT
rusty at netfilter.org
rusty at netfilter.org
Wed Dec 22 05:57:50 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-22 05:57:50 +0100 (Wed, 22 Dec 2004)
New Revision: 3491
Modified:
trunk/nfsim-testsuite/01iptables/01reject.sim
trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim
trunk/nfsim-testsuite/03NAT/06ip_snat_reply.sim
trunk/nfsim-testsuite/03NAT/17masq.sim
trunk/nfsim/core/failtest.c
trunk/nfsim/core/tui.c
trunk/nfsim/core/tui.h
Log:
Export linenumber, and use it in failure reporting.
Warn when a test seems to be ignoring failures: makes test take a **LONG** time as every failure combination is tried! (ie. 2^n attempts).
Enhance many tests to expect particular failures, rather than "any failure", or ignoring failures altogether.
Modified: trunk/nfsim/core/failtest.c
===================================================================
--- trunk/nfsim/core/failtest.c 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim/core/failtest.c 2004-12-22 04:57:50 UTC (rev 3491)
@@ -28,7 +28,7 @@
static bool failtest = false;
bool suppress_failtest;
-static unsigned int generations = 0;
+static unsigned int fails = 0;
unsigned int failpoints = 0;
/* Failures pattern so far. */
@@ -98,6 +98,20 @@
failpattern += strlen(func) + 1;
}
+ if (*failpattern == ':') {
+ unsigned long line;
+ char *after;
+ failpattern++;
+ line = strtoul(failpattern, &after, 10);
+ if (*after != ':')
+ barf("Bad failure pattern line number %s\n",
+ failpattern);
+ if (line != tui_linenum)
+ barf("Unexpected line number %lu vs %u\n",
+ line, tui_linenum);
+ failpattern = after+1;
+ }
+
switch ((failpattern++)[0]) {
case 'F':
case 'f':
@@ -114,6 +128,24 @@
}
}
+static void warn_failure(void)
+{
+ char *warning = NULL, *p;
+
+ /* Only report failures, with linenumber*/
+ for (p = strstr(faillist, ":F"); p; p = strstr(p + 1, ":F")) {
+ char *start, *line;
+
+ for (start = p; *start != '['; start--);
+ for (line = p-1; *line != ':'; line--);
+ warning = talloc_asprintf_append(warning, "%.*s line %.*s, ",
+ line - start - 2, start+1,
+ p - line - 1, line+1);
+ }
+
+ nfsim_log(LOG_ALWAYS, "WARNING: test ignores failures: %s", warning);
+}
+
/* Should I fail at this point? Once only: it would be too expensive
* to fail at every possible call. */
bool should_i_fail_once(const char *location)
@@ -156,6 +188,14 @@
if (!failtest)
return false;
+ /* If a testcase ignores a spuriously-inserted failure, it's
+ * not specific enough, and we risk doing 2^n tests! Limit it to 3. */
+ if (fails > 3) {
+ static bool warned = false;
+ if (!warned++)
+ warn_failure();
+ }
+
fflush(stdout);
child = fork();
if (child == -1)
@@ -165,15 +205,15 @@
* point, but should not crash. */
if (child == 0) {
/* If we're talking to iptables, it has to fork too. */
- faillist = talloc_asprintf_append(faillist, "[%s]F", func);
+ faillist = talloc_asprintf_append(faillist, "[%s]:%i:F", func,
+ tui_linenum);
+ fails++;
fork_other_program();
- if (++generations > 128)
- barf("Too deep recursion on failure path:\n%s",
- faillist);
return true;
}
- faillist = talloc_asprintf_append(faillist, "[%s]S", func);
+ faillist = talloc_asprintf_append(faillist, "[%s]:%i:S", func,
+ tui_linenum);
if (waitpid(child, &status, 0) != child)
barf_perror("failtest waitpid failed for child %i",(int)child);
Modified: trunk/nfsim/core/tui.c
===================================================================
--- trunk/nfsim/core/tui.c 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim/core/tui.c 2004-12-22 04:57:50 UTC (rev 3491)
@@ -34,7 +34,7 @@
int tui_echo_commands;
int tui_abort_on_fail;
int tui_quiet;
-static int linenum = 1;
+int tui_linenum = 1;
static bool stop;
struct command {
@@ -175,7 +175,7 @@
char *str;
va_list arglist;
- nfsim_log(LOG_UI, "Script failed at line %i: ", linenum);
+ nfsim_log(LOG_UI, "Script failed at line %i: ", tui_linenum);
va_start(arglist, fmt);
str = talloc_vasprintf(NULL, fmt, arglist);
@@ -201,7 +201,7 @@
argc = 0;
if (tui_echo_commands)
- printf("%u:%s\n", linenum, line);
+ printf("%u:%s\n", tui_linenum, line);
/* FIXME: only handles quotes at the beginning and end of args */
while (*line) {
@@ -236,7 +236,7 @@
script_fail("%s not found", argv[0]);
}
skip:
- linenum++;
+ tui_linenum++;
return;
}
Modified: trunk/nfsim/core/tui.h
===================================================================
--- trunk/nfsim/core/tui.h 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim/core/tui.h 2004-12-22 04:57:50 UTC (rev 3491)
@@ -45,5 +45,6 @@
extern int tui_echo_commands;
extern int tui_abort_on_fail;
extern int tui_quiet;
+extern int tui_linenum;
#endif /* __HAVE_TUI_H */
Modified: trunk/nfsim-testsuite/01iptables/01reject.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/01reject.sim 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim-testsuite/01iptables/01reject.sim 2004-12-22 04:57:50 UTC (rev 3491)
@@ -56,12 +56,17 @@
gen_ip IF=eth0 192.168.0.2 192.168.0.1 10 17 1 2
iptables -D INPUT -j REJECT --reject-with icmp-admin-prohibited
-# tcp-reset needs to be attached to -p tcp (and not inverted!).
+# tcp-reset needs to be attached to -p tcp (and not inverted!): checkentry
+# should fail it.
+strace
+expect iptables setsockopt -> -EINVAL
expect iptables iptables: command failed
iptables -A INPUT -j REJECT --reject-with tcp-reset
+expect iptables setsockopt -> -EINVAL
expect iptables iptables: command failed
iptables -A INPUT -p ! tcp -j REJECT --reject-with tcp-reset
+strace off
# Find it even if other matches come first.
iptables -A INPUT -m limit --limit 1/s -m tos --tos 0 -p tcp -j REJECT --reject-with tcp-reset
Modified: trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim-testsuite/02conntrack/04icmp_reply.sim 2004-12-22 04:57:50 UTC (rev 3491)
@@ -1,8 +1,12 @@
# Test that icmp error packets are recognized as part of same connection.
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 1 8 0 55 57}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 6 1024 1025 SYN}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 1025 SYN
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 17 1024 1025}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 1024 1025
+expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 2}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 2
# Must be related to get through now.
Modified: trunk/nfsim-testsuite/03NAT/06ip_snat_reply.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/06ip_snat_reply.sim 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim-testsuite/03NAT/06ip_snat_reply.sim 2004-12-22 04:57:50 UTC (rev 3491)
@@ -2,9 +2,13 @@
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.1.2 -j SNAT --to-source 192.168.0.3
# ICMP, UDP, TCP and unknown
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 1 8 0 55 57}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 1 8 0 55 57
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 17 53 53}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 17 53 53
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 6 1024 8080 SYN SEQ=1000 WIN=512}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 6 1024 8080 SYN SEQ=1000 WIN=512
+expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 2}
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 2
iptables -t nat -D POSTROUTING -s 192.168.0.0/24 -d 192.168.1.2 -j SNAT --to-source 192.168.0.3
Modified: trunk/nfsim-testsuite/03NAT/17masq.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/17masq.sim 2004-12-22 04:56:18 UTC (rev 3490)
+++ trunk/nfsim-testsuite/03NAT/17masq.sim 2004-12-22 04:57:50 UTC (rev 3491)
@@ -1,19 +1,16 @@
# Tests for masquerading.
-
# XFAIL:linux:*
-# Check we can only insert it on correct position.
+# Check we can only insert it on correct position: checkentry should fail
+strace
+expect iptables setsockopt -> -EINVAL
expect iptables iptables: command failed
iptables -t nat -A PREROUTING -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
+expect iptables setsockopt -> -EINVAL
expect iptables iptables: command failed
-iptables -t nat -A INPUT -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
-
-expect iptables iptables: command failed
-iptables -t nat -A FORWARD -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
-
-expect iptables iptables: command failed
iptables -t nat -A OUTPUT -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
+strace off
iptables -t nat -A POSTROUTING -s 192.168.0.2 -d 192.168.1.0/24 -j MASQUERADE
More information about the netfilter-cvslog
mailing list