[netfilter-cvslog] r4323 - in trunk/nfsim-testsuite: . 01iptables
02conntrack 03NAT
rusty at netfilter.org
rusty at netfilter.org
Fri Oct 7 19:04:28 CEST 2005
Author: rusty at netfilter.org
Date: 2005-10-07 19:04:25 +0200 (Fri, 07 Oct 2005)
New Revision: 4323
Modified:
trunk/nfsim-testsuite/01iptables/00simple.sim
trunk/nfsim-testsuite/01iptables/01icmp.sim
trunk/nfsim-testsuite/01iptables/01reject.sim
trunk/nfsim-testsuite/02conntrack/05loopback.sim
trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim
trunk/nfsim-testsuite/02conntrack/10ftp-port.sim
trunk/nfsim-testsuite/02conntrack/11overload.sim
trunk/nfsim-testsuite/02conntrack/12amanda.sim
trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim
trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim
trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim
trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim
trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim
trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim
trunk/nfsim-testsuite/03NAT/04icmp-old.sim
trunk/nfsim-testsuite/03NAT/10source-map.sim
trunk/nfsim-testsuite/test-kernel-source
trunk/nfsim-testsuite/test.sh
Log:
Fix up XFAIL lines for most kernels.
Add --linear-packets for pre-2.6.10 kernels, since they suck.
Make sure we re-run with exactly same options when displaying error.
Fix XFAIL:config lines (we expect to fail with this config: was backwards).
Modified: trunk/nfsim-testsuite/01iptables/00simple.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/00simple.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/01iptables/00simple.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,11 +1,5 @@
# Test simple matches for iptables
-# Don't want conntrack to interfere with fragments.
-
-rmmod -a
-insmod ip_tables
-insmod iptable_filter
-
# By source address
iptables -A FORWARD -s 192.168.0.2 -j DROP
expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
@@ -46,14 +40,6 @@
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 4
iptables -D FORWARD -p 4 -j DROP
-# By fragment
-iptables -A FORWARD -f -j DROP
-expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 3}
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
-expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 FRAG=8 192.168.0.2 192.168.1.2}
-gen_ip IF=eth0 FRAG=8,100 192.168.0.2 192.168.1.2 108 3
-iptables -D FORWARD -f -j DROP
-
### Inverted tests
# By source address
@@ -96,14 +82,6 @@
gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 4
iptables -D FORWARD -p ! 3 -j DROP
-# By fragment
-iptables -A FORWARD ! -f -j DROP
-expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 192.168.0.2 192.168.1.2 0 3}
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
-expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.2 192.168.1.2}
-gen_ip IF=eth0 FRAG=8,100 192.168.0.2 192.168.1.2 108 3
-iptables -D FORWARD ! -f -j DROP
-
# Test RETURN
iptables -P FORWARD DROP
iptables -A FORWARD -s 192.168.0.2 -j RETURN
@@ -142,21 +120,6 @@
iptables -D CHAIN -j DROP
iptables -X CHAIN
-# Test failure to find a target, match or table (no modules are loaded)
-strace
-expect iptables iptables: command failed
-expect iptables getsockopt -> -ENOENT *
-iptables -t nat -A PREROUTING -s 192.168.0.2
-
-expect iptables iptables: command failed
-expect iptables *etsockopt -> -ENOENT
-iptables -A FORWARD -s 192.168.0.2 -m mark --mark 1
-
-expect iptables iptables: command failed
-expect iptables setsockopt -> -ENOENT
-iptables -A FORWARD -s 192.168.0.2 -j REJECT
-strace off
-
# Test inserting a loop, various forms.
iptables -N CHAIN
iptables -N CHAIN2
Modified: trunk/nfsim-testsuite/01iptables/01icmp.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/01icmp.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/01iptables/01icmp.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,4 +1,9 @@
# Test simple matches for iptables: ICMP
+# XFAIL:config:CONFIG_IP_NF_CONNTRACK=y
+# XFAIL:config:CONFIG_IP_NF_IPTABLES=n
+# XFAIL:config:CONFIG_IP_NF_IPTABLES=y
+# XFAIL:config:CONFIG_IP_NF_FILTER=n
+# XFAIL:config:CONFIG_IP_NF_FILTER=y
# Don't want conntrack to interfere with fragments.
rmmod -a
Modified: trunk/nfsim-testsuite/01iptables/01reject.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/01reject.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/01iptables/01reject.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,11 +1,10 @@
# INPUT reject rule
+# Early Linux 2.6 does skb_copy_bits into icmp header, not local buffer.
+# But test-kernel-script uses --linear-packets for those kernels.
+# XFAIL:linux:2.6.10
+
iptables -A INPUT -j REJECT
-# expect to get dropped, and an ICMP error back at us.
-expect gen_ip hook:NF_IP_LOCAL_IN * NF_DROP {IPv4 192.168.0.2 192.168.0.1 10 17 1 2}
-expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 38 1 3 3 CONTAINS 192.168.0.2 192.168.0.1 10 17 1 2}
-gen_ip IF=eth0 192.168.0.2 192.168.0.1 10 17 1 2
-
# nothing in return for an ICMP error.
expect gen_err hook:NF_IP_LOCAL_IN * NF_DROP {IPv4 192.168.0.2 192.168.0.1 38 1 3 0 CONTAINS 192.168.0.1 192.168.0.2 10 17 1 2}
expect ! gen_err send:eth0*
Modified: trunk/nfsim-testsuite/02conntrack/05loopback.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/05loopback.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/05loopback.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
# Loopback connection tracking: should get a single connection.
-# 2.4 doesn't have /proc/net/stat
-# XFAIL:linux:2.4*
+# /proc/net/stat introduced in 2.6.9
+# XFAIL:linux:<2.6.9
expect gen_ip send:lo {IPv4 127.0.0.1 127.0.0.1 0 1 8 0 55 57}
gen_ip 127.0.0.1 127.0.0.1 0 1 8 0 55 57
Modified: trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
# Tests for PASV recognition.
-# 2.4 doesn't have /proc/net/stat
-# XFAIL:linux:2.4*
+# /proc/net/ip_conntrack_expect introduced in 2.6.9
+# XFAIL:linux:<2.6.9
# Drop invalid packets, in case this script has a mistake.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/10ftp-port.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/10ftp-port.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/10ftp-port.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
# Test ftp module's tracking code for PORT commands.
-# 2.4 doesn't have /proc/net/stat
-# XFAIL:linux:2.4*
+# /proc/net/ip_conntrack_expect introduced in 2.6.9
+# XFAIL:linux:<2.6.9
# Drop invalid packets, in case this script has a mistake.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/11overload.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/11overload.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/11overload.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
# Test overloading connection tracking.
-# Need /proc/net/stat/ip_conntrack
-# XFAIL:linux:<2.6.0
+# /proc/net/stat introduced in 2.6.9
+# XFAIL:linux:<2.6.9
# FIXME: use module parameters to set hashsize to 1, so we can test collisions.
# Set stupidly low limit, for testing.
@@ -12,8 +12,8 @@
expect gen_ip send:eth1 *
gen_ip IF=eth0 192.168.0.2 192.168.1.3 0 6 1 2 SYN
-expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.2 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 mark=0 use=1
-expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.3 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.3 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 mark=0 use=1
+expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.2 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 *use=1
+expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.3 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.3 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 *use=1
proc cat /proc/net/ip_conntrack
# First number is number of conntracks.
Modified: trunk/nfsim-testsuite/02conntrack/12amanda.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/12amanda.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/12amanda.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,7 @@
# Track the AMANDA backup protocol. UDP port 10080.
-# Needs /proc/net/ip_conntrack_expect
-# XFAIL:linux:<2.6.0
+# /proc/net/ip_conntrack_expect introduced in 2.6.9
+# XFAIL:linux:<2.6.9
+
# Test just connection tracking.
rmmod ip_nat_amanda
Modified: trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,4 +1,5 @@
# TCP window tracking: tests from RFC793
+# XFAIL:linux:<2.6.11
# Kill packets which are invalid.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,8 +1,6 @@
# TCP window tracking: Test RST segments
-# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# Fails before 2.6.12
+# XFAIL:linux:<2.6.12
# Kill packets which are invalid.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,9 +1,7 @@
# TCP window tracking: check SACK options
# Traffic dump submitted by Krisztian Kovacs
-# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# Fails for 2.6.11 (before that, we didn't track windows, after we fixed this)
+# XFAIL:linux:2.6.11
# Kill packets which are invalid.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,9 +1,7 @@
# TCP window tracking: server sends SYN/ACK with new SEQ
# Traffic captured by Martin
# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# XFAIL:linux:<2.6.11
# Kill packets which are invalid.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,9 +1,7 @@
# TCP window tracking: SYN packets, covering as much cases
# as I could think of and emulate with real server
# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# XFAIL:linux:<2.6.11
# Kill packets which are invalid.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,8 +1,6 @@
# TCP window tracking: packet overlaps with window
# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# XFAIL:linux:<2.6.11
# Kill packets which are invalid.
iptables -A FORWARD -m state --state INVALID -j DROP
Modified: trunk/nfsim-testsuite/03NAT/04icmp-old.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/04icmp-old.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/03NAT/04icmp-old.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,4 +1,5 @@
# ICMP errors, including locally-generated errors on half-NATted packets.
+# XFAIL:linux:2.6.?
# Source manip only
iptables -t nat -A POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.1.3:3
Modified: trunk/nfsim-testsuite/03NAT/10source-map.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/10source-map.sim 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/03NAT/10source-map.sim 2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
# Test that the source port selection for NAT works as we require it
-# Source port matching fixed in 2.6
-# XFAIL:linux:<2.6.0
+# Source port matching fixed in 2.6.9
+# XFAIL:linux:<2.6.9
# The world is out eth1...
route add 0.0.0.0/0 eth1
Modified: trunk/nfsim-testsuite/test-kernel-source
===================================================================
--- trunk/nfsim-testsuite/test-kernel-source 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/test-kernel-source 2005-10-07 17:04:25 UTC (rev 4323)
@@ -89,6 +89,12 @@
EXTRA_ARGS="--ignore-proc-issues $EXTRA_ARGS"
fi
+# 2.6 kernels before 2.6.10 sucked with nonlinear packets, lots of bugs.
+KVERSION=`echo version kernel | $NFSIM -q --no-modules | sed 's/-.*//'`
+case $KVERSION in
+ 2.6.?) EXTRA_ARGS="--linear-packets $EXTRA_ARGS";;
+esac
+
# warn_if_extra_mangle ignores failures from ip_route_output_key, which
# makes failtest complain. Suppress reporting from that in kernels with
# warn_if_extra_mangle (it's a temporary hack).
Modified: trunk/nfsim-testsuite/test.sh
===================================================================
--- trunk/nfsim-testsuite/test.sh 2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/test.sh 2005-10-07 17:04:25 UTC (rev 4323)
@@ -2,15 +2,15 @@
# Shell script to run test suite.
NFSIM=nfsim
-NFSIM_QUIET_ARGS="-q"
+NFSIM_QUIET="-q"
NFSIM_ARGS="-e"
while true; do
case "$1" in
- -vv) VERBOSE=1; EXTRA_ARGS=-x; NFSIM_QUIET_ARGS="-x"; shift;;
+ -vv) VERBOSE=1; EXTRA_ARGS=-x; NFSIM_QUIET=""; shift;;
-v)
if [ -n "$VERBOSE" ]; then
- EXTRA_ARGS=-x; NFSIM_QUIET_ARGS="-x"
+ EXTRA_ARGS=-x; NFSIM_QUIET=""
else
VERBOSE=1
fi
@@ -26,8 +26,7 @@
esac
done
-NFSIM_ARGS="$NFSIM_QUIET_ARGS $NFSIM_ARGS"
-KVERSION=`echo version kernel | $NFSIM -q | sed 's/-.*//'`
+KVERSION=`echo version kernel | $NFSIM -q --no-modules | sed 's/-.*//'`
# Creates a temporary file and exports the name of the file to
# the provided argument. Exits on error.
@@ -87,9 +86,9 @@
check_config()
{
if echo "config" | $NFSIM | grep -q "^$1"; then
- echo .
- else
echo C
+ else
+ echo .
fi
}
@@ -141,7 +140,7 @@
{
VG_NFSIM=$1
shift
- valgrind -q --suppressions=valgrind-suppressions --num-callers=8 --logfile-fd=3 $VG_NFSIM --valgrind-file=/tmp/valgrind "$@" 3>/tmp/valgrind
+ valgrind -q --suppressions=valgrind-suppressions --num-callers=8 --log-fd=3 $VG_NFSIM --valgrind-file=/tmp/valgrind "$@" 3>/tmp/valgrind
VG_RESULT=$?
if [ -s /tmp/valgrind ]; then
@@ -207,10 +206,10 @@
*~|*.orig|*.rej)
continue;;
*.sh)
- $TIME sh -e $EXTRA_ARGS "$f" > $ERROUT 2>&1
+ NFSIM_ARGS=" $NFSIM_QUIET $NFSIM_ARGS" $TIME sh -e $EXTRA_ARGS "$f" > $ERROUT 2>&1
;;
*.sim)
- $TIME $NFSIM $NFSIM_ARGS "$f" > $ERROUT 2>&1
+ $TIME $NFSIM $NFSIM_QUIET $NFSIM_ARGS "$f" > $ERROUT 2>&1
;;
*)
echo Unknown test type "$f" >&2
@@ -228,7 +227,7 @@
echo Test $f failed, running verbose >&2
case "$f" in
*.sh) sh -e -x "$f" || true;;
- *.sim) echo $NFSIM -e -x "$f"; $NFSIM -e -x "$f" || true;;
+ *.sim) echo $NFSIM -x $NFSIM_ARGS "$f"; $NFSIM -x $NFSIM_ARGS "$f" || true;;
esac
echo Test $f failed >&2
exit 1
More information about the netfilter-cvslog
mailing list