[netfilter-cvslog] r4323 - in trunk/nfsim-testsuite: . 01iptables 02conntrack 03NAT

rusty at netfilter.org rusty at netfilter.org
Fri Oct 7 19:04:28 CEST 2005 

Author: rusty at netfilter.org
Date: 2005-10-07 19:04:25 +0200 (Fri, 07 Oct 2005)
New Revision: 4323

Modified:
   trunk/nfsim-testsuite/01iptables/00simple.sim
   trunk/nfsim-testsuite/01iptables/01icmp.sim
   trunk/nfsim-testsuite/01iptables/01reject.sim
   trunk/nfsim-testsuite/02conntrack/05loopback.sim
   trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim
   trunk/nfsim-testsuite/02conntrack/10ftp-port.sim
   trunk/nfsim-testsuite/02conntrack/11overload.sim
   trunk/nfsim-testsuite/02conntrack/12amanda.sim
   trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim
   trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim
   trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim
   trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim
   trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim
   trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim
   trunk/nfsim-testsuite/03NAT/04icmp-old.sim
   trunk/nfsim-testsuite/03NAT/10source-map.sim
   trunk/nfsim-testsuite/test-kernel-source
   trunk/nfsim-testsuite/test.sh
Log:
Fix up XFAIL lines for most kernels.
Add --linear-packets for pre-2.6.10 kernels, since they suck.
Make sure we re-run with exactly same options when displaying error.
Fix XFAIL:config lines (we expect to fail with this config: was backwards).



Modified: trunk/nfsim-testsuite/01iptables/00simple.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/00simple.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/01iptables/00simple.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,11 +1,5 @@
 # Test simple matches for iptables
 
-# Don't want conntrack to interfere with fragments.
-
-rmmod -a
-insmod ip_tables
-insmod iptable_filter
-
 # By source address
 iptables -A FORWARD -s 192.168.0.2 -j DROP
 expect gen_ip send:eth1 {IPv4 192.168.0.3 192.168.1.2 0 3}
@@ -46,14 +40,6 @@
 gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 4
 iptables -D FORWARD -p 4 -j DROP
 
-# By fragment
-iptables -A FORWARD -f -j DROP
-expect gen_ip send:eth1 {IPv4 192.168.0.2 192.168.1.2 0 3}
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
-expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 FRAG=8 192.168.0.2 192.168.1.2}
-gen_ip IF=eth0 FRAG=8,100 192.168.0.2 192.168.1.2 108 3
-iptables -D FORWARD -f -j DROP
-
 ### Inverted tests
 
 # By source address
@@ -96,14 +82,6 @@
 gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 4
 iptables -D FORWARD -p ! 3 -j DROP
 
-# By fragment
-iptables -A FORWARD ! -f -j DROP
-expect gen_ip hook:NF_IP_FORWARD * NF_DROP {IPv4 192.168.0.2 192.168.1.2 0 3}
-gen_ip IF=eth0 192.168.0.2 192.168.1.2 0 3
-expect gen_ip send:eth1 {IPv4 FRAG=8 192.168.0.2 192.168.1.2}
-gen_ip IF=eth0 FRAG=8,100 192.168.0.2 192.168.1.2 108 3
-iptables -D FORWARD ! -f -j DROP
-
 # Test RETURN 
 iptables -P FORWARD DROP
 iptables -A FORWARD -s 192.168.0.2 -j RETURN
@@ -142,21 +120,6 @@
 iptables -D CHAIN -j DROP
 iptables -X CHAIN
 
-# Test failure to find a target, match or table (no modules are loaded)
-strace
-expect iptables iptables: command failed
-expect iptables getsockopt -> -ENOENT *
-iptables -t nat -A PREROUTING -s 192.168.0.2
-
-expect iptables iptables: command failed
-expect iptables *etsockopt -> -ENOENT
-iptables -A FORWARD -s 192.168.0.2 -m mark --mark 1
-
-expect iptables iptables: command failed
-expect iptables setsockopt -> -ENOENT
-iptables -A FORWARD -s 192.168.0.2 -j REJECT
-strace off
-
 # Test inserting a loop, various forms.
 iptables -N CHAIN
 iptables -N CHAIN2

Modified: trunk/nfsim-testsuite/01iptables/01icmp.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/01icmp.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/01iptables/01icmp.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,4 +1,9 @@
 # Test simple matches for iptables: ICMP
+# XFAIL:config:CONFIG_IP_NF_CONNTRACK=y
+# XFAIL:config:CONFIG_IP_NF_IPTABLES=n
+# XFAIL:config:CONFIG_IP_NF_IPTABLES=y
+# XFAIL:config:CONFIG_IP_NF_FILTER=n
+# XFAIL:config:CONFIG_IP_NF_FILTER=y
 
 # Don't want conntrack to interfere with fragments.
 rmmod -a

Modified: trunk/nfsim-testsuite/01iptables/01reject.sim
===================================================================
--- trunk/nfsim-testsuite/01iptables/01reject.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/01iptables/01reject.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,11 +1,10 @@
 # INPUT reject rule
+# Early Linux 2.6 does skb_copy_bits into icmp header, not local buffer.
+# But test-kernel-script uses --linear-packets for those kernels.
+# XFAIL:linux:2.6.10
+
 iptables -A INPUT -j REJECT
 
-# expect to get dropped, and an ICMP error back at us.
-expect gen_ip hook:NF_IP_LOCAL_IN * NF_DROP {IPv4 192.168.0.2 192.168.0.1 10 17 1 2}
-expect gen_ip send:eth0 {IPv4 192.168.0.1 192.168.0.2 38 1 3 3 CONTAINS 192.168.0.2 192.168.0.1 10 17 1 2}
-gen_ip IF=eth0 192.168.0.2 192.168.0.1 10 17 1 2
-
 # nothing in return for an ICMP error.
 expect gen_err hook:NF_IP_LOCAL_IN * NF_DROP {IPv4 192.168.0.2 192.168.0.1 38 1 3 0 CONTAINS 192.168.0.1 192.168.0.2 10 17 1 2}
 expect ! gen_err send:eth0*

Modified: trunk/nfsim-testsuite/02conntrack/05loopback.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/05loopback.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/05loopback.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
 # Loopback connection tracking: should get a single connection.
-# 2.4 doesn't have /proc/net/stat
-# XFAIL:linux:2.4*
+# /proc/net/stat introduced in 2.6.9
+# XFAIL:linux:<2.6.9
 
 expect gen_ip send:lo {IPv4 127.0.0.1 127.0.0.1 0 1 8 0 55 57}
 gen_ip 127.0.0.1 127.0.0.1 0 1 8 0 55 57

Modified: trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/10ftp-pasv.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
 # Tests for PASV recognition.
-# 2.4 doesn't have /proc/net/stat
-# XFAIL:linux:2.4*
+# /proc/net/ip_conntrack_expect introduced in 2.6.9
+# XFAIL:linux:<2.6.9
 
 # Drop invalid packets, in case this script has a mistake.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/10ftp-port.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/10ftp-port.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/10ftp-port.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
 # Test ftp module's tracking code for PORT commands.
-# 2.4 doesn't have /proc/net/stat
-# XFAIL:linux:2.4*
+# /proc/net/ip_conntrack_expect introduced in 2.6.9
+# XFAIL:linux:<2.6.9
 
 # Drop invalid packets, in case this script has a mistake.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/11overload.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/11overload.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/11overload.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
 # Test overloading connection tracking.
-# Need /proc/net/stat/ip_conntrack
-# XFAIL:linux:<2.6.0 
+# /proc/net/stat introduced in 2.6.9
+# XFAIL:linux:<2.6.9
 
 # FIXME: use module parameters to set hashsize to 1, so we can test collisions.
 # Set stupidly low limit, for testing.
@@ -12,8 +12,8 @@
 expect gen_ip send:eth1 *
 gen_ip IF=eth0 192.168.0.2 192.168.1.3 0 6 1 2 SYN
 
-expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.2 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 mark=0 use=1
-expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.3 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.3 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 mark=0 use=1
+expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.2 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 *use=1
+expect proc tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.3 sport=1 dport=2 packets=1 bytes=40 [UNREPLIED] src=192.168.1.3 dst=192.168.0.2 sport=2 dport=1 packets=0 bytes=0 *use=1
 proc cat /proc/net/ip_conntrack
 
 # First number is number of conntracks.

Modified: trunk/nfsim-testsuite/02conntrack/12amanda.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/12amanda.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/12amanda.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,7 @@
 # Track the AMANDA backup protocol.  UDP port 10080.
-# Needs /proc/net/ip_conntrack_expect
-# XFAIL:linux:<2.6.0
+# /proc/net/ip_conntrack_expect introduced in 2.6.9
+# XFAIL:linux:<2.6.9
+
 # Test just connection tracking.
 rmmod ip_nat_amanda
 

Modified: trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-rfc793.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,4 +1,5 @@
 # TCP window tracking: tests from RFC793
+# XFAIL:linux:<2.6.11
 
 # Kill packets which are invalid.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-rst.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,8 +1,6 @@
 # TCP window tracking: Test RST segments
-# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# Fails before 2.6.12
+# XFAIL:linux:<2.6.12
 
 # Kill packets which are invalid.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-sack.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,9 +1,7 @@
 # TCP window tracking: check SACK options
 # Traffic dump submitted by Krisztian Kovacs
-# Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# Fails for 2.6.11 (before that, we didn't track windows, after we fixed this)
+# XFAIL:linux:2.6.11
 
 # Kill packets which are invalid.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-server-reinit.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,9 +1,7 @@
 # TCP window tracking: server sends SYN/ACK with new SEQ
 # Traffic captured by Martin
 # Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# XFAIL:linux:<2.6.11
 
 # Kill packets which are invalid.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-syn.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,9 +1,7 @@
 # TCP window tracking: SYN packets, covering as much cases
 # as I could think of and emulate with real server
 # Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# XFAIL:linux:<2.6.11
 
 # Kill packets which are invalid.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim
===================================================================
--- trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/02conntrack/13tcp-win-overlap.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,8 +1,6 @@
 # TCP window tracking: packet overlaps with window
 # Fails before 2.6.11
-# XXFAIL:linux:2.6.10*
-# XXFAIL:linux:2.6.[1-9]
-# XXFAIL:linux:2.6.[1-9]-*
+# XFAIL:linux:<2.6.11
 
 # Kill packets which are invalid.
 iptables -A FORWARD -m state --state INVALID -j DROP

Modified: trunk/nfsim-testsuite/03NAT/04icmp-old.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/04icmp-old.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/03NAT/04icmp-old.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,4 +1,5 @@
 # ICMP errors, including locally-generated errors on half-NATted packets.
+# XFAIL:linux:2.6.?
 
 # Source manip only
 iptables -t nat -A POSTROUTING -p udp -o eth1 -j SNAT --to-source 192.168.1.3:3

Modified: trunk/nfsim-testsuite/03NAT/10source-map.sim
===================================================================
--- trunk/nfsim-testsuite/03NAT/10source-map.sim	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/03NAT/10source-map.sim	2005-10-07 17:04:25 UTC (rev 4323)
@@ -1,6 +1,6 @@
 # Test that the source port selection for NAT works as we require it
-# Source port matching fixed in 2.6
-# XFAIL:linux:<2.6.0
+# Source port matching fixed in 2.6.9
+# XFAIL:linux:<2.6.9
 
 # The world is out eth1...
 route add 0.0.0.0/0 eth1

Modified: trunk/nfsim-testsuite/test-kernel-source
===================================================================
--- trunk/nfsim-testsuite/test-kernel-source	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/test-kernel-source	2005-10-07 17:04:25 UTC (rev 4323)
@@ -89,6 +89,12 @@
     EXTRA_ARGS="--ignore-proc-issues $EXTRA_ARGS"
 fi
 
+# 2.6 kernels before 2.6.10 sucked with nonlinear packets, lots of bugs.
+KVERSION=`echo version kernel | $NFSIM -q --no-modules | sed 's/-.*//'`
+case $KVERSION in
+    2.6.?) EXTRA_ARGS="--linear-packets $EXTRA_ARGS";;
+esac
+
 # warn_if_extra_mangle ignores failures from ip_route_output_key, which
 # makes failtest complain.  Suppress reporting from that in kernels with
 # warn_if_extra_mangle (it's a temporary hack).

Modified: trunk/nfsim-testsuite/test.sh
===================================================================
--- trunk/nfsim-testsuite/test.sh	2005-10-07 13:49:38 UTC (rev 4322)
+++ trunk/nfsim-testsuite/test.sh	2005-10-07 17:04:25 UTC (rev 4323)
@@ -2,15 +2,15 @@
 # Shell script to run test suite.
 
 NFSIM=nfsim
-NFSIM_QUIET_ARGS="-q"
+NFSIM_QUIET="-q"
 NFSIM_ARGS="-e"
 
 while true; do
     case "$1" in
-	-vv) VERBOSE=1; EXTRA_ARGS=-x; NFSIM_QUIET_ARGS="-x"; shift;;
+	-vv) VERBOSE=1; EXTRA_ARGS=-x; NFSIM_QUIET=""; shift;;
 	-v)
 	    if [ -n "$VERBOSE" ]; then
-		EXTRA_ARGS=-x; NFSIM_QUIET_ARGS="-x"
+		EXTRA_ARGS=-x; NFSIM_QUIET=""
 	    else
 		VERBOSE=1
 	    fi
@@ -26,8 +26,7 @@
     esac
 done
 
-NFSIM_ARGS="$NFSIM_QUIET_ARGS $NFSIM_ARGS"
-KVERSION=`echo version kernel | $NFSIM -q | sed 's/-.*//'`
+KVERSION=`echo version kernel | $NFSIM -q --no-modules | sed 's/-.*//'`
 
 # Creates a temporary file and exports the name of the file to
 # the provided argument.  Exits on error.
@@ -87,9 +86,9 @@
 check_config()
 {
     if echo "config" | $NFSIM | grep -q "^$1"; then
-	echo .
-    else
 	echo C
+    else
+	echo .
     fi
 }
 
@@ -141,7 +140,7 @@
 {
     VG_NFSIM=$1
     shift
-    valgrind -q --suppressions=valgrind-suppressions --num-callers=8 --logfile-fd=3 $VG_NFSIM --valgrind-file=/tmp/valgrind "$@" 3>/tmp/valgrind
+    valgrind -q --suppressions=valgrind-suppressions --num-callers=8 --log-fd=3 $VG_NFSIM --valgrind-file=/tmp/valgrind "$@" 3>/tmp/valgrind
     VG_RESULT=$?
 
     if [ -s /tmp/valgrind ]; then
@@ -207,10 +206,10 @@
 	    *~|*.orig|*.rej)
 		continue;;
 	    *.sh)
-		$TIME sh -e $EXTRA_ARGS "$f" > $ERROUT 2>&1
+		NFSIM_ARGS=" $NFSIM_QUIET $NFSIM_ARGS" $TIME sh -e $EXTRA_ARGS "$f" > $ERROUT 2>&1
 		;;
 	    *.sim)
-		$TIME $NFSIM $NFSIM_ARGS "$f" > $ERROUT 2>&1
+		$TIME $NFSIM $NFSIM_QUIET $NFSIM_ARGS "$f" > $ERROUT 2>&1
 		;;
 	    *)
 		echo Unknown test type "$f" >&2
@@ -228,7 +227,7 @@
 		    echo Test $f failed, running verbose >&2
 		    case "$f" in
 			*.sh) sh -e -x "$f" || true;;
-			*.sim) echo $NFSIM -e -x "$f"; $NFSIM -e -x "$f" || true;;
+			*.sim) echo $NFSIM -x $NFSIM_ARGS "$f"; $NFSIM -x $NFSIM_ARGS "$f" || true;;
 		    esac
 		    echo Test $f failed >&2
 		    exit 1

More information about the netfilter-cvslog mailing list