summaryrefslogtreecommitdiffstats
path: root/debian/tests
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/tests/control20
-rw-r--r--debian/tests/internaltest-monitor.sh14
-rw-r--r--debian/tests/internaltest-py.sh12
-rw-r--r--debian/tests/internaltest-shell.sh13
-rw-r--r--debian/tests/systemd-service-test.sh72
5 files changed, 131 insertions, 0 deletions
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..9b40f99
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,20 @@
+Test-Command: nft -h
+Depends: @
+Restrictions: needs-root, superficial
+
+Tests: internaltest-shell.sh
+Depends: kmod, @
+Restrictions: needs-root, allow-stderr, isolation-container, flaky
+
+Tests: internaltest-monitor.sh
+Depends: @
+Restrictions: needs-root, allow-stderr, isolation-container, flaky
+
+# Disable test until we decide what to do with the nftables python module
+#Tests: internaltest-py.sh
+#Depends: @, python
+#Restrictions: needs-root, allow-stderr, isolation-container, build-needed
+
+Tests: systemd-service-test.sh
+Depends: systemd, @
+Restrictions: needs-root, allow-stderr, isolation-container
diff --git a/debian/tests/internaltest-monitor.sh b/debian/tests/internaltest-monitor.sh
new file mode 100644
index 0000000..446f2f2
--- /dev/null
+++ b/debian/tests/internaltest-monitor.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Run the internal tests of nftables (monitor)
+
+# The testsuite requires kernel at least 5.x
+if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then
+ echo "W: this testsuite is likely to produce many fails because of old kernel, ending now"
+ exit 0
+fi
+
+set -e
+ln -s $(which nft) src/nft
+cd tests/monitor
+./run-tests.sh -d
diff --git a/debian/tests/internaltest-py.sh b/debian/tests/internaltest-py.sh
new file mode 100644
index 0000000..f8e7627
--- /dev/null
+++ b/debian/tests/internaltest-py.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Run the internal tests of nftables (py)
+
+# The testsuite requires kernel at least 4.x
+if [ "$(uname -r | cut -d. -f1)" -lt 4 ] ; then
+ echo "W: This testsuite is likely to produce many fails because of old kernel"
+fi
+
+set -e
+cd tests/py
+NFT=$(which nft) ./nft-test.py
diff --git a/debian/tests/internaltest-shell.sh b/debian/tests/internaltest-shell.sh
new file mode 100644
index 0000000..a3fdcbc
--- /dev/null
+++ b/debian/tests/internaltest-shell.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Run the internal tests of nftables (shell)
+
+# The testsuite requires kernel at least 5.x
+if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then
+ echo "W: this testsuite is likely to produce many fails because of old kernel, ending now"
+ exit 0
+fi
+
+set -e
+cd tests/shell
+NFT=$(which nft) ./run-tests.sh -v
diff --git a/debian/tests/systemd-service-test.sh b/debian/tests/systemd-service-test.sh
new file mode 100644
index 0000000..83461bc
--- /dev/null
+++ b/debian/tests/systemd-service-test.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+set -ex
+
+SERVICE=nftables.service
+
+# The testsuite requires kernel at least 5.x
+if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then
+ : WARNING this testsuite is likely to produce many fails because of old kernel, ending now
+ exit 0
+fi
+
+systemctl_call()
+{
+ if systemctl $1 $SERVICE ; then
+ return 0
+ else
+ journalctl -u $SERVICE
+ return 1
+ fi
+}
+
+# package ships service disabled by default
+if ! systemctl_call enable ; then
+ : WARNING enabling the service failed
+fi
+
+if systemctl -q is-active $SERVICE ; then
+ : WARNING initial service running, stopping now
+ if ! systemctl_call stop ; then
+ : ERROR unable to stop the initial service
+ exit 1
+ fi
+fi
+
+if [ $(nft list ruleset | wc -l) -ne 0 ] ; then
+ : WARNING initial ruleset is not empty, flushing now
+ nft flush ruleset
+fi
+
+if ! systemctl_call start ; then
+ : ERROR failed to start systemd service
+ exit 1
+fi
+if [ $(nft list ruleset | wc -l) -eq 0 ] ; then
+ : ERROR no ruleset loaded after systemd service start
+ exit 1
+fi
+
+systemctl_call status
+nft list ruleset
+
+if ! systemctl_call stop ; then
+ : ERROR failed to stop systemd service
+ exit 1
+fi
+if [ $(nft list ruleset | wc -l) -ne 0 ] ; then
+ : ERROR ruleset still loaded after systemd service stop
+ exit 1
+fi
+
+if ! systemctl_call restart ; then
+ : ERROR failed to restart systemd service
+ exit 1
+fi
+if [ $(nft list ruleset | wc -l) -eq 0 ] ; then
+ : ERROR no ruleset loaded after systemd service restart
+ exit 1
+fi
+
+: INFO test was OK
+exit 0