diff options
Diffstat (limited to '')
-rw-r--r-- | debian/tests/control | 20 | ||||
-rw-r--r-- | debian/tests/internaltest-monitor.sh | 14 | ||||
-rw-r--r-- | debian/tests/internaltest-py.sh | 12 | ||||
-rw-r--r-- | debian/tests/internaltest-shell.sh | 13 | ||||
-rw-r--r-- | debian/tests/systemd-service-test.sh | 72 |
5 files changed, 131 insertions, 0 deletions
diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..9b40f99 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,20 @@ +Test-Command: nft -h +Depends: @ +Restrictions: needs-root, superficial + +Tests: internaltest-shell.sh +Depends: kmod, @ +Restrictions: needs-root, allow-stderr, isolation-container, flaky + +Tests: internaltest-monitor.sh +Depends: @ +Restrictions: needs-root, allow-stderr, isolation-container, flaky + +# Disable test until we decide what to do with the nftables python module +#Tests: internaltest-py.sh +#Depends: @, python +#Restrictions: needs-root, allow-stderr, isolation-container, build-needed + +Tests: systemd-service-test.sh +Depends: systemd, @ +Restrictions: needs-root, allow-stderr, isolation-container diff --git a/debian/tests/internaltest-monitor.sh b/debian/tests/internaltest-monitor.sh new file mode 100644 index 0000000..446f2f2 --- /dev/null +++ b/debian/tests/internaltest-monitor.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Run the internal tests of nftables (monitor) + +# The testsuite requires kernel at least 5.x +if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then + echo "W: this testsuite is likely to produce many fails because of old kernel, ending now" + exit 0 +fi + +set -e +ln -s $(which nft) src/nft +cd tests/monitor +./run-tests.sh -d diff --git a/debian/tests/internaltest-py.sh b/debian/tests/internaltest-py.sh new file mode 100644 index 0000000..f8e7627 --- /dev/null +++ b/debian/tests/internaltest-py.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +# Run the internal tests of nftables (py) + +# The testsuite requires kernel at least 4.x +if [ "$(uname -r | cut -d. -f1)" -lt 4 ] ; then + echo "W: This testsuite is likely to produce many fails because of old kernel" +fi + +set -e +cd tests/py +NFT=$(which nft) ./nft-test.py diff --git a/debian/tests/internaltest-shell.sh b/debian/tests/internaltest-shell.sh new file mode 100644 index 0000000..a3fdcbc --- /dev/null +++ b/debian/tests/internaltest-shell.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Run the internal tests of nftables (shell) + +# The testsuite requires kernel at least 5.x +if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then + echo "W: this testsuite is likely to produce many fails because of old kernel, ending now" + exit 0 +fi + +set -e +cd tests/shell +NFT=$(which nft) ./run-tests.sh -v diff --git a/debian/tests/systemd-service-test.sh b/debian/tests/systemd-service-test.sh new file mode 100644 index 0000000..83461bc --- /dev/null +++ b/debian/tests/systemd-service-test.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +set -ex + +SERVICE=nftables.service + +# The testsuite requires kernel at least 5.x +if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then + : WARNING this testsuite is likely to produce many fails because of old kernel, ending now + exit 0 +fi + +systemctl_call() +{ + if systemctl $1 $SERVICE ; then + return 0 + else + journalctl -u $SERVICE + return 1 + fi +} + +# package ships service disabled by default +if ! systemctl_call enable ; then + : WARNING enabling the service failed +fi + +if systemctl -q is-active $SERVICE ; then + : WARNING initial service running, stopping now + if ! systemctl_call stop ; then + : ERROR unable to stop the initial service + exit 1 + fi +fi + +if [ $(nft list ruleset | wc -l) -ne 0 ] ; then + : WARNING initial ruleset is not empty, flushing now + nft flush ruleset +fi + +if ! systemctl_call start ; then + : ERROR failed to start systemd service + exit 1 +fi +if [ $(nft list ruleset | wc -l) -eq 0 ] ; then + : ERROR no ruleset loaded after systemd service start + exit 1 +fi + +systemctl_call status +nft list ruleset + +if ! systemctl_call stop ; then + : ERROR failed to stop systemd service + exit 1 +fi +if [ $(nft list ruleset | wc -l) -ne 0 ] ; then + : ERROR ruleset still loaded after systemd service stop + exit 1 +fi + +if ! systemctl_call restart ; then + : ERROR failed to restart systemd service + exit 1 +fi +if [ $(nft list ruleset | wc -l) -eq 0 ] ; then + : ERROR no ruleset loaded after systemd service restart + exit 1 +fi + +: INFO test was OK +exit 0 |