mirror of
https://gitee.com/bianbu-linux/linux-6.6
synced 2025-04-24 14:07:52 -04:00
selftests: netfilter: Fix nft_audit.sh for newer nft binaries
[ Upstream commit 8a89015644513ef69193a037eb966f2d55fe385a ]
As a side-effect of nftables' commit dbff26bfba833 ("cache: consolidate
reset command"), audit logs changed when more objects were reset than
fit into a single netlink message.
Since the objects' distribution in netlink messages is not relevant,
implement a summarizing function which combines repeated audit logs into
a single one with summed up 'entries=' value.
Fixes: 203bb9d398 ("selftests: netfilter: Extend nft_audit.sh")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Phil Sutter
Greg Kroah-Hartman
parent
271b490472
commit
fe9ccbf1b7
1 changed files with 29 additions and 28 deletions
|
|
@ -25,12 +25,31 @@ logread_pid=$!
|
||||||
trap 'kill $logread_pid; rm -f $logfile $rulefile' EXIT
|
trap 'kill $logread_pid; rm -f $logfile $rulefile' EXIT
|
||||||
exec 3<"$logfile"
|
exec 3<"$logfile"
|
||||||
|
|
||||||
|
lsplit='s/^\(.*\) entries=\([^ ]*\) \(.*\)$/pfx="\1"\nval="\2"\nsfx="\3"/'
|
||||||
|
summarize_logs() {
|
||||||
|
sum=0
|
||||||
|
while read line; do
|
||||||
|
eval $(sed "$lsplit" <<< "$line")
|
||||||
|
[[ $sum -gt 0 ]] && {
|
||||||
|
[[ "$pfx $sfx" == "$tpfx $tsfx" ]] && {
|
||||||
|
let "sum += val"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
echo "$tpfx entries=$sum $tsfx"
|
||||||
|
}
|
||||||
|
tpfx="$pfx"
|
||||||
|
tsfx="$sfx"
|
||||||
|
sum=$val
|
||||||
|
done
|
||||||
|
echo "$tpfx entries=$sum $tsfx"
|
||||||
|
}
|
||||||
|
|
||||||
do_test() { # (cmd, log)
|
do_test() { # (cmd, log)
|
||||||
echo -n "testing for cmd: $1 ... "
|
echo -n "testing for cmd: $1 ... "
|
||||||
cat <&3 >/dev/null
|
cat <&3 >/dev/null
|
||||||
$1 >/dev/null || exit 1
|
$1 >/dev/null || exit 1
|
||||||
sleep 0.1
|
sleep 0.1
|
||||||
res=$(diff -a -u <(echo "$2") - <&3)
|
res=$(diff -a -u <(echo "$2") <(summarize_logs <&3))
|
||||||
[ $? -eq 0 ] && { echo "OK"; return; }
|
[ $? -eq 0 ] && { echo "OK"; return; }
|
||||||
echo "FAIL"
|
echo "FAIL"
|
||||||
grep -v '^\(---\|+++\|@@\)' <<< "$res"
|
grep -v '^\(---\|+++\|@@\)' <<< "$res"
|
||||||
|
|
@ -129,31 +148,17 @@ do_test 'nft reset rules t1 c2' \
|
||||||
'table=t1 family=2 entries=3 op=nft_reset_rule'
|
'table=t1 family=2 entries=3 op=nft_reset_rule'
|
||||||
|
|
||||||
do_test 'nft reset rules table t1' \
|
do_test 'nft reset rules table t1' \
|
||||||
'table=t1 family=2 entries=3 op=nft_reset_rule
|
'table=t1 family=2 entries=9 op=nft_reset_rule'
|
||||||
table=t1 family=2 entries=3 op=nft_reset_rule
|
|
||||||
table=t1 family=2 entries=3 op=nft_reset_rule'
|
|
||||||
|
|
||||||
do_test 'nft reset rules t2 c3' \
|
do_test 'nft reset rules t2 c3' \
|
||||||
'table=t2 family=2 entries=189 op=nft_reset_rule
|
'table=t2 family=2 entries=503 op=nft_reset_rule'
|
||||||
table=t2 family=2 entries=188 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=126 op=nft_reset_rule'
|
|
||||||
|
|
||||||
do_test 'nft reset rules t2' \
|
do_test 'nft reset rules t2' \
|
||||||
'table=t2 family=2 entries=3 op=nft_reset_rule
|
'table=t2 family=2 entries=509 op=nft_reset_rule'
|
||||||
table=t2 family=2 entries=3 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=186 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=188 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=129 op=nft_reset_rule'
|
|
||||||
|
|
||||||
do_test 'nft reset rules' \
|
do_test 'nft reset rules' \
|
||||||
'table=t1 family=2 entries=3 op=nft_reset_rule
|
'table=t1 family=2 entries=9 op=nft_reset_rule
|
||||||
table=t1 family=2 entries=3 op=nft_reset_rule
|
table=t2 family=2 entries=509 op=nft_reset_rule'
|
||||||
table=t1 family=2 entries=3 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=3 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=3 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=180 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=188 op=nft_reset_rule
|
|
||||||
table=t2 family=2 entries=135 op=nft_reset_rule'
|
|
||||||
|
|
||||||
# resetting sets and elements
|
# resetting sets and elements
|
||||||
|
|
||||||
|
|
@ -177,13 +182,11 @@ do_test 'nft reset counters t1' \
|
||||||
'table=t1 family=2 entries=1 op=nft_reset_obj'
|
'table=t1 family=2 entries=1 op=nft_reset_obj'
|
||||||
|
|
||||||
do_test 'nft reset counters t2' \
|
do_test 'nft reset counters t2' \
|
||||||
'table=t2 family=2 entries=342 op=nft_reset_obj
|
'table=t2 family=2 entries=500 op=nft_reset_obj'
|
||||||
table=t2 family=2 entries=158 op=nft_reset_obj'
|
|
||||||
|
|
||||||
do_test 'nft reset counters' \
|
do_test 'nft reset counters' \
|
||||||
'table=t1 family=2 entries=1 op=nft_reset_obj
|
'table=t1 family=2 entries=1 op=nft_reset_obj
|
||||||
table=t2 family=2 entries=341 op=nft_reset_obj
|
table=t2 family=2 entries=500 op=nft_reset_obj'
|
||||||
table=t2 family=2 entries=159 op=nft_reset_obj'
|
|
||||||
|
|
||||||
# resetting quotas
|
# resetting quotas
|
||||||
|
|
||||||
|
|
@ -194,13 +197,11 @@ do_test 'nft reset quotas t1' \
|
||||||
'table=t1 family=2 entries=1 op=nft_reset_obj'
|
'table=t1 family=2 entries=1 op=nft_reset_obj'
|
||||||
|
|
||||||
do_test 'nft reset quotas t2' \
|
do_test 'nft reset quotas t2' \
|
||||||
'table=t2 family=2 entries=315 op=nft_reset_obj
|
'table=t2 family=2 entries=500 op=nft_reset_obj'
|
||||||
table=t2 family=2 entries=185 op=nft_reset_obj'
|
|
||||||
|
|
||||||
do_test 'nft reset quotas' \
|
do_test 'nft reset quotas' \
|
||||||
'table=t1 family=2 entries=1 op=nft_reset_obj
|
'table=t1 family=2 entries=1 op=nft_reset_obj
|
||||||
table=t2 family=2 entries=314 op=nft_reset_obj
|
table=t2 family=2 entries=500 op=nft_reset_obj'
|
||||||
table=t2 family=2 entries=186 op=nft_reset_obj'
|
|
||||||
|
|
||||||
# deleting rules
|
# deleting rules
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue