From patchwork Tue Oct 31 18:53:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Haller X-Patchwork-Id: 1857709 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MI3Ef9yH; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SKfVK0YCpz1yQf for ; Wed, 1 Nov 2023 05:55:53 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230008AbjJaSzu (ORCPT ); Tue, 31 Oct 2023 14:55:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230322AbjJaSzt (ORCPT ); Tue, 31 Oct 2023 14:55:49 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D67AB4 for ; Tue, 31 Oct 2023 11:55:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698778501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=maccioG2vh1eoDZeRT+UvWaEaIlILNihdGDkYIWSUQI=; b=MI3Ef9yHLBBFx0N/0CzWnuL9qP/EWEn74uv+Jsp6Ku8bzs2OiCIX5fXkYep/zSvFHIcSPg p1PoH8/EC0JoV3AMkKB62YZSL4SgIVRF83x1RxQl2ombR0ZWp2aC8fqEtBO1hDuG5aVGTV utc/OTqbPIR7CCm9RYNqPXRXUWlyc/I= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-319-iiKAa9BCMa2LU3ltsMkg7w-1; Tue, 31 Oct 2023 14:55:00 -0400 X-MC-Unique: iiKAa9BCMa2LU3ltsMkg7w-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C884D185A782 for ; Tue, 31 Oct 2023 18:54:59 +0000 (UTC) Received: from localhost.localdomain (unknown [10.39.192.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 140B310F51; Tue, 31 Oct 2023 18:54:58 +0000 (UTC) From: Thomas Haller To: NetFilter Cc: Thomas Haller Subject: [PATCH nft 1/7] json: fix use after free in table_flags_json() Date: Tue, 31 Oct 2023 19:53:27 +0100 Message-ID: <20231031185449.1033380-2-thaller@redhat.com> In-Reply-To: <20231031185449.1033380-1-thaller@redhat.com> References: <20231031185449.1033380-1-thaller@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Valgrind complains about this: ==286== Invalid read of size 4 ==286== at 0x49B0261: do_dump (dump.c:211) ==286== by 0x49B08B8: do_dump (dump.c:378) ==286== by 0x49B08B8: do_dump (dump.c:378) ==286== by 0x49B04F7: do_dump (dump.c:273) ==286== by 0x49B08B8: do_dump (dump.c:378) ==286== by 0x49B0E84: json_dump_callback (dump.c:465) ==286== by 0x48AF22A: do_command_list_json (json.c:2016) ==286== by 0x48732F1: do_command_list (rule.c:2335) ==286== by 0x48737F5: do_command (rule.c:2605) ==286== by 0x48A867D: nft_netlink (libnftables.c:42) ==286== by 0x48A92B1: nft_run_cmd_from_buffer (libnftables.c:597) ==286== by 0x402CBA: main (main.c:533) ==286== Address 0x5038650 is 0 bytes inside a block of size 32 free'd ==286== at 0x48452AC: free (vg_replace_malloc.c:974) ==286== by 0x49AECDD: UnknownInlinedFun (jansson.h:133) ==286== by 0x49AECDD: UnknownInlinedFun (jansson.h:131) ==286== by 0x49AECDD: UnknownInlinedFun (value.c:398) ==286== by 0x49AECDD: json_delete (value.c:953) ==286== by 0x48A9F61: json_decref (jansson.h:133) ==286== by 0x48AA4AA: table_flags_json (json.c:494) ==286== by 0x48AA52B: table_print_json (json.c:510) ==286== by 0x48ABBAE: table_print_json_full (json.c:1695) ==286== by 0x48ABD48: do_list_ruleset_json (json.c:1739) ==286== by 0x48AF2A0: do_command_list_json (json.c:1962) ==286== by 0x48732F1: do_command_list (rule.c:2335) ==286== by 0x48737F5: do_command (rule.c:2605) ==286== by 0x48A867D: nft_netlink (libnftables.c:42) ==286== by 0x48A92B1: nft_run_cmd_from_buffer (libnftables.c:597) ==286== by 0x402CBA: main (main.c:533) ==286== Block was alloc'd at ==286== at 0x484282F: malloc (vg_replace_malloc.c:431) ==286== by 0x49AE4EA: UnknownInlinedFun (memory.c:27) ==286== by 0x49AE4EA: UnknownInlinedFun (value.c:676) ==286== by 0x49AE4EA: json_stringn_nocheck (value.c:696) ==286== by 0x48AA464: table_flags_json (json.c:482) ==286== by 0x48AA52B: table_print_json (json.c:510) ==286== by 0x48ABBAE: table_print_json_full (json.c:1695) ==286== by 0x48ABD48: do_list_ruleset_json (json.c:1739) ==286== by 0x48AF2A0: do_command_list_json (json.c:1962) ==286== by 0x48732F1: do_command_list (rule.c:2335) ==286== by 0x48737F5: do_command (rule.c:2605) ==286== by 0x48A867D: nft_netlink (libnftables.c:42) ==286== by 0x48A92B1: nft_run_cmd_from_buffer (libnftables.c:597) ==286== by 0x402CBA: main (main.c:533) Fixes: e70354f53e9f ("libnftables: Implement JSON output support") Signed-off-by: Thomas Haller --- src/json.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/json.c b/src/json.c index 068c423addc7..c0ccf06d85b4 100644 --- a/src/json.c +++ b/src/json.c @@ -496,7 +496,7 @@ static json_t *table_flags_json(const struct table *table) json_decref(root); return NULL; case 1: - json_unpack(root, "[o]", &tmp); + json_unpack(root, "[O]", &tmp); json_decref(root); root = tmp; break; From patchwork Tue Oct 31 18:53:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Haller X-Patchwork-Id: 1857708 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ghDCZmwb; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SKfVJ4NMVz1yQ5 for ; Wed, 1 Nov 2023 05:55:52 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230493AbjJaSzu (ORCPT ); Tue, 31 Oct 2023 14:55:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46528 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230008AbjJaSzt (ORCPT ); Tue, 31 Oct 2023 14:55:49 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64C6BE6 for ; Tue, 31 Oct 2023 11:55:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698778502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NKzoXHg56qV6QeFZ825rh26RkbdMoDPcQIi8fFaTiMs=; b=ghDCZmwb7HE6TiejczQvKGCH/nfgc46F0eXrT6XGp5G7xUPlDca7+KH1zkEfzCkVS+7RXb AzyHOYIa3eq5yT7S8IZaDEWY9Jhx6+RqdNLDhZyuuot6/newSxyBoErikOLc2sXAu1plqW C+/KU9miEaXFtxeg5m3clvT7hJaHjrk= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-296-Gvwwgav4NvuSZy7WOncV1Q-1; Tue, 31 Oct 2023 14:55:01 -0400 X-MC-Unique: Gvwwgav4NvuSZy7WOncV1Q-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BBE72185A784 for ; Tue, 31 Oct 2023 18:55:00 +0000 (UTC) Received: from localhost.localdomain (unknown [10.39.192.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 21AAB10F51; Tue, 31 Oct 2023 18:55:00 +0000 (UTC) From: Thomas Haller To: NetFilter Cc: Thomas Haller Subject: [PATCH nft 2/7] json: drop messages "warning: stmt ops chain have no json callback" Date: Tue, 31 Oct 2023 19:53:28 +0100 Message-ID: <20231031185449.1033380-3-thaller@redhat.com> In-Reply-To: <20231031185449.1033380-1-thaller@redhat.com> References: <20231031185449.1033380-1-thaller@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This message purely depends on the internal callbacks and at the program code. This is not useful. What is the user going to do with this warning? Maybe there is a bug here, but then we shouldn't print a warning but fix the bug. For example, calling `nft -j list ruleset` after test "tests/shell/testcases/chains/0041chain_binding_0" will trigger messages like: warning: stmt ops chain have no json callback warning: stmt ops chain have no json callback Signed-off-by: Thomas Haller --- src/json.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/json.c b/src/json.c index c0ccf06d85b4..c66b58f8c6d5 100644 --- a/src/json.c +++ b/src/json.c @@ -52,9 +52,6 @@ static json_t *expr_print_json(const struct expr *expr, struct output_ctx *octx) if (ops->json) return ops->json(expr, octx); - fprintf(stderr, "warning: expr ops %s have no json callback\n", - expr_name(expr)); - fp = octx->output_fp; octx->output_fp = fmemopen(buf, 1024, "w"); @@ -95,9 +92,6 @@ static json_t *stmt_print_json(const struct stmt *stmt, struct output_ctx *octx) if (stmt->ops->json) return stmt->ops->json(stmt, octx); - fprintf(stderr, "warning: stmt ops %s have no json callback\n", - stmt->ops->name); - fp = octx->output_fp; octx->output_fp = fmemopen(buf, 1024, "w"); From patchwork Tue Oct 31 18:53:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Haller X-Patchwork-Id: 1857710 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=KqhI8gsw; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SKfVK3p72z1yQh for ; Wed, 1 Nov 2023 05:55:53 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231126AbjJaSzx (ORCPT ); Tue, 31 Oct 2023 14:55:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230418AbjJaSzw (ORCPT ); Tue, 31 Oct 2023 14:55:52 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDC52E8 for ; Tue, 31 Oct 2023 11:55:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698778504; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9D2j3lUh1D80fPlQwHcrmoH2sCZFhcQOfXlvq1fGiQg=; b=KqhI8gswCIUPuLb7nn1dcY/K5C2f+gng5Tup4+7xzxplf3GP6y3LbsKUMwZk6CPMPNRjnS yg5KLchlyTuVzzJLPip3BSIyxv9Ej8PJ0dLE3F4pfHVt1lcbauAynjJ3blPm1nGNXOmBwj DlkarUWyp+4LTXTtvl8B/lVAPgAKtnM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-153-F1kYYWr7NfKT02PAPKsPqw-1; Tue, 31 Oct 2023 14:55:02 -0400 X-MC-Unique: F1kYYWr7NfKT02PAPKsPqw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C18BC857BC9 for ; Tue, 31 Oct 2023 18:55:01 +0000 (UTC) Received: from localhost.localdomain (unknown [10.39.192.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0F13C10F51; Tue, 31 Oct 2023 18:55:00 +0000 (UTC) From: Thomas Haller To: NetFilter Cc: Thomas Haller Subject: [PATCH nft 3/7] tests/shell: check and generate JSON dump files Date: Tue, 31 Oct 2023 19:53:29 +0100 Message-ID: <20231031185449.1033380-4-thaller@redhat.com> In-Reply-To: <20231031185449.1033380-1-thaller@redhat.com> References: <20231031185449.1033380-1-thaller@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org The rules after a successful test are good opportunity to test `nft -j list ruleset` and `nft -j --check`. This quite possibly touches code paths that are not hit by other tests yet. The only downside is the increase of the test runtime (which seems negligible, given the benefits of increasing test coverage). Note that with some tests the test wrapper now prints: "warning: stmt ops chain have no json callback" That is a bug that will be fixed next. Future commits will commit those ".json-nft" dump files. Test "tests/shell/testcases/transactions/table_onoff" will trigger a valgrind error during `nft -j list ruleset` which causes the test to fail in valgrind mode. That needs to be fixed. Signed-off-by: Thomas Haller --- tests/shell/helpers/test-wrapper.sh | 138 +++++++++++++++++++++------- tests/shell/run-tests.sh | 11 ++- 2 files changed, 110 insertions(+), 39 deletions(-) diff --git a/tests/shell/helpers/test-wrapper.sh b/tests/shell/helpers/test-wrapper.sh index 872a0c56ed54..f56537f601e0 100755 --- a/tests/shell/helpers/test-wrapper.sh +++ b/tests/shell/helpers/test-wrapper.sh @@ -15,6 +15,16 @@ array_contains() { return 1 } +show_file() { + local filename="$1" + shift + local msg="$*" + + printf '%s\n>>>>\n' "$msg" + cat "$filename" + printf "<<<<\n" +} + TEST="$1" TESTBASE="$(basename "$TEST")" TESTDIR="$(dirname "$TEST")" @@ -109,55 +119,103 @@ if [ "$rc_test" -eq 0 ] ; then "${CMD[@]}" &>> "$NFT_TEST_TESTTMPDIR/testout.log" || rc_test=$? fi -$NFT list ruleset > "$NFT_TEST_TESTTMPDIR/ruleset-after" +rc_chkdump=0 +rc=0 +$NFT list ruleset > "$NFT_TEST_TESTTMPDIR/ruleset-after" 2> "$NFT_TEST_TESTTMPDIR/chkdump" || rc=$? +if [ "$rc" -ne 0 -o -s "$NFT_TEST_TESTTMPDIR/chkdump" ] ; then + show_file "$NFT_TEST_TESTTMPDIR/chkdump" "Command \`$NFT list ruleset\"$DUMPFILE\"\` failed" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" + rc_chkdump=1 +fi +if [ "$NFT_TEST_HAVE_json" != n ] ; then + rc=0 + $NFT -j list ruleset > "$NFT_TEST_TESTTMPDIR/ruleset-after.json" 2> "$NFT_TEST_TESTTMPDIR/chkdump" || rc=$? + if [ "$rc" -ne 0 -o -s "$NFT_TEST_TESTTMPDIR/chkdump" ] ; then + show_file "$NFT_TEST_TESTTMPDIR/chkdump" "Command \`$NFT -j list ruleset\"$DUMPFILE\"\` failed" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" + rc_chkdump=1 + fi + # Normalize the version number from the JSON output. Otherwise, we'd + # have to regenerate the .json-nft files upon release. + sed '1s/\({"nftables": \[{"metainfo": {"version": "\)[0-9.]\+\(", "release_name": "\)[^"]\+\(", "\)/\1VERSION\2RELEASE_NAME\3/' -i "$NFT_TEST_TESTTMPDIR/ruleset-after.json" +fi read tainted_after < /proc/sys/kernel/tainted DUMPPATH="$TESTDIR/dumps" DUMPFILE="$DUMPPATH/$TESTBASE.nft" +JDUMPFILE="$DUMPPATH/$TESTBASE.json-nft" NODUMPFILE="$DUMPPATH/$TESTBASE.nodump" -dump_written= - -# The caller can request a re-geneating of the dumps, by setting -# DUMPGEN=y. +# The caller can request a re-geneating of the .nft, .nodump, .json-nft dump files +# by setting DUMPGEN=y. In that case, only the existing files will be regenerated +# (unless all three files are missing, in which case all of them are generated). # -# This only will happen if the command completed with success. -# -# It also will only happen for tests, that have a "$DUMPPATH" directory. There -# might be tests, that don't want to have dumps created. The existence of the -# directory controls that. Tests that have a "$NODUMPFILE" file, don't get a dump generated. -if [ "$rc_test" -eq 0 -a "$DUMPGEN" = y -a -d "$DUMPPATH" -a ! -f "$NODUMPFILE" ] ; then +# By setting DUMPGEN=force, all 3 files are always regenerated. +dump_written=n +if [ "$rc_test" -eq 0 -a '(' "$DUMPGEN" = force -o "$DUMPGEN" = y ')' ] ; then dump_written=y - if [ ! -f "$DUMPFILE" ] ; then - # No dumpfile exists yet. We generate both a .nft and a .nodump - # file. The user can pick which one to commit to git. + if [ ! -d "$DUMPPATH" ] ; then + mkdir "$DUMPPATH" + fi + if [ "$DUMPGEN" = force ] ; then + gen_nodumpfile=y + gen_dumpfile=y + gen_jdumpfile=y + else + # by default, only regenerate the files that we already have on disk. + gen_nodumpfile=n + gen_dumpfile=n + gen_jdumpfile=n + test -f "$DUMPFILE" && gen_dumpfile=y + test -f "$JDUMPFILE" && gen_jdumpfile=y + test -f "$NODUMPFILE" && gen_nodumpfile=y + if [ "$gen_dumpfile" = y -a "$gen_jdumpfile" = y -a "$gen_nodumpfile" = y ] ; then + # Except, if no files exist. Them generate all files. + gen_dumpfile=y + gen_jdumpfile=y + gen_nodumpfile=y + fi + fi + if [ "$gen_nodumpfile" = y ] ; then : > "$NODUMPFILE" fi - cat "$NFT_TEST_TESTTMPDIR/ruleset-after" > "$DUMPFILE" + if [ "$gen_dumpfile" = y ] ; then + cat "$NFT_TEST_TESTTMPDIR/ruleset-after" > "$DUMPFILE" + fi + if [ "$NFT_TEST_HAVE_json" != n -a "$gen_jdumpfile" = y ] ; then + cat "$NFT_TEST_TESTTMPDIR/ruleset-after.json" > "$JDUMPFILE" + fi fi rc_dump=0 -if [ "$rc_test" -ne 77 -a -f "$DUMPFILE" ] ; then - if [ "$dump_written" != y ] ; then +if [ "$rc_test" -ne 77 -a "$dump_written" != y ] ; then + if [ -f "$DUMPFILE" ] ; then if ! $DIFF -u "$DUMPFILE" "$NFT_TEST_TESTTMPDIR/ruleset-after" &> "$NFT_TEST_TESTTMPDIR/ruleset-diff" ; then + show_file "$NFT_TEST_TESTTMPDIR/ruleset-diff" "Failed \`$DIFF -u \"$DUMPFILE\" \"$NFT_TEST_TESTTMPDIR/ruleset-after\"\`" >> "$NFT_TEST_TESTTMPDIR/rc-failed-dump" rc_dump=1 else rm -f "$NFT_TEST_TESTTMPDIR/ruleset-diff" fi fi -fi -if [ "$rc_dump" -ne 0 ] ; then - echo "$DUMPFILE" > "$NFT_TEST_TESTTMPDIR/rc-failed-dump" + if [ "$NFT_TEST_HAVE_json" != n -a -f "$JDUMPFILE" ] ; then + if ! $DIFF -u "$JDUMPFILE" "$NFT_TEST_TESTTMPDIR/ruleset-after.json" &> "$NFT_TEST_TESTTMPDIR/ruleset-diff.json" ; then + show_file "$NFT_TEST_TESTTMPDIR/ruleset-diff.json" "Failed \`$DIFF -u \"$JDUMPFILE\" \"$NFT_TEST_TESTTMPDIR/ruleset-after.json\"\`" >> "$NFT_TEST_TESTTMPDIR/rc-failed-dump" + rc_dump=1 + else + rm -f "$NFT_TEST_TESTTMPDIR/ruleset-diff.json" + fi + fi fi -rc_chkdump=0 # check that a flush after the test succeeds. We anyway need a clean ruleset # for the `nft --check` next. -$NFT flush ruleset &> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" || rc_chkdump=1 +rc=0 +$NFT flush ruleset &> "$NFT_TEST_TESTTMPDIR/chkdump" || rc=1 +if [ "$rc" = 1 -o -s "$NFT_TEST_TESTTMPDIR/chkdump" ] ; then + show_file "$NFT_TEST_TESTTMPDIR/chkdump" "Command \`$NFT flush ruleset\` failed" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" + rc_chkdump=1 +fi +# For the dumpfiles, call `nft --check` to possibly cover new code paths. if [ -f "$DUMPFILE" ] ; then - # We have a dumpfile. Call `nft --check` to possibly cover new code - # paths. if [ "$rc_test" -eq 77 ] ; then # The test was skipped. Possibly we don't have the required # features to process this file. Ignore any output and exit @@ -165,20 +223,30 @@ if [ -f "$DUMPFILE" ] ; then # issue we hope to find). $NFT --check -f "$DUMPFILE" &>/dev/null || : else - $NFT --check -f "$DUMPFILE" &>> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" || rc_chkdump=1 + fail=n + $NFT --check -f "$DUMPFILE" &> "$NFT_TEST_TESTTMPDIR/chkdump" || fail=y + test -s "$NFT_TEST_TESTTMPDIR/chkdump" && fail=y + if [ "$fail" = y ] ; then + show_file "$NFT_TEST_TESTTMPDIR/chkdump" "Command \`$NFT --check -f \"$DUMPFILE\"\` failed" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" + rc_chkdump=1 + fi + rm -f "$NFT_TEST_TESTTMPDIR/chkdump" fi fi -if [ -s "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" ] ; then - # Non-empty output? That is wrong. - rc_chkdump=1 -elif [ "$rc_chkdump" -eq 0 ] ; then - rm -rf "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" -fi -if [ "$rc_chkdump" -ne 0 ] ; then - # Ensure we don't have empty output files. Always write something, so - # that `grep ^ -R` lists the file. - echo -e "<<<<<\n\nCalling \`nft --check\` (or \`nft flush ruleset\`) failed for \"$DUMPFILE\"" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" +if [ "$NFT_TEST_HAVE_json" != n -a -f "$JDUMPFILE" ] ; then + if [ "$rc_test" -eq 77 ] ; then + $NFT -j --check -f "$JDUMPFILE" &>/dev/null || : + else + fail=n + $NFT -j --check -f "$JDUMPFILE" &> "$NFT_TEST_TESTTMPDIR/chkdump" || fail=y + test -s "$NFT_TEST_TESTTMPDIR/chkdump" && fail=y + if [ "$fail" = y ] ; then + show_file "$NFT_TEST_TESTTMPDIR/chkdump" "Command \`$NFT -j --check -f \"$JDUMPFILE\"\` failed" >> "$NFT_TEST_TESTTMPDIR/rc-failed-chkdump" + rc_chkdump=1 + fi + fi fi +rm -f "$NFT_TEST_TESTTMPDIR/chkdump" rc_valgrind=0 [ -f "$NFT_TEST_TESTTMPDIR/rc-failed-valgrind" ] && rc_valgrind=1 diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index 27a0ec43042a..846de8429e1f 100755 --- a/tests/shell/run-tests.sh +++ b/tests/shell/run-tests.sh @@ -184,9 +184,10 @@ usage() { echo " VERBOSE=*|y : Enable verbose output." echo " NFT_TEST_VERBOSE_TEST=*|y: if true, enable verbose output for tests. For bash scripts, this means" echo " to pass \"-x\" to the interpreter." - echo " DUMPGEN=*|y : Regenerate dump files. Dump files are only recreated if the" - echo " test completes successfully and the \"dumps\" directory for the" - echo " test exits." + echo " DUMPGEN=*|y|force : Regenerate dump files .nft, .json-nft, .nodump. \"DUMPGEN=y\" only regenerates existing" + echo " files, unless the test has no files (then all three files are generated, and you need to" + echo " choose those to keep). With \"DUMPGEN=force\" all 3 files are regenerated, regardless" + echo " whether they existed." echo " VALGRIND=*|y : Run \$NFT in valgrind." echo " KMEMLEAK=*|y : Check for kernel memleaks." echo " NFT_TEST_HAS_REALROOT=*|y : To indicate whether the test has real root permissions." @@ -279,7 +280,9 @@ _NFT_TEST_JOBS_DEFAULT="$(( _NFT_TEST_JOBS_DEFAULT + (_NFT_TEST_JOBS_DEFAULT + 1 VERBOSE="$(bool_y "$VERBOSE")" NFT_TEST_VERBOSE_TEST="$(bool_y "$NFT_TEST_VERBOSE_TEST")" -DUMPGEN="$(bool_y "$DUMPGEN")" +if [ "$DUMPGEN" != "force" ] ; then + DUMPGEN="$(bool_y "$DUMPGEN")" +fi VALGRIND="$(bool_y "$VALGRIND")" KMEMLEAK="$(bool_y "$KMEMLEAK")" NFT_TEST_KEEP_LOGS="$(bool_y "$NFT_TEST_KEEP_LOGS")" From patchwork Tue Oct 31 18:53:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Haller X-Patchwork-Id: 1857713 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=fSMmxLuM; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SKfVR2Zmlz1yQ5 for ; Wed, 1 Nov 2023 05:55:59 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231171AbjJaSz7 (ORCPT ); Tue, 31 Oct 2023 14:55:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230322AbjJaSz7 (ORCPT ); Tue, 31 Oct 2023 14:55:59 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 864C5DF for ; Tue, 31 Oct 2023 11:55:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698778508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ae7jZslnIZWSMwz8fG8821b9hauoGOxH+m7tyDnTXIA=; b=fSMmxLuMhcfi8O+EDbkz35MeiFx1ZTCcLrci36AaHKGB+k8AZ4tAAIelvn3T42tTniwEG+ hqicHSLPPOulel5jHSFNCqlYCEeoNCtwoR/Myx+M4Nrm+dYtU4MVnk7G2sHp6m1KcB29ms llAToJiGHQ6oU4WBF3ObxNWpYXlRB3E= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-580-GK7xlGCcMDOQVZajxvvaSg-1; Tue, 31 Oct 2023 14:55:06 -0400 X-MC-Unique: GK7xlGCcMDOQVZajxvvaSg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5AA59185A785 for ; Tue, 31 Oct 2023 18:55:06 +0000 (UTC) Received: from localhost.localdomain (unknown [10.39.192.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 827E910F51; Tue, 31 Oct 2023 18:55:05 +0000 (UTC) From: Thomas Haller To: NetFilter Cc: Thomas Haller Subject: [PATCH nft 5/7] tools: simplify error handling in "check-tree.sh" by adding msg_err()/msg_warn() Date: Tue, 31 Oct 2023 19:53:31 +0100 Message-ID: <20231031185449.1033380-6-thaller@redhat.com> In-Reply-To: <20231031185449.1033380-1-thaller@redhat.com> References: <20231031185449.1033380-1-thaller@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org msg_err() also sets EXIT_CODE=, so we don't have to duplicate this. Also add msg_warn() to print non-fatal warnings. Will be used in the future. As "check-tree.sh" tests the consistency of the source tree, a warning only makes sense to point something out that really should be fixed, but is not yet. Signed-off-by: Thomas Haller --- tools/check-tree.sh | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/tools/check-tree.sh b/tools/check-tree.sh index e3ddf8bdea58..b16d37c4651b 100755 --- a/tools/check-tree.sh +++ b/tools/check-tree.sh @@ -25,6 +25,15 @@ cd "$(dirname "$0")/.." EXIT_CODE=0 +msg_err() { + printf "ERR: %s\n" "$*" + EXIT_CODE=1 +} + +msg_warn() { + printf "WARN: %s\n" "$*" +} + ############################################################################## check_shell_dumps() { @@ -37,8 +46,7 @@ check_shell_dumps() { local nodump_name if [ ! -d "$dir/dumps/" ] ; then - echo "\"$TEST\" has no \"$dir/dumps/\" directory" - EXIT_CODE=1 + msg_err "\"$TEST\" has no \"$dir/dumps/\" directory" return 0 fi @@ -49,34 +57,31 @@ check_shell_dumps() { [ -f "$nodump_name" ] && has_nodump=1 if [ "$has_nft" != 1 -a "$has_nodump" != 1 ] ; then - echo "\"$TEST\" has no \"$dir/dumps/$base.{nft,nodump}\" file" - EXIT_CODE=1 + msg_err "\"$TEST\" has no \"$dir/dumps/$base.{nft,nodump}\" file" elif [ "$has_nft" == 1 -a "$has_nodump" == 1 ] ; then - echo "\"$TEST\" has both \"$dir/dumps/$base.{nft,nodump}\" files" - EXIT_CODE=1 + msg_err "\"$TEST\" has both \"$dir/dumps/$base.{nft,nodump}\" files" elif [ "$has_nodump" == 1 -a -s "$nodump_name" ] ; then - echo "\"$TEST\" has a non-empty \"$dir/dumps/$base.nodump\" file" - EXIT_CODE=1 + msg_err "\"$TEST\" has a non-empty \"$dir/dumps/$base.nodump\" file" fi } SHELL_TESTS=( $(find "tests/shell/testcases/" -type f -executable | sort) ) if [ "${#SHELL_TESTS[@]}" -eq 0 ] ; then - echo "No executable tests under \"tests/shell/testcases/\" found" - EXIT_CODE=1 + msg_err "No executable tests under \"tests/shell/testcases/\" found" fi for t in "${SHELL_TESTS[@]}" ; do check_shell_dumps "$t" - head -n 1 "$t" |grep -q '^#!/bin/sh' && echo "$t uses sh instead of bash" && EXIT_CODE=1 + if head -n 1 "$t" |grep -q '^#!/bin/sh' ; then + msg_err "$t uses #!/bin/sh instead of /bin/bash" + fi done ############################################################################## SHELL_TESTS2=( $(./tests/shell/run-tests.sh --list-tests) ) if [ "${SHELL_TESTS[*]}" != "${SHELL_TESTS2[*]}" ] ; then - echo "\`./tests/shell/run-tests.sh --list-tests\` does not list the expected tests" - EXIT_CODE=1 + msg_err "\`./tests/shell/run-tests.sh --list-tests\` does not list the expected tests" fi ############################################################################## @@ -85,8 +90,7 @@ F=( $(find tests/shell/testcases/ -type f | grep '^tests/shell/testcases/[^/]\+/ IGNORED_FILES=( tests/shell/testcases/bogons/nft-f/* ) for f in "${F[@]}" ; do if ! array_contains "$f" "${SHELL_TESTS[@]}" "${IGNORED_FILES[@]}" ; then - echo "Unexpected file \"$f\"" - EXIT_CODE=1 + msg_err "Unexpected file \"$f\"" fi done @@ -97,8 +101,7 @@ FILES=( $(find "tests/shell/testcases/" -type f | sed -n 's#\(tests/shell/testca for f in "${FILES[@]}" ; do f2="$(echo "$f" | sed -n 's#\(tests/shell/testcases\(/.*\)\?/\)dumps/\(.*\)\.\(nft\|nodump\)$#\1\3#p')" if ! array_contains "$f2" "${SHELL_TESTS[@]}" ; then - echo "\"$f\" has no test \"$f2\"" - EXIT_CODE=1 + msg_err "\"$f\" has no test \"$f2\"" fi done From patchwork Tue Oct 31 18:53:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Haller X-Patchwork-Id: 1857714 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bHaqbz4+; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SKfVS0lQMz1yQ5 for ; Wed, 1 Nov 2023 05:56:00 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230322AbjJaS4A (ORCPT ); Tue, 31 Oct 2023 14:56:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49198 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231127AbjJaSz7 (ORCPT ); Tue, 31 Oct 2023 14:55:59 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 710FC8F for ; Tue, 31 Oct 2023 11:55:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698778518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uk3MP8KC5ctslCRICFZOCB7Eyvh8tNywvNsWm34ye+I=; b=bHaqbz4+4xcRUc9C3OMO88PbUXWnXZW33ZoQrpFAfsGmueoQmE9B4UFmmnFizVOuF6inMd 3AiUr8FVaef+6QsFAYLrFvCd/BenI++YRlEmztEUtK5EZZoG2nJg1ciN6ZRt0ebmPEXV9v 1PEwBtXml4tfxOcJVIZ6iValotntvwk= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-620-_N-O02FmMLSjywlzuRaO6w-1; Tue, 31 Oct 2023 14:55:07 -0400 X-MC-Unique: _N-O02FmMLSjywlzuRaO6w-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5FE918352C6 for ; Tue, 31 Oct 2023 18:55:07 +0000 (UTC) Received: from localhost.localdomain (unknown [10.39.192.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C379910F51; Tue, 31 Oct 2023 18:55:06 +0000 (UTC) From: Thomas Haller To: NetFilter Cc: Thomas Haller Subject: [PATCH nft 6/7] tools: check more strictly for bash shebang in "check-tree.sh" Date: Tue, 31 Oct 2023 19:53:32 +0100 Message-ID: <20231031185449.1033380-7-thaller@redhat.com> In-Reply-To: <20231031185449.1033380-1-thaller@redhat.com> References: <20231031185449.1033380-1-thaller@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org There is no principle problem to allow any executable/shebang. However, it also not clear why we would want to use anything except bash. Unless we have a good reason, check and reject anything else. Also not that `./tests/shell/run-tests.sh -x` only works if the shebang is either "#!/bin/bash" or "#!/bin/bash -e". It probably could also work with other tests, but it's unclear what they are and how to enable verbose mode in that case. Just check that they are all bash scripts. If there is a use-case, we can always adjust this check. Signed-off-by: Thomas Haller --- tools/check-tree.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tools/check-tree.sh b/tools/check-tree.sh index b16d37c4651b..4be874fcd85e 100755 --- a/tools/check-tree.sh +++ b/tools/check-tree.sh @@ -72,8 +72,13 @@ if [ "${#SHELL_TESTS[@]}" -eq 0 ] ; then fi for t in "${SHELL_TESTS[@]}" ; do check_shell_dumps "$t" - if head -n 1 "$t" |grep -q '^#!/bin/sh' ; then - msg_err "$t uses #!/bin/sh instead of /bin/bash" + if ! ( head -n 1 "$t" | grep -q '^#!/bin/bash\( -e\)\?$' ) ; then + # Currently all tests only use bash as shebang. That also + # works with `./tests/shell/run-tests.sh -x`. + # + # We could allow other shebangs, but for now there is no need. + # Unless you have a good reason, create a bash script. + msg_err "$t should use either \"#!/bin/bash\" or \"#!/bin/bash -e\" as shebang" fi done From patchwork Tue Oct 31 18:53:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Haller X-Patchwork-Id: 1857711 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=LgW6A/DK; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SKfVK754Fz1yQ5 for ; Wed, 1 Nov 2023 05:55:53 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230418AbjJaSzx (ORCPT ); Tue, 31 Oct 2023 14:55:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230517AbjJaSzw (ORCPT ); Tue, 31 Oct 2023 14:55:52 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B52AAF4 for ; Tue, 31 Oct 2023 11:55:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698778510; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9kzU3ECYBb8X7Bsk8TK99RpXB/RO04Ked1wo8mW/gOI=; b=LgW6A/DKMQoyD0kk4n6PNYV6D+ewcaxgE1ageAJd/oTvKSTHq2k3hqNQ/OjCgrhVN5YTJ1 W/a8LUpRpNAQPFeOQstRst3iW+gv888GAeTU0jM4kaj/3+HtzxZaeUKwFKccbcXJZyCvyn xKZdEKUyaTeKUAiKWKwrQ9VldfT4QN0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-606-Zptt7n7VP5SwF1hR4-fJ3Q-1; Tue, 31 Oct 2023 14:55:08 -0400 X-MC-Unique: Zptt7n7VP5SwF1hR4-fJ3Q-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7FF8185A58C for ; Tue, 31 Oct 2023 18:55:08 +0000 (UTC) Received: from localhost.localdomain (unknown [10.39.192.54]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9EFCA10F52; Tue, 31 Oct 2023 18:55:07 +0000 (UTC) From: Thomas Haller To: NetFilter Cc: Thomas Haller Subject: [PATCH nft 7/7] tools: check for consistency of .json-nft dumps in "check-tree.sh" Date: Tue, 31 Oct 2023 19:53:33 +0100 Message-ID: <20231031185449.1033380-8-thaller@redhat.com> In-Reply-To: <20231031185449.1033380-1-thaller@redhat.com> References: <20231031185449.1033380-1-thaller@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Add checks for the newly introduced .json-nft dump files. Optimally, every test that has a .nft dump should also have a .json-nft dump, and vice versa. However, currently some JSON tests fail to validate, and are missing. Only flag those missing files as warning, without failing the script. The reason to warn about this, is that we really should fix those tests, and having a annoying warning increases the pressure and makes it discoverable. Signed-off-by: Thomas Haller --- tools/check-tree.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/tools/check-tree.sh b/tools/check-tree.sh index 4be874fcd85e..e358c957857e 100755 --- a/tools/check-tree.sh +++ b/tools/check-tree.sh @@ -41,6 +41,7 @@ check_shell_dumps() { local base="$(basename "$TEST")" local dir="$(dirname "$TEST")" local has_nft=0 + local has_jnft=0 local has_nodump=0 local nft_name local nodump_name @@ -51,9 +52,11 @@ check_shell_dumps() { fi nft_name="$dir/dumps/$base.nft" + jnft_name="$dir/dumps/$base.json-nft" nodump_name="$dir/dumps/$base.nodump" [ -f "$nft_name" ] && has_nft=1 + [ -f "$jnft_name" ] && has_jnft=1 [ -f "$nodump_name" ] && has_nodump=1 if [ "$has_nft" != 1 -a "$has_nodump" != 1 ] ; then @@ -63,6 +66,22 @@ check_shell_dumps() { elif [ "$has_nodump" == 1 -a -s "$nodump_name" ] ; then msg_err "\"$TEST\" has a non-empty \"$dir/dumps/$base.nodump\" file" fi + if [ "$has_jnft" = 1 -a "$has_nft" != 1 ] ; then + msg_err "\"$TEST\" has a JSON dump file \"$jnft_name\" but lacks a dump \"$nft_name\"" + fi + if [ "$has_nft" = 1 -a "$has_jnft" != 1 ] ; then + # it's currently known that `nft -j --check` cannot parse all dumped rulesets. + # Accept having no JSON dump file. + # + # This should be fixed. Currently this is only a warning. + msg_warn "\"$TEST\" has a dump file \"$nft_name\" but lacks a JSON dump \"$jnft_name\"" + fi + + if [ "$has_jnft" = 1 ] && command -v jq &>/dev/null ; then + if ! jq empty < "$jnft_name" &>/dev/null ; then + msg_err "\"$TEST\" has a JSON dump file \"$jnft_name\" that does not validate with \`jq empty < \"$jnft_name\"\`" + fi + fi } SHELL_TESTS=( $(find "tests/shell/testcases/" -type f -executable | sort) ) @@ -91,7 +110,7 @@ fi ############################################################################## # -F=( $(find tests/shell/testcases/ -type f | grep '^tests/shell/testcases/[^/]\+/dumps/[^/]\+\.\(nft\|nodump\)$' -v | sort) ) +F=( $(find tests/shell/testcases/ -type f | grep '^tests/shell/testcases/[^/]\+/dumps/[^/]\+\.\(json-nft\|nft\|nodump\)$' -v | sort) ) IGNORED_FILES=( tests/shell/testcases/bogons/nft-f/* ) for f in "${F[@]}" ; do if ! array_contains "$f" "${SHELL_TESTS[@]}" "${IGNORED_FILES[@]}" ; then