Hi,
Manas K. Nayak reported:
While executing iptables testcases from ltp ,it failed to list iptables
chain rules.
ltptestsuite used: ltp-full-20081031.tgz
iptables test case gets failed with following errors:
[EMAIL PROTECTED] iptables]# ./iptables_tests.sh
iptables 0 INFO : INIT: Inititalizing tests.
iptables 0 INFO : INIT: Flushing all rules.
iptables01 0 INFO : iptables01: iptables -L -t filter will list all rules
in table filter.
iptables01 1 FAIL : iptables01: iptables -L -t filter failed to list
rules. Reason:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
By executing this test on both sles* and rhel5* noticed similar failures like
"failed to list rules" .
---steps to reproduce---
1) start the firewall
2) Then install ltp-full-20081031
3) now goto ltp-full-20081031/testcases/network/iptables
4) now execute iptables testcases as below
./iptables_tests.sh
you will notice the failure here.
By analyzing the testcase, its looks like it is flushing the iptables chain
rules by executing "iptables -F " ,and then it is trying to get list of all
rules in table filter by executing
"iptables -L -t filter".And here it is failing to get information about chain
rules,as there is no chain rules present now.
Thanks...
Manas
Sridhar Vinay Replied:
Hi Manas,
I looked through the iptables test. It fails because of mismatch in the number
of chains after firewall is enabled. Under RH, enabling firewall adds a new
chain to the "filter" table and under SLES, 3 new chains are added.
This patch can change this test accordingly.
Manas K. Nayak replied:
Hi Vinay,
Thanks for the patch.
I patched the iptable test case with given patch and then could
execute ltp iptable testcases successfully on RHEL5*. Looks like patch
has fixed the testcase problem .
# ./iptables_tests.sh
iptables 0 INFO : INIT: Inititalizing tests.
iptables 0 INFO : INIT: Flushing all rules.
iptables01 0 INFO : iptables01: iptables -L -t filter will list all rules
in table filter.
iptables01 0 INFO : iptables01: iptables -L -t filter lists rules.
iptables01 0 INFO : iptables01: iptables -L -t nat will list all rules in
table nat.
iptables01 0 INFO : iptables01: iptables -L -t nat lists rules.
iptables01 0 INFO : iptables01: iptables -L -t mangle will list all rules
in table mangle.
iptables01 0 INFO : iptables01: iptables -L -t mangle lists rules.
iptables01 1 PASS : iptables01: iptables -L lists rules.
iptables02 0 INFO : iptables02: Use iptables to DROP packets from
particular IP
iptables02 0 INFO : iptables02: Rule to block icmp from 127.0.0.1
iptables02 0 INFO : iptables02: Pinging 127.0.0.1
iptables02 0 INFO : iptables02: Ping 127.0.0.1 not successful.
iptables02 0 INFO : iptables02: Deleting icmp DROP from 127.0.0.1 rule.
iptables02 0 INFO : iptables02: Pinging 127.0.0.1 again
iptables02 0 INFO : iptables02: Ping succsess
iptables02 2 PASS : iptables02: iptables can DROP packets from particular
IP.
...
...
...
iptables06 0 INFO : iptables06: ping requests logged with limited rate.
iptables06 0 INFO : iptables06: Deleting the rule to log.
iptables06 0 INFO : iptables06: iptables limited logging succsess
iptables06 6 PASS : iptables06: iptables can log packets with limited
rate.
Regards--
Manas,
--- iptables_tests.sh_old 2008-11-24 11:57:26.000000000 +0530
+++ iptables_tests.sh 2008-11-24 11:57:50.000000000 +0530
@@ -146,7 +146,7 @@ test01()
return $RC
else
chaincnt=$(grep -c Chain $LTPTMP/tst_iptables.out)
- if [ $chaincnt -ne 3 ]; then
+ if [ $chaincnt -lt 3 ]; then
tst_res TFAIL $LTPTMP/tst_iptables.out \
"$TCID: $cmd failed to list rules. Reason:"
return $chaincnt
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
