On Wed, Nov 30, 2016 at 07:27:04PM +0100, Pablo Neira Ayuso wrote: > On Wed, Nov 30, 2016 at 10:39:06AM +0100, Arturo Borrero Gonzalez wrote: > > From: Arturo Borrero Gonzalez <[email protected]> > > > > This test uses scapy to send a packet and test our packet/data path. > > We grep the 'nft list ruleset' output for a counter increment. > > > > If we like this approach, then we could easily add more testcases > > following the pattern in this patch. > > I think it's been several netfilter workshops already talking on this, > but it never happens because nobody pushed this forward. > > If you can make this happen, it would great. Testing the datapath is > something that we always wanted to have. > > Several ideas: > > * Check if you can use the dummy interface, so we make sure no other > packets interfer with the tests. > > * You can probably augment this at some pointer to rely on the new > nf_tables tracing infrastructure. > > Anyway, I agree that starting with something simple is good enough.
Only one more question left: Do you think you can slightly generalize this so we decouple test files from the script? Similar to what we have for nft-tests.py. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
