The shell-based tests currently encode a return value in the file name, i.e. foo_1 expects that the script should return '1' for the test case to pass. This is very error prone, and one test case is even broken (i.e., it returns 1, but because of a different, earlier error). do_something || exit 1 or 'set -e' are both pretty common patterns, in both cases tests should fail. In those test-cases that deliberately test for an error, nft something_should_fail || exit 0 nft something_should_fail && exit 1 or a similar constructs should be used. This initial commit modififies all '_1' scripts to return 0 on success, usually via 'nft wrong || exit 0'. All tests pass, except the one broken test case that hasn't worked before either, but where 'set -e' use made it pass (the failing command is supposed to work, and the command that is supposed to fail is never run). Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- tests/shell/run-tests.sh | 15 ++++++--------- tests/shell/testcases/chains/0002jumps_1 | 4 +++- tests/shell/testcases/chains/0003jump_loop_1 | 3 ++- tests/shell/testcases/chains/0004busy_1 | 4 +++- tests/shell/testcases/chains/0005busy_map_1 | 4 +++- tests/shell/testcases/chains/0007masquerade_1 | 4 +++- .../shell/testcases/chains/0008masquerade_jump_1 | 4 +++- .../shell/testcases/chains/0009masquerade_jump_1 | 4 +++- .../testcases/chains/0010endless_jump_loop_1 | 4 +++- .../testcases/chains/0011endless_jump_loop_1 | 3 ++- .../testcases/chains/0012reject_in_prerouting_1 | 4 +++- .../shell/testcases/chains/0015check_jump_loop_1 | 4 +++- .../shell/testcases/chains/0017masquerade_jump_1 | 6 +++++- .../shell/testcases/chains/0018check_jump_loop_1 | 5 ++++- .../shell/testcases/chains/0019masquerade_jump_1 | 5 ++++- tests/shell/testcases/chains/0020depth_1 | 5 +++-- tests/shell/testcases/chains/0022prio_dummy_1 | 4 +++- .../shell/testcases/chains/0023prio_inet_srcnat_1 | 4 ++-- .../shell/testcases/chains/0024prio_inet_dstnat_1 | 4 ++-- tests/shell/testcases/chains/0025prio_arp_1 | 4 ++-- tests/shell/testcases/chains/0026prio_netdev_1 | 6 +++--- .../testcases/chains/0027prio_bridge_dstnat_1 | 4 ++-- .../shell/testcases/chains/0028prio_bridge_out_1 | 4 ++-- .../testcases/chains/0029prio_bridge_srcnat_1 | 4 ++-- .../shell/testcases/flowtable/0005delete_in_use_1 | 4 +++- tests/shell/testcases/flowtable/0008prio_1 | 4 ++-- tests/shell/testcases/include/0004endlessloop_1 | 3 ++- tests/shell/testcases/include/0009glob_nofile_1 | 8 +++----- .../testcases/include/0010glob_broken_file_1 | 9 +++------ .../shell/testcases/include/0012glob_dependency_1 | 9 +++------ tests/shell/testcases/maps/different_map_types_1 | 5 ++++- .../nft-f/0007action_object_set_segfault_1 | 3 ++- tests/shell/testcases/nft-f/0013defines_1 | 3 ++- tests/shell/testcases/nft-f/0014defines_1 | 3 ++- tests/shell/testcases/nft-f/0015defines_1 | 3 ++- tests/shell/testcases/nft-f/0016redefines_1 | 2 ++ tests/shell/testcases/optionals/handles_1 | 4 +++- .../rule_management/0002addinsertlocation_1 | 4 ++-- .../shell/testcases/rule_management/0005replace_1 | 4 +++- .../shell/testcases/rule_management/0006replace_1 | 4 +++- .../shell/testcases/rule_management/0008delete_1 | 4 +++- .../shell/testcases/rule_management/0009delete_1 | 4 +++- tests/shell/testcases/sets/0018set_check_size_1 | 5 ++++- tests/shell/testcases/transactions/0014chain_1 | 5 ++--- tests/shell/testcases/transactions/0022rule_1 | 5 ++--- tests/shell/testcases/transactions/0023rule_1 | 5 ++--- tests/shell/testcases/transactions/0036set_1 | 5 ++--- 47 files changed, 130 insertions(+), 87 deletions(-) diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index fdca5fb39431..6b693cc154c4 100755 --- a/tests/shell/run-tests.sh +++ b/tests/shell/run-tests.sh @@ -4,7 +4,6 @@ TESTDIR="./$(dirname $0)/" RETURNCODE_SEPARATOR="_" SRC_NFT="$(dirname $0)/../../src/nft" -POSITIVE_RET=0 DIFF=$(which diff) msg_error() { @@ -102,29 +101,27 @@ for testfile in $(find_tests) do kernel_cleanup - rc_spec=$(awk -F${RETURNCODE_SEPARATOR} '{print $NF}' <<< $testfile) - msg_info "[EXECUTING] $testfile" test_output=$(NFT=$NFT ${testfile} 2>&1) rc_got=$? echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line - if [ "$rc_got" == "$rc_spec" ] ; then + if [ "$rc_got" -eq 0 ] ; then # check nft dump only for positive tests - rc_spec="${POSITIVE_RET}" dumppath="$(dirname ${testfile})/dumps" dumpfile="${dumppath}/$(basename ${testfile}).nft" - if [ "$rc_got" == "${POSITIVE_RET}" ] && [ -f ${dumpfile} ]; then + rc_spec=0 + if [ "$rc_got" -eq 0 ] && [ -f ${dumpfile} ]; then test_output=$(${DIFF} ${dumpfile} <($NFT list ruleset) 2>&1) rc_spec=$? fi - if [ "$rc_spec" == "${POSITIVE_RET}" ]; then + if [ "$rc_spec" -eq 0 ]; then msg_info "[OK] $testfile" [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output" ((ok++)) - if [ "$DUMPGEN" == "y" ] && [ "$rc_got" == "${POSITIVE_RET}" ] && [ ! -f "${dumpfile}" ]; then + if [ "$DUMPGEN" == "y" ] && [ "$rc_got" == 0 ] && [ ! -f "${dumpfile}" ]; then mkdir -p "${dumppath}" nft list ruleset > "${dumpfile}" fi @@ -140,7 +137,7 @@ do else ((failed++)) if [ "$VERBOSE" == "y" ] ; then - msg_warn "[FAILED] $testfile: expected $rc_spec but got $rc_got" + msg_warn "[FAILED] $testfile: got $rc_got" [ ! -z "$test_output" ] && echo "$test_output" else msg_warn "[FAILED] $testfile" diff --git a/tests/shell/testcases/chains/0002jumps_1 b/tests/shell/testcases/chains/0002jumps_1 index 4d163b05fe1b..aa70037fec14 100755 --- a/tests/shell/testcases/chains/0002jumps_1 +++ b/tests/shell/testcases/chains/0002jumps_1 @@ -20,5 +20,7 @@ done # this last jump should fail: too many links $NFT add chain t c$((MAX_JUMPS + 1)) -$NFT add rule t c${MAX_JUMPS} jump c$((MAX_JUMPS + 1)) 2>/dev/null + +$NFT add rule t c${MAX_JUMPS} jump c$((MAX_JUMPS + 1)) 2>/dev/null || exit 0 echo "E: max jumps ignored?" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0003jump_loop_1 b/tests/shell/testcases/chains/0003jump_loop_1 index f74361f28994..80e243f07bdb 100755 --- a/tests/shell/testcases/chains/0003jump_loop_1 +++ b/tests/shell/testcases/chains/0003jump_loop_1 @@ -17,5 +17,6 @@ do done # this last jump should fail: loop -$NFT add rule t c${MAX_JUMPS} jump c1 2>/dev/null +$NFT add rule t c${MAX_JUMPS} jump c1 2>/dev/null || exit 0 echo "E: loop of jumps ignored?" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0004busy_1 b/tests/shell/testcases/chains/0004busy_1 index cc9a0dad6c67..e68d1baa6f6c 100755 --- a/tests/shell/testcases/chains/0004busy_1 +++ b/tests/shell/testcases/chains/0004busy_1 @@ -6,6 +6,8 @@ $NFT add table t $NFT add chain t c1 $NFT add chain t c2 $NFT add rule t c1 jump c2 + # kernel should return EBUSY -$NFT delete chain t c2 2>/dev/null +$NFT delete chain t c2 2>/dev/null || exit 0 echo "E: deleted a busy chain?" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0005busy_map_1 b/tests/shell/testcases/chains/0005busy_map_1 index 93eca82796f9..c800f1939fdd 100755 --- a/tests/shell/testcases/chains/0005busy_map_1 +++ b/tests/shell/testcases/chains/0005busy_map_1 @@ -6,6 +6,8 @@ $NFT add table t $NFT add chain t c1 $NFT add chain t c2 $NFT add rule t c1 tcp dport vmap { 1 : jump c2 } + # kernel should return EBUSY -$NFT delete chain t c2 2>/dev/null +$NFT delete chain t c2 2>/dev/null || exit 0 echo "E: deleted a busy chain?" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0007masquerade_1 b/tests/shell/testcases/chains/0007masquerade_1 index 4e98d106bc33..4434c898ca72 100755 --- a/tests/shell/testcases/chains/0007masquerade_1 +++ b/tests/shell/testcases/chains/0007masquerade_1 @@ -4,6 +4,8 @@ set -e $NFT add table t $NFT add chain t c1 {type filter hook output priority 0 \; } + # wrong hook output, only postrouting is valid -$NFT add rule t c1 masquerade 2>/dev/null +$NFT add rule t c1 masquerade 2>/dev/null || exit 0 echo "E: accepted masquerade in output hook" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0008masquerade_jump_1 b/tests/shell/testcases/chains/0008masquerade_jump_1 index 7754ed03ae63..aee1475ff4d0 100755 --- a/tests/shell/testcases/chains/0008masquerade_jump_1 +++ b/tests/shell/testcases/chains/0008masquerade_jump_1 @@ -6,6 +6,8 @@ $NFT add table t $NFT add chain t output {type nat hook output priority 0 \; } $NFT add chain t c1 $NFT add rule t c1 masquerade + # kernel should return EOPNOTSUPP -$NFT add rule t output jump c1 2>/dev/null +$NFT add rule t output jump c1 2>/dev/null || exit 0 echo "E: accepted masquerade in output hook" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0009masquerade_jump_1 b/tests/shell/testcases/chains/0009masquerade_jump_1 index 684d441707d0..2b931eebf68e 100755 --- a/tests/shell/testcases/chains/0009masquerade_jump_1 +++ b/tests/shell/testcases/chains/0009masquerade_jump_1 @@ -6,6 +6,8 @@ $NFT add table t $NFT add chain t output {type nat hook output priority 0 \; } $NFT add chain t c1 $NFT add rule t c1 masquerade + # kernel should return EOPNOTSUPP -$NFT add rule t output tcp dport vmap {1 :jump c1 } 2>/dev/null +$NFT add rule t output tcp dport vmap {1 :jump c1 } 2>/dev/null || exit 0 echo "E: accepted masquerade in output hook in a vmap" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0010endless_jump_loop_1 b/tests/shell/testcases/chains/0010endless_jump_loop_1 index dba70e145a57..5d3ef2393331 100755 --- a/tests/shell/testcases/chains/0010endless_jump_loop_1 +++ b/tests/shell/testcases/chains/0010endless_jump_loop_1 @@ -4,6 +4,8 @@ set -e $NFT add table t $NFT add chain t c + # kernel should return ELOOP -$NFT add rule t c tcp dport vmap {1 : jump c} 2>/dev/null +$NFT add rule t c tcp dport vmap {1 : jump c} 2>/dev/null || exit 0 echo "E: accepted endless jump loop in a vmap" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0011endless_jump_loop_1 b/tests/shell/testcases/chains/0011endless_jump_loop_1 index adbff8d462b1..d75932d7a7ca 100755 --- a/tests/shell/testcases/chains/0011endless_jump_loop_1 +++ b/tests/shell/testcases/chains/0011endless_jump_loop_1 @@ -10,5 +10,6 @@ $NFT add element t m {2 : jump c2} $NFT add rule t c1 tcp dport vmap @m # kernel should return ELOOP -$NFT add element t m {1 : jump c1} 2>/dev/null +$NFT add element t m {1 : jump c1} 2>/dev/null || exit 0 echo "E: accepted endless jump loop in a vmap" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0012reject_in_prerouting_1 b/tests/shell/testcases/chains/0012reject_in_prerouting_1 index 81cda0c416d0..0ee86c11055e 100755 --- a/tests/shell/testcases/chains/0012reject_in_prerouting_1 +++ b/tests/shell/testcases/chains/0012reject_in_prerouting_1 @@ -4,6 +4,8 @@ set -e $NFT add table t $NFT add chain t prerouting {type filter hook prerouting priority 0 \; } + # wrong hook prerouting, only input/forward/output is valid -$NFT add rule t prerouting reject 2>/dev/null +$NFT add rule t prerouting reject 2>/dev/null || exit 0 echo "E: accepted reject in prerouting hook" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0015check_jump_loop_1 b/tests/shell/testcases/chains/0015check_jump_loop_1 index ba40ddb9668c..a59bb3bfe7fa 100755 --- a/tests/shell/testcases/chains/0015check_jump_loop_1 +++ b/tests/shell/testcases/chains/0015check_jump_loop_1 @@ -7,5 +7,7 @@ $NFT add chain t c1 $NFT add chain t c2 $NFT add t c1 jump c2 # kernel should return ENOENT -$NFT add t c2 ip daddr vmap { 1 : jump c3 } + +$NFT add t c2 ip daddr vmap { 1 : jump c3 } || exit 0 echo "E: Jumped to non existing chain" >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0017masquerade_jump_1 b/tests/shell/testcases/chains/0017masquerade_jump_1 index a57675f50317..209e6d48f29d 100755 --- a/tests/shell/testcases/chains/0017masquerade_jump_1 +++ b/tests/shell/testcases/chains/0017masquerade_jump_1 @@ -6,5 +6,9 @@ $NFT add table t $NFT add chain t input {type filter hook input priority 4 \; } $NFT add chain t c1 $NFT add rule t input jump c1 + # kernel should return EOPNOTSUPP -$NFT add rule t c1 masquerade 2>/dev/null >&2 +$NFT add rule t c1 masquerade 2>/dev/null >&2 || exit 0 + +echo "E: Accepted masquerade rule in non-nat type base chain" 1>&2 +exit 1 diff --git a/tests/shell/testcases/chains/0018check_jump_loop_1 b/tests/shell/testcases/chains/0018check_jump_loop_1 index d1443dab94b0..b87520f287d7 100755 --- a/tests/shell/testcases/chains/0018check_jump_loop_1 +++ b/tests/shell/testcases/chains/0018check_jump_loop_1 @@ -6,5 +6,8 @@ $NFT add table ip filter $NFT add chain ip filter ap1 $NFT add chain ip filter ap2 $NFT add rule ip filter ap1 jump ap2 + # kernel should return EOPNOTSUPP -$NFT add rule ip filter ap1 jump ap1 2>/dev/null >&2 +$NFT add rule ip filter ap1 jump ap1 2>/dev/null >&2 || exit 0 +echo "E: Accepted jump-to-self" +exit 1 diff --git a/tests/shell/testcases/chains/0019masquerade_jump_1 b/tests/shell/testcases/chains/0019masquerade_jump_1 index 4fe68c847fdc..0ff1ac3ff440 100755 --- a/tests/shell/testcases/chains/0019masquerade_jump_1 +++ b/tests/shell/testcases/chains/0019masquerade_jump_1 @@ -6,5 +6,8 @@ $NFT add table t $NFT add chain t input {type filter hook input priority 4 \; } $NFT add chain t c1 $NFT add rule t input ip saddr vmap { 1.1.1.1 : jump c1 } + # kernel should return EOPNOTSUPP -$NFT add rule t c1 masquerade 2>/dev/null >&2 +$NFT add rule t c1 masquerade 2>/dev/null >&2 || exit 0 +echo "E: accepted masquerade in chain from non-nat type basechain" 1>&2 +exit 1 diff --git a/tests/shell/testcases/chains/0020depth_1 b/tests/shell/testcases/chains/0020depth_1 index fa539c8f1b88..23e1f826c38e 100755 --- a/tests/shell/testcases/chains/0020depth_1 +++ b/tests/shell/testcases/chains/0020depth_1 @@ -1,7 +1,6 @@ #!/bin/bash set -e - $NFT add table ip filter $NFT add chain ip filter input { type filter hook input priority 0\; } @@ -19,4 +18,6 @@ for ((i=11;i<19;i++)); do $NFT add rule ip filter a$i jump a$((i+1)) done -$NFT add rule ip filter a10 jump a11 +$NFT add rule ip filter a10 jump a11 || exit 0 +echo "E: Expected 20th jump to fail due to jump stack exhaustion" 1>&2 +exit 1 diff --git a/tests/shell/testcases/chains/0022prio_dummy_1 b/tests/shell/testcases/chains/0022prio_dummy_1 index ecdd9456b1fa..66c440747f93 100755 --- a/tests/shell/testcases/chains/0022prio_dummy_1 +++ b/tests/shell/testcases/chains/0022prio_dummy_1 @@ -3,5 +3,7 @@ set -e $NFT add table ip x -$NFT add chain ip x y "{ type filter hook input priority dummy+1; }" &> /dev/null + +$NFT add chain ip x y "{ type filter hook input priority dummy+1; }" &> /dev/null || exit 0 echo "E: dummy should not be a valid priority." >&2 +exit 1 diff --git a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 index fa53f7a7fb64..d2b1fa431ee6 100755 --- a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 +++ b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 @@ -9,8 +9,8 @@ do if (($? == 0)) then echo "E: srcnat should not be a valid priority name in $family $hook chains." >&2 - exit 0 + exit 1 fi done done -exit 1 +exit 0 diff --git a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 index a9a7264a08b9..d112f2c958c0 100755 --- a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 +++ b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 @@ -9,8 +9,8 @@ do if (($? == 0)) then echo "E: dstnat should not be a valid priority name in $family $hook chains." >&2 - exit 0 + exit 1 fi done done -exit 1 +exit 0 diff --git a/tests/shell/testcases/chains/0025prio_arp_1 b/tests/shell/testcases/chains/0025prio_arp_1 index 8c671d5508b1..1a1726294442 100755 --- a/tests/shell/testcases/chains/0025prio_arp_1 +++ b/tests/shell/testcases/chains/0025prio_arp_1 @@ -10,8 +10,8 @@ family=arp if (($? == 0)) then echo "E: $prioname should not be a valid priority name for arp family chains." >&2 - exit 0 + exit 1 fi done done -exit 1 +exit 0 diff --git a/tests/shell/testcases/chains/0026prio_netdev_1 b/tests/shell/testcases/chains/0026prio_netdev_1 index ae0228309cff..aa902e9b3a23 100755 --- a/tests/shell/testcases/chains/0026prio_netdev_1 +++ b/tests/shell/testcases/chains/0026prio_netdev_1 @@ -4,12 +4,12 @@ family=netdev hook=ingress for prioname in raw mangle dstnat security srcnat do - $NFT add table $family x + $NFT add table $family x || exit 1 $NFT add chain $family x y "{ type filter hook $hook device lo priority $prioname; }" &> /dev/null if (($? == 0)) then echo "E: $prioname should not be a valid priority name for netdev family chains." >&2 - exit 0 + exit 1 fi done -exit 1 +exit 0 diff --git a/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 index df0b6950e5f4..52c73e6592d9 100755 --- a/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 +++ b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 @@ -9,7 +9,7 @@ family=bridge if (($? == 0)) then echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 - exit 0 + exit 1 fi done -exit 1 +exit 0 diff --git a/tests/shell/testcases/chains/0028prio_bridge_out_1 b/tests/shell/testcases/chains/0028prio_bridge_out_1 index 06fdbebb64f7..63aa296cb5f4 100755 --- a/tests/shell/testcases/chains/0028prio_bridge_out_1 +++ b/tests/shell/testcases/chains/0028prio_bridge_out_1 @@ -9,7 +9,7 @@ family=bridge if (($? == 0)) then echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 - exit 0 + exit 1 fi done -exit 1 +exit 0 diff --git a/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 index 8896a7cf8603..38917119e179 100755 --- a/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 +++ b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 @@ -9,7 +9,7 @@ family=bridge if (($? == 0)) then echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 - exit 0 + exit 1 fi done -exit 1 +exit 0 diff --git a/tests/shell/testcases/flowtable/0005delete_in_use_1 b/tests/shell/testcases/flowtable/0005delete_in_use_1 index 1b239f411f2a..149d64442fdd 100755 --- a/tests/shell/testcases/flowtable/0005delete_in_use_1 +++ b/tests/shell/testcases/flowtable/0005delete_in_use_1 @@ -5,5 +5,7 @@ $NFT add table x $NFT add chain x x $NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;} $NFT add rule x x flow offload @y -$NFT delete flowtable x y + +$NFT delete flowtable x y || exit 0 echo "E: delete flowtable in use" +exit 1 diff --git a/tests/shell/testcases/flowtable/0008prio_1 b/tests/shell/testcases/flowtable/0008prio_1 index 87084b939664..48953d790aac 100755 --- a/tests/shell/testcases/flowtable/0008prio_1 +++ b/tests/shell/testcases/flowtable/0008prio_1 @@ -7,8 +7,8 @@ do if (($? == 0)) then echo "E: $prioname should not be a valid priority name for flowtables" >&2 - exit 0 + exit 1 fi done -exit 1 +exit 0 diff --git a/tests/shell/testcases/include/0004endlessloop_1 b/tests/shell/testcases/include/0004endlessloop_1 index c4aba0c4c625..3e6789d36442 100755 --- a/tests/shell/testcases/include/0004endlessloop_1 +++ b/tests/shell/testcases/include/0004endlessloop_1 @@ -14,5 +14,6 @@ RULESET="include \"$tmpfile\"" echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f $tmpfile 2>/dev/null || exit 0 echo "E: endless include loop" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0009glob_nofile_1 b/tests/shell/testcases/include/0009glob_nofile_1 index bab583056b2e..d769155ab15e 100755 --- a/tests/shell/testcases/include/0009glob_nofile_1 +++ b/tests/shell/testcases/include/0009glob_nofile_1 @@ -26,8 +26,6 @@ RULESET1="include \"$tmpdir/non_existent_file.nft\"" echo "$RULESET1" > $tmpfile1 -$NFT -f $tmpfile1 -if [ $? -eq 0 ] ; then - echo "E: Failed to catch a missing include directory/file" >&2 - exit 1 -fi +$NFT -f $tmpfile1 || exit 0 +echo "E: Failed to catch a missing include directory/file" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0010glob_broken_file_1 b/tests/shell/testcases/include/0010glob_broken_file_1 index 9027f1899c33..a00babf146ca 100755 --- a/tests/shell/testcases/include/0010glob_broken_file_1 +++ b/tests/shell/testcases/include/0010glob_broken_file_1 @@ -41,9 +41,6 @@ echo "$RULESET1" > $tmpfile1 echo "$RULESET2" > $tmpfile2 echo "$RULESET3" > $tmpfile3 -$NFT -f $tmpfile3 - -if [ $? -eq 0 ] ; then - echo "E: didn't catch a broken file in directory" >&2 - exit 1 -fi +$NFT -f $tmpfile3 || exit 0 +echo "E: didn't catch a broken file in directory" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0012glob_dependency_1 b/tests/shell/testcases/include/0012glob_dependency_1 index 6cf4ba177877..e4e12e2772db 100755 --- a/tests/shell/testcases/include/0012glob_dependency_1 +++ b/tests/shell/testcases/include/0012glob_dependency_1 @@ -44,9 +44,6 @@ echo "$RULESET1" > $tmpfile2 echo "$RULESET2" > $tmpfile1 echo "$RULESET3" > $tmpfile3 -$NFT -f $tmpfile3 - -if [ $? -eq 0 ] ; then - echo "E: did not catch wrong file order in include directory" >&2 - exit 1 -fi +$NFT -f $tmpfile3 || exit 0 +echo "E: did not catch wrong file order in include directory" >&2 +exit 1 diff --git a/tests/shell/testcases/maps/different_map_types_1 b/tests/shell/testcases/maps/different_map_types_1 index b0a09d0249f9..a7e831ffc71b 100755 --- a/tests/shell/testcases/maps/different_map_types_1 +++ b/tests/shell/testcases/maps/different_map_types_1 @@ -6,5 +6,8 @@ set -e $NFT add table ip filter $NFT add chain ip filter output { type filter hook output priority 0 \; } -$NFT add rule ip filter output meta mark set tcp dport map { 22 : 1, 23 : 192.168.0.1 } + +$NFT add rule ip filter output meta mark set tcp dport map { 22 : 1, 23 : 192.168.0.1 } || exit 0 + echo "E: Added two different types of expression to map" +exit 1 diff --git a/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 b/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 index 933a2f62ae43..6cbd38693bda 100755 --- a/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 +++ b/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 @@ -10,4 +10,5 @@ add set t s {type ipv4_addr\;} add rule t c ip saddr @s " -$NFT -f - <<< "$RULESET" 2>/dev/null +$NFT -f - <<< "$RULESET" 2>/dev/null && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0013defines_1 b/tests/shell/testcases/nft-f/0013defines_1 index 1dd5b569c386..b6330884986f 100755 --- a/tests/shell/testcases/nft-f/0013defines_1 +++ b/tests/shell/testcases/nft-f/0013defines_1 @@ -14,4 +14,5 @@ table ip t { } }" -$NFT -f - <<< "$RULESET" +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0014defines_1 b/tests/shell/testcases/nft-f/0014defines_1 index c8e73c243fc6..35f2536fa1ad 100755 --- a/tests/shell/testcases/nft-f/0014defines_1 +++ b/tests/shell/testcases/nft-f/0014defines_1 @@ -14,4 +14,5 @@ table ip t { } }" -$NFT -f - <<< "$RULESET" +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0015defines_1 b/tests/shell/testcases/nft-f/0015defines_1 index 489c65b5cffe..935cb458528c 100755 --- a/tests/shell/testcases/nft-f/0015defines_1 +++ b/tests/shell/testcases/nft-f/0015defines_1 @@ -13,4 +13,5 @@ table ip t { } }" -$NFT -f - <<< "$RULESET" +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0016redefines_1 b/tests/shell/testcases/nft-f/0016redefines_1 index ed702c90addd..9f6b56fef4bc 100755 --- a/tests/shell/testcases/nft-f/0016redefines_1 +++ b/tests/shell/testcases/nft-f/0016redefines_1 @@ -30,3 +30,5 @@ if [ "$EXPECTED" != "$GET" ] ; then [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") exit 1 fi + +exit 0 diff --git a/tests/shell/testcases/optionals/handles_1 b/tests/shell/testcases/optionals/handles_1 index a3ae1a7febed..c00abfe8efa5 100755 --- a/tests/shell/testcases/optionals/handles_1 +++ b/tests/shell/testcases/optionals/handles_1 @@ -5,4 +5,6 @@ $NFT add table test $NFT add chain test test $NFT add rule test test tcp dport 22 counter accept -$NFT list table test | grep 'accept # handle '[[:digit:]]$ >/dev/null +( $NFT list table test | grep 'accept # handle '[[:digit:]]$ >/dev/null ) && exit 1 + +exit 0 diff --git a/tests/shell/testcases/rule_management/0002addinsertlocation_1 b/tests/shell/testcases/rule_management/0002addinsertlocation_1 index b48d3d664be2..920032f28621 100755 --- a/tests/shell/testcases/rule_management/0002addinsertlocation_1 +++ b/tests/shell/testcases/rule_management/0002addinsertlocation_1 @@ -17,7 +17,7 @@ for cmd in add insert; do $NFT $cmd rule t c $keyword 5 drop 2>/dev/null || continue echo "E: invalid $keyword value allowed in $cmd command" >&2 - exit 0 + exit 1 done done -exit 1 +exit 0 diff --git a/tests/shell/testcases/rule_management/0005replace_1 b/tests/shell/testcases/rule_management/0005replace_1 index e82995a5d902..d8d64477d08a 100755 --- a/tests/shell/testcases/rule_management/0005replace_1 +++ b/tests/shell/testcases/rule_management/0005replace_1 @@ -7,5 +7,7 @@ set -e $NFT add table t $NFT add chain t c # kernel should return ENOENT -$NFT replace rule t c handle 2 drop 2>/dev/null + +$NFT replace rule t c handle 2 drop 2>/dev/null || exit 0 echo "E: missing kernel ENOENT" >&2 +exit 1 diff --git a/tests/shell/testcases/rule_management/0006replace_1 b/tests/shell/testcases/rule_management/0006replace_1 index 5dfcba02671c..b728310fe1bd 100755 --- a/tests/shell/testcases/rule_management/0006replace_1 +++ b/tests/shell/testcases/rule_management/0006replace_1 @@ -6,6 +6,8 @@ set -e $NFT add table t $NFT add chain t c + # position keyword with replace action is not allowed, this should fail -$NFT replace rule t c position 2 drop 2>/dev/null +$NFT replace rule t c position 2 drop 2>/dev/null || exit 0 echo "E: allowed replace with position specification" >&2 +exit 1 diff --git a/tests/shell/testcases/rule_management/0008delete_1 b/tests/shell/testcases/rule_management/0008delete_1 index 3dce21915371..d1900d668799 100755 --- a/tests/shell/testcases/rule_management/0008delete_1 +++ b/tests/shell/testcases/rule_management/0008delete_1 @@ -6,6 +6,8 @@ set -e $NFT add table t $NFT add chain t c + # this should fail, we don't allow delete with position -$NFT delete rule t c position 2 drop 2>/dev/null +$NFT delete rule t c position 2 drop 2>/dev/null || exit 0 echo "E: allowed position spec with delete action" >&2 +exit 1 diff --git a/tests/shell/testcases/rule_management/0009delete_1 b/tests/shell/testcases/rule_management/0009delete_1 index 87fec605c343..8751fec33da6 100755 --- a/tests/shell/testcases/rule_management/0009delete_1 +++ b/tests/shell/testcases/rule_management/0009delete_1 @@ -6,6 +6,8 @@ set -e $NFT add table t $NFT add chain t c + # kernel ENOENT -$NFT delete rule t c handle 3333 2>/dev/null +$NFT delete rule t c handle 3333 2>/dev/null || exit 0 echo "E: missing kernel ENOENT" >&2 +exit 1 diff --git a/tests/shell/testcases/sets/0018set_check_size_1 b/tests/shell/testcases/sets/0018set_check_size_1 index 833b8e2bd877..bc7056056b78 100755 --- a/tests/shell/testcases/sets/0018set_check_size_1 +++ b/tests/shell/testcases/sets/0018set_check_size_1 @@ -5,4 +5,7 @@ $NFT add table x $NFT add set x s {type ipv4_addr\; size 2\;} $NFT add element x s {1.1.1.1} $NFT add element x s {1.1.1.2} -$NFT add element x s {1.1.1.3} + +$NFT add element x s {1.1.1.3} || exit 0 +echo "E: Accepted 3rd element in a table with max size of 2" 1>&2 +exit 1 diff --git a/tests/shell/testcases/transactions/0014chain_1 b/tests/shell/testcases/transactions/0014chain_1 index 802a7e63a937..cddc8a2ec4b1 100755 --- a/tests/shell/testcases/transactions/0014chain_1 +++ b/tests/shell/testcases/transactions/0014chain_1 @@ -1,11 +1,10 @@ #!/bin/bash -set -e - RULESET="add table x add chain x y delete chain x y delete chain x y" -$NFT -f - <<< "$RULESET" 2>/dev/null +$NFT -f - <<< "$RULESET" 2>/dev/null || exit 0 echo "E: allowing double-removal of chain" >&2 +exit 1 diff --git a/tests/shell/testcases/transactions/0022rule_1 b/tests/shell/testcases/transactions/0022rule_1 index 0e7c9a6f9da9..07be53f2bfbe 100755 --- a/tests/shell/testcases/transactions/0022rule_1 +++ b/tests/shell/testcases/transactions/0022rule_1 @@ -1,12 +1,11 @@ #!/bin/bash -set -e - RULESET="add table x add chain x y delete chain x y add rule x y jump y" # kernel must return ENOENT -$NFT -f - <<< "$RULESET" 2>/dev/null +$NFT -f - <<< "$RULESET" 2>/dev/null || exit 0 echo "E: allowing jump loop to unexisting chain" +exit 1 diff --git a/tests/shell/testcases/transactions/0023rule_1 b/tests/shell/testcases/transactions/0023rule_1 index edc4e8d2984d..e58c088c2e84 100755 --- a/tests/shell/testcases/transactions/0023rule_1 +++ b/tests/shell/testcases/transactions/0023rule_1 @@ -1,11 +1,10 @@ #!/bin/bash -set -e - RULESET="add table x add chain x y add rule x y jump y" # kernel must return ELOOP -$NFT -f - <<< "$RULESET" 2>/dev/null +$NFT -f - <<< "$RULESET" 2>/dev/null || exit 0 echo "E: allowing jump to chain loop" +exit 1 diff --git a/tests/shell/testcases/transactions/0036set_1 b/tests/shell/testcases/transactions/0036set_1 index e691fa7f8db6..45d922eb7c14 100755 --- a/tests/shell/testcases/transactions/0036set_1 +++ b/tests/shell/testcases/transactions/0036set_1 @@ -1,13 +1,12 @@ #!/bin/bash -set -e - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } delete element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -$NFT -f - <<< "$RULESET" 2> /dev/null +$NFT -f - <<< "$RULESET" 2> /dev/null || exit 0 # Kernel must return ENOENT echo "E: allowing double-removal of element" +exit 1 -- 2.19.2