I had this in mind for a while now and finally got around to do it: When
testing an extensions/*.t file with iptables-tests.py, act in a "batch"
mode applying all rules at once and checking the expected output in one
go, thereby reducing the overhead per test file to a single
iptables-restore and iptables-save call each. This was a bit optimistic,
but the result is still significant - on my rather slow testing VM, a
full iptables-tests.py run completes in ~7min instead of ~30min (yes,
it's slow).
See patch 1 for the implementation details. As a side-effect, rule
existence checking became much stricter, so the remaining patches in
this series deal with eliminating those differences:
* Patch 2 avoids having to add '-j CONTINUE' to almost all ebtables
rules.
* Patches 3-10 adjust expected output to reality, mostly adding content
the script didn't care about since the old 'output.find(<rule>)'
worked fine as long as the output *started* like '<rule>'.
* Patch 11 Changes output by omitting an obvious default value, so a
real functional change.
* Patch 12 drops another default value (from NFQUEUE target) I'm not
sure we should keep.
So patches are roughly sorted by my confidence in correctness. Please
have (at least) a close look at the last two, I don't want to break
iptables for anyone just to keep test files small.
Phil Sutter (12):
tests: iptables-test: Implement fast test mode
tests: iptables-test: Cover for obligatory -j CONTINUE in ebtables
tests: *.t: Fix expected output for simple calls
tests: *.t: Fix for hexadecimal output
tests: libebt_redirect.t: Plain redirect prints with trailing
whitespace
tests: libxt_length.t: Fix odd use-case output
tests: libxt_recent.t: Add missing default values
tests: libxt_tos.t, libxt_TOS.t: Add missing masks in output
tests: libebt_vlan.t: Drop trailing whitespace from rules
tests: libxt_connlimit.t: Add missing --connlimit-saddr
extensions: Do not print all-one's netmasks
extensions: NFQUEUE: Do not print default queue number 0
extensions/libebt_log.t | 2 +-
extensions/libebt_nflog.t | 2 +-
extensions/libebt_redirect.t | 2 +-
extensions/libebt_vlan.t | 4 +-
extensions/libip6t_NETMAP.c | 2 +-
extensions/libip6t_REJECT.t | 2 +-
extensions/libipt_NETMAP.c | 2 +-
extensions/libipt_REJECT.t | 2 +-
extensions/libxt_CONNMARK.c | 32 ++++--
extensions/libxt_CONNMARK.t | 4 +-
extensions/libxt_DSCP.t | 2 +-
extensions/libxt_MARK.c | 4 +-
extensions/libxt_MARK.t | 2 +-
extensions/libxt_NFQUEUE.c | 27 ++---
extensions/libxt_NFQUEUE.t | 4 +-
extensions/libxt_TOS.t | 12 +--
extensions/libxt_connlimit.c | 8 +-
extensions/libxt_connlimit.t | 20 ++--
extensions/libxt_connmark.t | 4 +-
extensions/libxt_dscp.t | 2 +-
extensions/libxt_length.t | 2 +-
extensions/libxt_mark.t | 2 +-
extensions/libxt_recent.c | 45 ++++----
extensions/libxt_recent.t | 14 +--
extensions/libxt_tos.t | 8 +-
iptables-test.py | 200 ++++++++++++++++++++++++++++++++++-
26 files changed, 317 insertions(+), 93 deletions(-)
--
2.34.1
