[CRIU,v4,2/2] zdtm: Added test that covers ipset checkpoint/restore functionality

Submitted by Valeriy Vdovin on Feb. 21, 2020, 12:40 p.m.

Details

Message ID 1582288807-982027-3-git-send-email-valeriy.vdovin@virtuozzo.com
State New
Series "dump/restore: Support ipsets"
Headers show

Commit Message

Valeriy Vdovin Feb. 21, 2020, 12:40 p.m.
Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
---
 test/zdtm/static/Makefile         |  1 +
 test/zdtm/static/netns-ipset.c    | 66 +++++++++++++++++++++++++++++++++++++++
 test/zdtm/static/netns-ipset.desc | 13 ++++++++
 3 files changed, 80 insertions(+)
 create mode 100644 test/zdtm/static/netns-ipset.c
 create mode 100644 test/zdtm/static/netns-ipset.desc

Patch hide | download patch | download mbox

diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
index 28717b1..bdef4d0 100644
--- a/test/zdtm/static/Makefile
+++ b/test/zdtm/static/Makefile
@@ -143,6 +143,7 @@  TST_NOFILE	:=				\
 		poll				\
 		mountpoints			\
 		netns				\
+		netns-ipset			\
 		netns-dev			\
 		session01			\
 		session02			\
diff --git a/test/zdtm/static/netns-ipset.c b/test/zdtm/static/netns-ipset.c
new file mode 100644
index 0000000..585793c
--- /dev/null
+++ b/test/zdtm/static/netns-ipset.c
@@ -0,0 +1,66 @@ 
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "zdtmtst.h"
+
+const char *test_doc	= "Check that ipset are dumped and restored correctly";
+
+const char *test_author	= "Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>";
+
+#define RUN_OR_ERR(cmd, failmsg) if (system(cmd)) { pr_perror(failmsg); return -1; }
+#define RUN_OR_FAIL(cmd, failmsg) if (system(cmd)) { fail(failmsg); return -1; }
+
+#define FILE_PREFIX "netns-ipset."
+
+#define FILE_IPSET_OLD FILE_PREFIX "ipset.old"
+#define FILE_IPSET_NEW FILE_PREFIX "ipset.new"
+
+#define FILE_IPTABLES_OLD FILE_PREFIX "iptables.old"
+#define FILE_IPTABLES_NEW FILE_PREFIX "iptables.new"
+
+int main(int argc, char **argv)
+{
+	char dump_ipset_old[]    = "ipset save > " FILE_IPSET_OLD;
+	char dump_ipset_new[]    = "ipset save > " FILE_IPSET_NEW;
+	char dump_iptables_old[] = "iptables -L INPUT 1 > " FILE_IPTABLES_OLD;
+	char dump_iptables_new[] = "iptables -L INPUT 1 > " FILE_IPTABLES_NEW;
+	char cmp_ipset[]         = "diff " FILE_IPSET_OLD " " FILE_IPSET_NEW;
+	char cmp_iptables[]      = "diff " FILE_IPTABLES_OLD " " FILE_IPTABLES_NEW;
+	char rm_ipset_files[]    = "rm -fv " FILE_IPSET_OLD " " FILE_IPSET_OLD;
+	char rm_iptables_files[] = "rm -fv " FILE_IPTABLES_OLD " " FILE_IPTABLES_OLD;
+
+	test_init(argc, argv);
+
+	/* create ipset group and add some ip addresses to it */
+	RUN_OR_ERR("ipset create netns-ipset-group nethash", "Can't create test ipset");
+	RUN_OR_ERR("ipset add netns-ipset-group 127.0.0.1/8", "Can't add ip addresses to ipset group");
+
+	/* Use netns-ipset-group in iptables rule */
+	RUN_OR_ERR("iptables -I INPUT 1 -p tcp -m set --match-set netns-ipset-group src,dst -j ACCEPT",
+		"Failed to setup iptables rule with ipset group");
+
+	/* dump ipset and iptables states to text files */
+	RUN_OR_ERR(dump_iptables_old, "Can't save iptables rules.");
+	RUN_OR_ERR(dump_ipset_old   , "Can't save ipset list.");
+
+	test_daemon();
+	test_waitsig();
+
+	/* again dump ipset and iptables states to other text files */
+	RUN_OR_ERR(dump_iptables_new, "Can't dump restored iptables rules.");
+	RUN_OR_ERR(dump_ipset_new   , "Can't save restored ipset list to file.");
+
+	/* compare original and restored iptables rules */
+	RUN_OR_FAIL(cmp_iptables, "iptables rules differ");
+
+	/* compare original and restored ipset rules */
+	RUN_OR_FAIL(cmp_ipset, "ipset lists differ");
+
+	RUN_OR_ERR(rm_ipset_files, "Can't remove ipset files");
+	RUN_OR_ERR(rm_iptables_files, "Can't remove iptables files");
+
+	pass();
+	return 0;
+}
diff --git a/test/zdtm/static/netns-ipset.desc b/test/zdtm/static/netns-ipset.desc
new file mode 100644
index 0000000..175505c
--- /dev/null
+++ b/test/zdtm/static/netns-ipset.desc
@@ -0,0 +1,13 @@ 
+{
+	'flavor': 'h ns uns',
+	'flags': 'suid',
+	'deps': [
+			'/usr/bin/rm',
+			'/usr/bin/sh',
+			'/usr/bin/diff',
+			'/usr/sbin/ipset',
+			'/usr/sbin/iptables',
+			'/usr/lib64/xtables/libxt_set.so',
+			'/usr/lib64/xtables/libxt_standard.so|/lib/xtables/libxt_standard.so|/usr/lib/powerpc64le-linux-gnu/xtables/libxt_standard.so|/usr/lib/x86_64-linux-gnu/xtables/libxt_standard.so|/usr/lib/xtables/libxt_standard.so'
+		]
+}

Comments

Pavel Tikhomirov Feb. 21, 2020, 1:10 p.m.
On 2/21/20 3:40 PM, Valeriy Vdovin wrote:
> Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
> ---
>   test/zdtm/static/Makefile         |  1 +
>   test/zdtm/static/netns-ipset.c    | 66 +++++++++++++++++++++++++++++++++++++++
>   test/zdtm/static/netns-ipset.desc | 13 ++++++++
>   3 files changed, 80 insertions(+)
>   create mode 100644 test/zdtm/static/netns-ipset.c
>   create mode 100644 test/zdtm/static/netns-ipset.desc
> 
> diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
> index 28717b1..bdef4d0 100644
> --- a/test/zdtm/static/Makefile
> +++ b/test/zdtm/static/Makefile
> @@ -143,6 +143,7 @@ TST_NOFILE	:=				\
>   		poll				\
>   		mountpoints			\
>   		netns				\
> +		netns-ipset			\
>   		netns-dev			\
>   		session01			\
>   		session02			\
> diff --git a/test/zdtm/static/netns-ipset.c b/test/zdtm/static/netns-ipset.c
> new file mode 100644
> index 0000000..585793c
> --- /dev/null
> +++ b/test/zdtm/static/netns-ipset.c
> @@ -0,0 +1,66 @@
> +#include <string.h>
> +#include <unistd.h>
> +#include <stdlib.h>
> +#include <stdio.h>
> +
> +#include "zdtmtst.h"
> +
> +const char *test_doc	= "Check that ipset are dumped and restored correctly";
> +
> +const char *test_author	= "Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>";
> +
> +#define RUN_OR_ERR(cmd, failmsg) if (system(cmd)) { pr_perror(failmsg); return -1; }
> +#define RUN_OR_FAIL(cmd, failmsg) if (system(cmd)) { fail(failmsg); return -1; }
> +
> +#define FILE_PREFIX "netns-ipset."
> +
> +#define FILE_IPSET_OLD FILE_PREFIX "ipset.old"
> +#define FILE_IPSET_NEW FILE_PREFIX "ipset.new"
> +
> +#define FILE_IPTABLES_OLD FILE_PREFIX "iptables.old"
> +#define FILE_IPTABLES_NEW FILE_PREFIX "iptables.new"
> +
> +int main(int argc, char **argv)
> +{
> +	char dump_ipset_old[]    = "ipset save > " FILE_IPSET_OLD;
> +	char dump_ipset_new[]    = "ipset save > " FILE_IPSET_NEW;
> +	char dump_iptables_old[] = "iptables -L INPUT 1 > " FILE_IPTABLES_OLD;
> +	char dump_iptables_new[] = "iptables -L INPUT 1 > " FILE_IPTABLES_NEW;
> +	char cmp_ipset[]         = "diff " FILE_IPSET_OLD " " FILE_IPSET_NEW;
> +	char cmp_iptables[]      = "diff " FILE_IPTABLES_OLD " " FILE_IPTABLES_NEW;

> +	char rm_ipset_files[]    = "rm -fv " FILE_IPSET_OLD " " FILE_IPSET_OLD;
> +	char rm_iptables_files[] = "rm -fv " FILE_IPTABLES_OLD " " FILE_IPTABLES_OLD;

no rm of *_NEW, will fix myself.

> +
> +	test_init(argc, argv);
> +
> +	/* create ipset group and add some ip addresses to it */
> +	RUN_OR_ERR("ipset create netns-ipset-group nethash", "Can't create test ipset");
> +	RUN_OR_ERR("ipset add netns-ipset-group 127.0.0.1/8", "Can't add ip addresses to ipset group");
> +
> +	/* Use netns-ipset-group in iptables rule */
> +	RUN_OR_ERR("iptables -I INPUT 1 -p tcp -m set --match-set netns-ipset-group src,dst -j ACCEPT",
> +		"Failed to setup iptables rule with ipset group");
> +
> +	/* dump ipset and iptables states to text files */
> +	RUN_OR_ERR(dump_iptables_old, "Can't save iptables rules.");
> +	RUN_OR_ERR(dump_ipset_old   , "Can't save ipset list.");
> +
> +	test_daemon();
> +	test_waitsig();
> +
> +	/* again dump ipset and iptables states to other text files */
> +	RUN_OR_ERR(dump_iptables_new, "Can't dump restored iptables rules.");
> +	RUN_OR_ERR(dump_ipset_new   , "Can't save restored ipset list to file.");
> +
> +	/* compare original and restored iptables rules */
> +	RUN_OR_FAIL(cmp_iptables, "iptables rules differ");
> +
> +	/* compare original and restored ipset rules */
> +	RUN_OR_FAIL(cmp_ipset, "ipset lists differ");
> +
> +	RUN_OR_ERR(rm_ipset_files, "Can't remove ipset files");
> +	RUN_OR_ERR(rm_iptables_files, "Can't remove iptables files");
> +
> +	pass();
> +	return 0;
> +}
> diff --git a/test/zdtm/static/netns-ipset.desc b/test/zdtm/static/netns-ipset.desc
> new file mode 100644
> index 0000000..175505c
> --- /dev/null
> +++ b/test/zdtm/static/netns-ipset.desc
> @@ -0,0 +1,13 @@
> +{
> +	'flavor': 'h ns uns',
> +	'flags': 'suid',
> +	'deps': [
> +			'/usr/bin/rm',
> +			'/usr/bin/sh',
> +			'/usr/bin/diff',
> +			'/usr/sbin/ipset',
> +			'/usr/sbin/iptables',
> +			'/usr/lib64/xtables/libxt_set.so',
> +			'/usr/lib64/xtables/libxt_standard.so|/lib/xtables/libxt_standard.so|/usr/lib/powerpc64le-linux-gnu/xtables/libxt_standard.so|/usr/lib/x86_64-linux-gnu/xtables/libxt_standard.so|/usr/lib/xtables/libxt_standard.so'
> +		]
> +}
>