[Devel] [PATCH CRIU v3 2/2] zdtm: Added test that covers ipset checkpoint/restore functionality

Mon Feb 17 18:57:56 MSK 2020

Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
---
 test/zdtm/static/Makefile         |  1 +
 test/zdtm/static/netns-ipset.c    | 58 +++++++++++++++++++++++++++++++++++++++
 test/zdtm/static/netns-ipset.desc | 13 +++++++++
 3 files changed, 72 insertions(+)
 create mode 100644 test/zdtm/static/netns-ipset.c
 create mode 100644 test/zdtm/static/netns-ipset.desc

diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile
index 28717b1..bdef4d0 100644
--- a/test/zdtm/static/Makefile
+++ b/test/zdtm/static/Makefile
@@ -143,6 +143,7 @@ TST_NOFILE	:=				\
 		poll				\
 		mountpoints			\
 		netns				\
+		netns-ipset			\
 		netns-dev			\
 		session01			\
 		session02			\
diff --git a/test/zdtm/static/netns-ipset.c b/test/zdtm/static/netns-ipset.c
new file mode 100644
index 0000000..e74aec7
--- /dev/null
+++ b/test/zdtm/static/netns-ipset.c
@@ -0,0 +1,58 @@
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "zdtmtst.h"
+
+const char *test_doc	= "Check that ipset are dumped and restored correctly";
+
+const char *test_author	= "Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>";
+
+#define RUN_OR_ERR(cmd, failmsg) if (system(cmd)) { pr_perror(failmsg); return -1; }
+#define RUN_OR_FAIL(cmd, failmsg) if (system(cmd)) { fail(failmsg); return -1; }
+
+int main(int argc, char **argv)
+{
+	char dump_ipset_old[]    = "ipset save > ipset.old";
+	char dump_ipset_new[]    = "ipset save > ipset.new";
+	char dump_iptables_old[] = "iptables -L INPUT 1 > iptables.old";
+	char dump_iptables_new[] = "iptables -L INPUT 1 > iptables.new";
+	char cmp_ipset[]         = "diff ipset.old ipset.new";
+	char cmp_iptables[]      = "diff iptables.old iptables.new";
+	char rm_ipset_files[]    = "rm -fv ipset.old ipset.new";
+	char rm_iptables_files[] = "rm -fv iptables.old iptables.new";
+
+	test_init(argc, argv);
+
+	/* create ipset group and add some ip addresses to it */
+	RUN_OR_ERR("ipset create netns-ipset-group nethash", "Can't create test ipset");
+	RUN_OR_ERR("ipset add netns-ipset-group 127.0.0.1/8", "Can't add ip addresses to ipset group");
+
+	/* Use netns-ipset-group in iptables rule */
+	RUN_OR_ERR("iptables -I INPUT 1 -p tcp -m set --match-set netns-ipset-group src,dst -j ACCEPT",
+		"Failed to setup iptables rule with ipset group");
+
+	/* dump ipset and iptables states to text files */
+	RUN_OR_ERR(dump_iptables_old, "Can't save iptables rules.");
+	RUN_OR_ERR(dump_ipset_old   , "Can't save ipset list.");
+
+	test_daemon();
+	test_waitsig();
+
+	/* again dump ipset and iptables states to other text files */
+	RUN_OR_ERR(dump_iptables_new, "Can't dump restored iptables rules.");
+	RUN_OR_ERR(dump_ipset_new   , "Can't save restored ipset list to file.");
+
+	/* compare original and restored iptables rules */
+	RUN_OR_FAIL(cmp_iptables, "iptables rules differ");
+
+	/* compare original and restored ipset rules */
+	RUN_OR_FAIL(cmp_ipset, "ipset lists differ");
+
+	RUN_OR_ERR(rm_ipset_files, "Can't remove ipset files");
+	RUN_OR_ERR(rm_iptables_files, "Can't remove iptables files");
+
+	pass();
+	return 0;
+}
diff --git a/test/zdtm/static/netns-ipset.desc b/test/zdtm/static/netns-ipset.desc
new file mode 100644
index 0000000..175505c
--- /dev/null
+++ b/test/zdtm/static/netns-ipset.desc
@@ -0,0 +1,13 @@
+{
+	'flavor': 'h ns uns',
+	'flags': 'suid',
+	'deps': [
+			'/usr/bin/rm',
+			'/usr/bin/sh',
+			'/usr/bin/diff',
+			'/usr/sbin/ipset',
+			'/usr/sbin/iptables',
+			'/usr/lib64/xtables/libxt_set.so',
+			'/usr/lib64/xtables/libxt_standard.so|/lib/xtables/libxt_standard.so|/usr/lib/powerpc64le-linux-gnu/xtables/libxt_standard.so|/usr/lib/x86_64-linux-gnu/xtables/libxt_standard.so|/usr/lib/xtables/libxt_standard.so'
+		]
+}
-- 
1.8.3.1

