From: Linda K. <lin...@hp...> - 2011-06-30 23:18:48
|
Hi Jim, James Czyzak wrote: > Hi Linda > > I think for ebtables using the same network_functions.bash is probably > fine (I'll checkout the newer one) I guess I started using this before I > cloned the git tree. In the iptables and ip6tables version (I have not > sent yet) there are two additional routines that allow me to send pings > (for ICMP testing) and nc (netcat on loopback lets me create several tcp > flags and states I have found hard to create otherwise). If there are no > objections (aside from the possible ugly code) we could simply > incorporate them into whatever is determined to be the shared file. That sounds fine. -- ljk > > On 6/29/2011 11:09 AM, Linda Knippers wrote: >> Hi Jim, >> >> This is actually based on an older version of the network_functions.bash >> file. I've made bug fixes to that file since then, which are not in your >> copy of the functions. >> >> This re-enforces my view that we need as much common code as possible. >> I appreciate the desire for flexibility within your tests but until you >> have a need for a specific function, I think we should use a common set >> of functions. >> >> -- ljk >> >> James Czyzak wrote: >>> Previous patch by same subject name was missing patch in delivered >>> email >>> >>> >>> Signed-off-by James Czyzak<cz...@li...> >>> <mailto:cz...@li...> >>> >>> diff --git a/audit/netfilebt/netfilebt_functions.bash >>> b/audit/netfilebt/netfilebt_functions.bash >>> new file mode 100644 >>> index 0000000..32a221f >>> --- /dev/null >>> +++ b/audit/netfilebt/netfilebt_functions.bash >>> @@ -0,0 +1,102 @@ >>> +#!/bin/bash >>> +############################################################################### >>> >>> +# (c) Copyright Hewlett-Packard Development Company, L.P., 2007 >>> +# >>> +# This program is free software: you can redistribute it and/or >>> modify >>> +# it under the terms of version 2 the GNU General Public License as >>> +# published by the Free Software Foundation. >>> +# >>> +# This program is distributed in the hope that it will be useful, >>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>> +# GNU General Public License for more details. >>> +# >>> +# You should have received a copy of the GNU General Public License >>> +# along with this program. If not, >>> see<http://www.gnu.org/licenses/>. >>> +############################################################################### >>> >>> + >>> +# File History >>> +# 11/30/2010 >>> +# This file is nearly the same as the one in the network directory by >>> the name >>> +# of network_functions.bash Items not needed have been eliminated >>> and is >>> +# created as a different file to allow changes particular to ebtables >>> in the >>> +# future which may not be needed for network tests as is the case in >>> the >>> +# netfilter sub-directory for iptables/ip6tables filtering >>> +# >>> + >>> +source testcase.bash || exit 2 >>> + >>> +###################################################################### >>> +# global variables >>> +###################################################################### >>> + >>> +# NOTE: these are not truly global since this file is sourced from >>> inside >>> +# run_test(), so declare them with "declare" >>> + >>> +# audit record fields >>> +declare log_mark success >>> +declare uid=0 euid=0 suid=0 fsuid=0 >>> +declare gid=0 egid=0 sgid=0 fsgid=0 >>> +declare result=0 >>> + >>> +###################################################################### >>> +# common functions >>> +###################################################################### >>> + >>> +# usage: check_result<success case> <result> <exit value> <testcase >>> number> >>> +function check_result { >>> + declare suc=$1 res=$2 ext=$3 err_name=$4 >>> + declare err >>> + >>> + if [[ -n $err_name ]]; then >>> + err=$(get_error_code $err_name) >>> + fi >>> + >>> + # yes/no set in common startup, so we can assume only two cases >>> + case $suc in >>> + success) >>> + [[ $res != 0 ]]&& exit_error "unexpected test result" >>> + ;; >>> + fail) >>> + if [[ $res == 0 ]]; then >>> + exit_fail "operation should have been denied" >>> + elif [[ $res != 1 ]]; then >>> + exit_error "unexpected test result" >>> + fi >>> + [[ $ext != $err ]]&& exit_error "unexpected test error" >>> + # audit represents errors as negative numbers so fixup the >>> global >>> + # field value >>> + exitval=-$(get_error_code_raw $err_name) >>> + ;; >>> + esac >>> +} >>> + >>> +# usage: get_error_code_raw<error_name, e.g. EPERM> >>> +# this is a private function and should not be called outside the >>> scope of >>> +# this file >>> +function get_error_code_raw { >>> + case $1 in >>> + ERESTARTSYS) >>> + # XXX - this is to workaround a kernel audit ?bug? >>> + echo "512" >>> + ;; >>> + *) >>> + gcc -E -dM /usr/include/asm-generic/errno.h | grep $1 | >>> awk '{print $3}' >>> + ;; >>> + esac >>> +} >>> + >>> +# usage: get_error_code<error_name, e.g. EPERM> >>> +function get_error_code { >>> + case $1 in >>> + ERESTARTSYS) >>> + # XXX - this is to workaround a kernel audit ?bug? >>> + get_error_code_raw EINTR >>> + ;; >>> + *) >>> + get_error_code_raw $1 >>> + ;; >>> + esac >>> +} >>> + >>> + > > |