[LTP] [PATCH] ltp iptables testcase failed

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Manas K. Nayak reported:

While executing iptables testcases from ltp ,it failed to list iptables
chain rules.

ltptestsuite used: ltp-full-20081031.tgz

iptables test case  gets failed  with following errors:

[root@mx3350a iptables]# ./iptables_tests.sh
iptables    0  INFO  :  INIT: Inititalizing tests.
iptables    0  INFO  :  INIT: Flushing all rules.
iptables01    0  INFO  :  iptables01: iptables -L -t filter will list all rules
in table filter.
iptables01    1  FAIL  :  iptables01: iptables -L -t filter failed to list
rules. Reason:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain RH-Firewall-1-INPUT (0 references)
target     prot opt source               destination         

By executing this test on both sles* and rhel5* noticed similar failures like "failed to list rules" .

---steps to reproduce---
1) start the firewall
2) Then install ltp-full-20081031
3) now goto ltp-full-20081031/testcases/network/iptables
4) now execute iptables testcases as below
   ./iptables_tests.sh

you will notice the failure here.

By analyzing the testcase, its looks like it is flushing the iptables chain
rules by executing "iptables -F " ,and then it is trying to get list of all rules in table filter by executing
"iptables -L -t filter".And here it is failing to get information about chain rules,as there is no chain rules present now.

Thanks...
Manas

Sridhar Vinay Replied:

Hi Manas,

I looked through the iptables test. It fails because of mismatch in the number
of chains after firewall is enabled. Under RH, enabling firewall adds a new
chain to the "filter" table and under SLES, 3 new chains are added.  
This patch can change this test accordingly.

Manas K. Nayak replied:
Hi Vinay,
Thanks for the patch.
I patched the iptable test case with given patch and then could
execute ltp iptable testcases successfully on RHEL5*. Looks like patch
has fixed the testcase problem .

# ./iptables_tests.sh
iptables    0  INFO  :  INIT: Inititalizing tests.
iptables    0  INFO  :  INIT: Flushing all rules.
iptables01    0  INFO  :  iptables01: iptables -L -t filter will list all rules
in table filter.
iptables01    0  INFO  :  iptables01: iptables -L -t filter lists rules.
iptables01    0  INFO  :  iptables01: iptables -L -t nat will list all rules in
table nat.
iptables01    0  INFO  :  iptables01: iptables -L -t nat lists rules.
iptables01    0  INFO  :  iptables01: iptables -L -t mangle will list all rules
in table mangle.
iptables01    0  INFO  :  iptables01: iptables -L -t mangle lists rules.
iptables01    1  PASS  :  iptables01: iptables -L lists rules.
iptables02    0  INFO  :  iptables02: Use iptables to DROP packets from
particular IP
iptables02    0  INFO  :  iptables02: Rule to block icmp from 127.0.0.1
iptables02    0  INFO  :  iptables02: Pinging 127.0.0.1
iptables02    0  INFO  :  iptables02: Ping 127.0.0.1 not successful.
iptables02    0  INFO  :  iptables02: Deleting icmp DROP from 127.0.0.1 rule.
iptables02    0  INFO  :  iptables02: Pinging 127.0.0.1 again
iptables02    0  INFO  :  iptables02: Ping succsess
iptables02    2  PASS  :  iptables02: iptables can DROP packets from particular
IP.
...
...
...
iptables06    0  INFO  :  iptables06: ping requests logged with limited rate.
iptables06    0  INFO  :  iptables06: Deleting the rule to log.
iptables06    0  INFO  :  iptables06: iptables limited logging succsess
iptables06    6  PASS  :  iptables06: iptables can log packets with limited
rate.

Regards--
Manas,

[LTP] [PATCH] ltp iptables testcase failed

Testsuite to validate the reliability, robustness, stability of Linux.

[LTP] [PATCH] ltp iptables testcase failed