[PATCH nft 0/6] adjust nft dump files and add check-tree script

[PATCH nft 0/6] adjust nft dump files and add check-tree script

[Thomas Haller]

- add/remove some nft dump scripts, as they are missing or wrong.
- add a "tools/check-tree.sh" script for consistency checks of the
  source tree. Currently, it's only concerned about the tests/shell
  dump files, but (from the name of the script) it shall be used for
  further consistency checks.

Thomas Haller (6):
  tests/shell: remove spurious .nft dump files
  tests/shell: drop unstable dump for "transactions/0051map_0" test
  tests/shell: add missing nft/nodump files for tests
  tests/shell: special handle base path starting with "./"
  tests/shell: in find_tests() use C locale for sorting tests names
  tools: add "tools/check-tree.sh" script to check consistency of nft
    dumps

 tests/shell/run-tests.sh                      |  6 +-
 .../chains/dumps/0043chain_ingress.nft        | 11 ---
 .../testcases/listing/dumps/0013objects_0.nft | 29 ++++++
 .../nft-f/dumps/0026policy_variable_0.nft     |  5 -
 .../sets/dumps/reset_command_0.nodump         |  0
 .../transactions/dumps/0051map_0.nft          |  7 --
 .../transactions/dumps/0051map_0.nodump       |  0
 .../transactions/dumps/bad_expression.nft     |  0
 tools/check-tree.sh                           | 91 +++++++++++++++++++
 9 files changed, 124 insertions(+), 25 deletions(-)
 delete mode 100644 tests/shell/testcases/chains/dumps/0043chain_ingress.nft
 create mode 100644 tests/shell/testcases/listing/dumps/0013objects_0.nft
 delete mode 100644 tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft
 create mode 100644 tests/shell/testcases/sets/dumps/reset_command_0.nodump
 delete mode 100644 tests/shell/testcases/transactions/dumps/0051map_0.nft
 create mode 100644 tests/shell/testcases/transactions/dumps/0051map_0.nodump
 create mode 100644 tests/shell/testcases/transactions/dumps/bad_expression.nft
 create mode 100755 tools/check-tree.sh

-- 
2.41.0

[PATCH nft 1/6] tests/shell: remove spurious .nft dump files

[Thomas Haller]

These are left-over dumps ([1]), or dumps generated with the wrong name
([2]). Remove the files.

[1] commit eb14363d44ce ('tests: shell: move chain priority and policy to chain folder')
[2] commit b4775dec9f80 ('src: ingress inet support')

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 .../testcases/chains/dumps/0043chain_ingress.nft      | 11 -----------
 .../testcases/nft-f/dumps/0026policy_variable_0.nft   |  5 -----
 2 files changed, 16 deletions(-)
 delete mode 100644 tests/shell/testcases/chains/dumps/0043chain_ingress.nft
 delete mode 100644 tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft

diff --git a/tests/shell/testcases/chains/dumps/0043chain_ingress.nft b/tests/shell/testcases/chains/dumps/0043chain_ingress.nft
deleted file mode 100644
index 74670423fc84..000000000000
--- a/tests/shell/testcases/chains/dumps/0043chain_ingress.nft
+++ /dev/null
@@ -1,11 +0,0 @@
-table inet filter {
-	chain ingress {
-		type filter hook ingress device \"lo\" priority filter; policy accept;
-	}
-	chain input {
-		type filter hook input priority filter; policy accept;
-	}
-	chain forward {
-		type filter hook forward priority filter; policy accept;
-	}
-}
diff --git a/tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft b/tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft
deleted file mode 100644
index d729e1eab74d..000000000000
--- a/tests/shell/testcases/nft-f/dumps/0026policy_variable_0.nft
+++ /dev/null
@@ -1,5 +0,0 @@
-table inet global {
-	chain prerouting {
-		type filter hook prerouting priority filter; policy drop;
-	}
-}
-- 
2.41.0

[PATCH nft 2/6] tests/shell: drop unstable dump for "transactions/0051map_0" test

[Thomas Haller]

The file "tests/shell/testcases/transactions/dumps/0051map_0.nft" gets
generated differently on Fedora 38 (6.4.14-200.fc38.x86_64) and
CentOS-Stream-9 (5.14.0-354.el9.x86_64). It's not stable.

    diff --git c/tests/shell/testcases/transactions/dumps/0051map_0.nft w/tests/shell/testcases/transactions/dumps/0051map_0.nft
    index 59d69df70e61..fa7df9f93757 100644
    --- c/tests/shell/testcases/transactions/dumps/0051map_0.nft
    +++ w/tests/shell/testcases/transactions/dumps/0051map_0.nft
    @@ -1,7 +1,11 @@
     table ip x {
    +    chain w {
    +    }
    +
         chain m {
         }

         chain y {
    +         ip saddr vmap { 1.1.1.1 : jump w, 2.2.2.2 : accept, 3.3.3.3 : goto m }
         }
     }

Drop it.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 tests/shell/testcases/transactions/dumps/0051map_0.nft    | 7 -------
 tests/shell/testcases/transactions/dumps/0051map_0.nodump | 0
 2 files changed, 7 deletions(-)
 delete mode 100644 tests/shell/testcases/transactions/dumps/0051map_0.nft
 create mode 100644 tests/shell/testcases/transactions/dumps/0051map_0.nodump

diff --git a/tests/shell/testcases/transactions/dumps/0051map_0.nft b/tests/shell/testcases/transactions/dumps/0051map_0.nft
deleted file mode 100644
index 59d69df70e61..000000000000
--- a/tests/shell/testcases/transactions/dumps/0051map_0.nft
+++ /dev/null
@@ -1,7 +0,0 @@
-table ip x {
-	chain m {
-	}
-
-	chain y {
-	}
-}
diff --git a/tests/shell/testcases/transactions/dumps/0051map_0.nodump b/tests/shell/testcases/transactions/dumps/0051map_0.nodump
new file mode 100644
index 000000000000..e69de29bb2d1
-- 
2.41.0

[PATCH nft 3/6] tests/shell: add missing nft/nodump files for tests

[Thomas Haller]

Three tests didn't have a nft/nodump file, because previously I only
generated files on Fedora kernel, where those tests are failing.

Generate them on CentOS-Stream-9 with kernel 5.14.0-354.el9.x86_64.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 .../testcases/listing/dumps/0013objects_0.nft | 29 +++++++++++++++++++
 .../sets/dumps/reset_command_0.nodump         |  0
 .../transactions/dumps/bad_expression.nft     |  0
 3 files changed, 29 insertions(+)
 create mode 100644 tests/shell/testcases/listing/dumps/0013objects_0.nft
 create mode 100644 tests/shell/testcases/sets/dumps/reset_command_0.nodump
 create mode 100644 tests/shell/testcases/transactions/dumps/bad_expression.nft

diff --git a/tests/shell/testcases/listing/dumps/0013objects_0.nft b/tests/shell/testcases/listing/dumps/0013objects_0.nft
new file mode 100644
index 000000000000..1ea610f8b8d8
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0013objects_0.nft
@@ -0,0 +1,29 @@
+table ip test {
+	quota https-quota {
+		25 mbytes
+	}
+
+	ct helper cthelp {
+		type "sip" protocol tcp
+		l3proto ip
+	}
+
+	ct timeout cttime {
+		protocol udp
+		l3proto ip
+		policy = { unreplied : 15s, replied : 12s }
+	}
+
+	ct expectation ctexpect {
+		protocol tcp
+		dport 5432
+		timeout 1h
+		size 12
+		l3proto ip
+	}
+
+	chain input {
+	}
+}
+table ip test-ip {
+}
diff --git a/tests/shell/testcases/sets/dumps/reset_command_0.nodump b/tests/shell/testcases/sets/dumps/reset_command_0.nodump
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/tests/shell/testcases/transactions/dumps/bad_expression.nft b/tests/shell/testcases/transactions/dumps/bad_expression.nft
new file mode 100644
index 000000000000..e69de29bb2d1
-- 
2.41.0

[PATCH nft 4/6] tests/shell: special handle base path starting with "./"

[Thomas Haller]

When we auto detect the tests with `tests/shell/run-tests.sh -L`, then
commonly the NFT_TEST_BASEDIR starts with a redundant "./". That's a bit
ugly.

Instead, special handle that case and remove the prefix. The effect is
that `tests/shell/run-tests.sh -L` shows

  tests/shell/testcases/bitwise/0040mark_binop_0

instead of

  ./tests/shell/testcases/bitwise/0040mark_binop_0

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 tests/shell/run-tests.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index f20a2bec9e9b..dae775bdf3dd 100755
--- a/tests/shell/run-tests.sh
+++ b/tests/shell/run-tests.sh
@@ -267,7 +267,9 @@ find_tests() {
 }
 
 if [ "${#TESTS[@]}" -eq 0 ] ; then
-	TESTS=( $(find_tests "$NFT_TEST_BASEDIR/testcases/") )
+	d="$NFT_TEST_BASEDIR/testcases/"
+	d="${d#./}"
+	TESTS=( $(find_tests "$d") )
 	test "${#TESTS[@]}" -gt 0 || msg_error "Could not find tests"
 fi
 
-- 
2.41.0

[PATCH nft 5/6] tests/shell: in find_tests() use C locale for sorting tests names

[Thomas Haller]

It makes more sense, that the sort order does not depend on the user's
locale.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 tests/shell/run-tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index dae775bdf3dd..bdca0ee1fa0b 100755
--- a/tests/shell/run-tests.sh
+++ b/tests/shell/run-tests.sh
@@ -263,7 +263,7 @@ while [ $# -gt 0 ] ; do
 done
 
 find_tests() {
-	find "$1" -type f -executable | sort
+	find "$1" -type f -executable | LANG=C sort
 }
 
 if [ "${#TESTS[@]}" -eq 0 ] ; then
-- 
2.41.0

[PATCH nft 6/6] tools: add "tools/check-tree.sh" script to check consistency of nft dumps

[Thomas Haller]

The script performs some checks on the source tree, and fails if
any problems are found.

Currently it only checks for the dumps files, but it shall be extended
to perform various consistency checks of the source tree.

This script was already successful at finding issues with the dumps.
Running it helps to make sure we don't make mistakes.

Later it should also integrate with `make check` and/or be called
from CI.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 tools/check-tree.sh | 91 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100755 tools/check-tree.sh

diff --git a/tools/check-tree.sh b/tools/check-tree.sh
new file mode 100755
index 000000000000..ede3e6998ecc
--- /dev/null
+++ b/tools/check-tree.sh
@@ -0,0 +1,91 @@
+#!/bin/bash -e
+
+# Preform various consistency checks of the source tree.
+
+die() {
+	printf '%s\n' "$*"
+	exit 1
+}
+
+array_contains() {
+	local needle="$1"
+	local a
+	shift
+	for a; do
+		[ "$a" = "$needle" ] && return 0
+	done
+	return 1
+}
+
+cd "$(dirname "$0")/.."
+
+EXIT_CODE=0
+
+##############################################################################
+
+check_shell_dumps() {
+	local TEST="$1"
+	local base="$(basename "$TEST")"
+	local dir="$(dirname "$TEST")"
+	local has_nft=0
+	local has_nodump=0
+	local nft_name
+	local nodump_name
+
+	if [ ! -d "$dir/dumps/" ] ; then
+		echo "\"$TEST\" has no \"$dir/dumps/\" directory"
+		EXIT_CODE=1
+		return 0
+	fi
+
+	nft_name="$dir/dumps/$base.nft"
+	nodump_name="$dir/dumps/$base.nodump"
+
+	[ -f "$nft_name" ] && has_nft=1
+	[ -f "$nodump_name" ] && has_nodump=1
+
+	if [ "$has_nft" != 1 -a "$has_nodump" != 1 ] ; then
+		echo "\"$TEST\" has no \"$dir/dumps/$base.{nft,nodump}\" file"
+		EXIT_CODE=1
+	elif [ "$has_nft" == 1 -a "$has_nodump" == 1 ] ; then
+		echo "\"$TEST\" has both \"$dir/dumps/$base.{nft,nodump}\" files"
+		EXIT_CODE=1
+	elif [ "$has_nodump" == 1 -a -s "$nodump_name" ] ; then
+		echo "\"$TEST\" has a non-empty \"$dir/dumps/$base.nodump\" file"
+		EXIT_CODE=1
+	fi
+}
+
+SHELL_TESTS=( $(find "tests/shell/testcases/" -type f -executable | LANG=C sort) )
+
+if [ "${#SHELL_TESTS[@]}" -eq 0 ] ; then
+	echo "No executable tests under \"tests/shell/testcases/\" found"
+	EXIT_CODE=1
+fi
+for t in "${SHELL_TESTS[@]}" ; do
+	check_shell_dumps "$t"
+done
+
+##############################################################################
+
+SHELL_TESTS2=( $(./tests/shell/run-tests.sh --list-tests) )
+if [ "${SHELL_TESTS[*]}" != "${SHELL_TESTS2[*]}" ] ; then
+	echo "\`./tests/shell/run-tests.sh --list-tests\` does not list the expected tests"
+	EXIT_CODE=1
+fi
+
+##############################################################################
+
+FILES=( $(find "tests/shell/testcases/" -type f | sed -n 's#\(tests/shell/testcases\(/.*\)\?/\)dumps/\(.*\)\.\(nft\|nodump\)$#\0#p' | LANG=C sort) )
+
+for f in "${FILES[@]}" ; do
+	f2="$(echo "$f" | sed -n 's#\(tests/shell/testcases\(/.*\)\?/\)dumps/\(.*\)\.\(nft\|nodump\)$#\1\3#p')"
+	if ! array_contains "$f2" "${SHELL_TESTS[@]}" ; then
+		echo "\"$f\" has no test \"$f2\""
+		EXIT_CODE=1
+	fi
+done
+
+##############################################################################
+
+exit "$EXIT_CODE"
-- 
2.41.0