iptables/tests/backport-iptables-add-libxt-cgroup-frontend/runtest.sh

#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/iptables/Sanity/backport-iptables-add-libxt-cgroup-frontend
#   Description: Test for backport iptables add libxt_cgroup frontend
#   Author: Tomas Dolezal <todoleza@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2015 Red Hat, Inc.
#
#   This program is free software: you can redistribute it and/or
#   modify it under the terms of the GNU General Public License as
#   published by the Free Software Foundation, either version 2 of
#   the License, or (at your option) any later version.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE.  See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1

CGNUM="15"
CGNAME="15"
CGDIR="/sys/fs/cgroup/net_cls/$CGNAME"
DEST_IP4="192.0.2.99" # TEST-NET-1
DEST_IP42="192.0.2.199" # TEST-NET-1
DEST_IP6="2001:0db8:0000:0000:0000:0000:0000:abc0" #has to be expanded due to matching !
DEST_IP62="2001:0db8:0000:0000:0000:0000:0000:abc1"
SKIP6=false

rlJournalStart
    rlPhaseStartSetup
        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
        rlRun "pushd $TmpDir"
        if rlIsRHEL '>=7'; then
            rlServiceStop firewalld
            sleep 1
        fi
        rlLogInfo "check if net_cls cgroup is present"
        rlAssertGrep "cgroup.*net_cls" /proc/mounts
        rlRun "cgcreate -g net_cls:$CGNAME" 0 "create cgroup '15'"
        rlRun "echo $CGNUM > $CGDIR/net_cls.classid" 0 "assign numerical id to cgroup"
    rlPhaseEnd

    rlPhaseStartTest
        ping -W 1 -c 30 $DEST_IP4 &
        PING4_P1=$! EC4=$?
        ping -W 1 -c 30 $DEST_IP42 &
        PING4_P2=$! EC42=$?
        rlRun "[[ $EC4 -eq 0 && $EC42 -eq 0 ]]" 0 "ping ipv4 running to $DEST_IP4, $DEST_IP42"

        ping6 -W 1 -c 30 $DEST_IP6 &
        PING6_P1=$! EC6=$?
        sleep 1
        if [[ $EC6 -eq 2 ]] || ! kill -0 $PING6_P1 2>/dev/null; then
            rlLogInfo "skipping ipv6 test, network stack unavailable"
            SKIP6=true
        else
            ping6 -W 1 -c 30 $DEST_IP62 &
            PING6_P2=$!
            rlRun "kill -0 $PING6_P1 && kill -0 $PING6_P2" 0 "ping ipv6 running to $DEST_IP6, $DEST_IP62"
        fi
        journalctl -fkb > dmesg.out &
        DMESG_P=$!
        echo > dmesg.out # clear dmesg out

        rlRun "iptables -A OUTPUT -m cgroup --cgroup $CGNUM -j LOG"
        rlRun "ip6tables -A OUTPUT -m cgroup --cgroup $CGNUM -j LOG"

        rlRun "echo $PING4_P2 >> $CGDIR/tasks" 0 "Add second ping to cgroup '15'"
        $SKIP6 || rlRun "echo $PING6_P2 >> $CGDIR/tasks" 0 "Add second ping6 to cgroup '15'"
        cat $CGDIR/tasks
        sleep 10
        cat dmesg.out
        rlAssertGrep "$DEST_IP42" dmesg.out
        $SKIP6 || rlAssertGrep "$DEST_IP62" dmesg.out
        rlAssertNotGrep "$DEST_IP4" dmesg.out
        rlAssertNotGrep "$DEST_IP6" dmesg.out
    rlPhaseEnd

    rlPhaseStartCleanup
        kill $DMESG_P
        # pings die after 30s of execution either way
        kill $PING4_P1
        kill $PING4_P2
        $SKIP6 || kill $PING6_P1
        $SKIP6 || kill $PING6_P2
        sleep 1

        rlRun "iptables -F" 0 "cleanup iptables"
        rlRun "ip6tables -F" 0 "cleanup ip6tables"
        rlServiceRestore firewalld
        rlRun "cgdelete -g net_cls:$CGNAME" 0 "delete cgroup"
        rlRun "popd"
        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd