tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Test suite for ipfilter



 If I run out of time tonight then later this week I'll
update IPFilter to version 5.1.2. This email is about
the test suite that I've developed over the last 3 months
to help track down bugs and inconsistences to arrive
at 5.1.2.

The test suite is currently hosted on sourceforge and
can be found here:

http://ipfilter.cvs.sourceforge.net/viewvc/ipfilter/ipf-test-suite/

Amongst other things, the test suite has been designed
to be run as root on a group of 3 hosts that are all
connected to each other. Whether they are virtual or
physical is of little importance.

This test suite provides 3 types of tests:
1 host (for parsing of rules and general interaction
       by the tools with the kernel)
2 host (where the system under test is either the
       sender or receiver of traffic)
3 host (where the system under test is performing as
       a router/gateway)
In total there are currently 752 test cases. More need
to be written.

Currently all tests pass with 5.1.2, although network
and other behavioural variances may interfere with results.
The recent discussion about tcpdump/libpcap is 100% relevant.
Additionally, without the patch to rcmd, various rcmd proxy
tests will fail.

I've used Solaris systems for checking memory leaks and
at present a run of the test suite reveals none.

The test suite is covered by GPL for a couple of reasons:
1) as an end product, I can understand how you would
  download and use it but given it requires a lot
  more care to run than the other tests under atf,
  I don't see it as making sense to rebundle and
  redistribute.
2) it makes no sense at all to do any development of
  it and not provide source code.

Time permitting and nobody else forthcoming, I'll look
at adapting it for npf.

Darren



Home | Main Index | Thread Index | Old Index