From: Phil Sutter <phil@nwl.cc>
Date: Tue, 5 Nov 2024 15:07:01 +0000 (+0100)
Subject: tests: iptables-test: Properly assert rule deletion errors
X-Git-Tag: v1.8.11~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6fbd211b48648a337d794ac1e1665d6ed3175a78;p=thirdparty%2Fiptables.git

tests: iptables-test: Properly assert rule deletion errors

Capture any non-zero return code, iptables not necessarily returns 1 on
error.

A known issue with trying to delete a rule by spec is the unsupported
--set-counters option. Strip it before deleting the rule.

Fixes: c8b7aaabbe1fc ("add iptables unit test infrastructure")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables-test.py b/iptables-test.py
index 0d2f30df..413e3fdc 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -58,10 +58,23 @@ def print_error(reason, filename=None, lineno=None, log_file=sys.stderr):
 def delete_rule(iptables, rule, filename, lineno, netns = None):
     '''
     Removes an iptables rule
+
+    Remove any --set-counters arguments, --delete rejects them.
     '''
+    delrule = rule.split()
+    for i in range(len(delrule)):
+        if delrule[i] in ['-c', '--set-counters']:
+            delrule.pop(i)
+            if ',' in delrule.pop(i):
+                break
+            if len(delrule) > i and delrule[i].isnumeric():
+                delrule.pop(i)
+            break
+    rule = " ".join(delrule)
+
     cmd = iptables + " -D " + rule
     ret = execute_cmd(cmd, filename, lineno, netns)
-    if ret == 1:
+    if ret != 0:
         reason = "cannot delete: " + iptables + " -I " + rule
         print_error(reason, filename, lineno)
         return -1