tests: shell: Implement --valgrind mode

Wrap every call to $XT_MULTI with valgrind, or actually a wrapper script
which does the valgrind wrap and stores the log if it contains something
relevant.

Carefully name the wrapper script(s) so that test cases' checks on
$XT_MULTI name stay intact.

This mode slows down testsuite execution horribly. Luckily, it's not
meant for constant use, though.

For now, ignore commands with non-zero exit status - error paths
typically hit direct exit() calls and therefore leave reachable memory
in place.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh
index d71c13729b3ee5f90964cd3870c06011a0287022..2125e2cb119bb750d9b8455e34b030b41b27d513 100755 (executable)
--- a/iptables/tests/shell/run-tests.sh
+++ b/iptables/tests/shell/run-tests.sh
@@ -46,6 +46,10 @@ while [ -n "$1" ]; do
                NFT_ONLY=y
                shift
                ;;
+       -V|--valgrind)
+               VALGRIND=y
+               shift
+               ;;
        *${RETURNCODE_SEPARATOR}+([0-9]))
                SINGLE+=" $1"
                VERBOSE=y
@@ -67,6 +71,49 @@ else
        XTABLES_LEGACY_MULTI="xtables-legacy-multi"
 fi
 
+printscript() { # (cmd, tmpd)
+       cat <<EOF
+#!/bin/bash
+
+CMD="$1"
+
+# note: valgrind man page warns about --log-file with --trace-children, the
+# last child executed overwrites previous reports unless %p or %q is used.
+# Since libtool wrapper calls exec but none of the iptables tools do, this is
+# perfect for us as it effectively hides bash-related errors
+
+valgrind --log-file=$2/valgrind.log --trace-children=yes \
+        --leak-check=full --show-leak-kinds=all \$CMD "\$@"
+RC=\$?
+
+# don't keep uninteresting logs
+if grep -q 'no leaks are possible' $2/valgrind.log; then
+       rm $2/valgrind.log
+else
+       mv $2/valgrind.log $2/valgrind_\$\$.log
+fi
+
+# drop logs for failing commands for now
+[ \$RC -eq 0 ] || rm $2/valgrind_\$\$.log
+
+exit \$RC
+EOF
+}
+
+if [ "$VALGRIND" == "y" ]; then
+       tmpd=$(mktemp -d)
+       msg_info "writing valgrind logs to $tmpd"
+       chmod a+rx $tmpd
+       printscript "$XTABLES_NFT_MULTI" "$tmpd" >${tmpd}/xtables-nft-multi
+       printscript "$XTABLES_LEGACY_MULTI" "$tmpd" >${tmpd}/xtables-legacy-multi
+       trap "rm ${tmpd}/xtables-*-multi" EXIT
+       chmod a+x ${tmpd}/xtables-nft-multi ${tmpd}/xtables-legacy-multi
+
+       XTABLES_NFT_MULTI="${tmpd}/xtables-nft-multi"
+       XTABLES_LEGACY_MULTI="${tmpd}/xtables-legacy-multi"
+
+fi
+
 find_tests() {
         if [ ! -z "$SINGLE" ] ; then
                 echo $SINGLE