[nft PATCH 1/2] tests: shell: add a testcase for many defines

All of lore.kernel.org
 help / color / mirror / Atom feed

* [nft PATCH 1/2] tests: shell: add a testcase for many defines
@ 2016-11-28 12:59 Arturo Borrero Gonzalez
  2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
  2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso
  0 siblings, 2 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw)
  To: netfilter-devel

From: Arturo Borrero Gonzalez <arturo@debian.org>

Use many defines in a single nft -f run.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
 tests/shell/testcases/nft-f/0011manydefines_0 |   37 +++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100755 tests/shell/testcases/nft-f/0011manydefines_0

diff --git a/tests/shell/testcases/nft-f/0011manydefines_0 b/tests/shell/testcases/nft-f/0011manydefines_0
new file mode 100755
index 0000000..84664f4
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0011manydefines_0
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# tests many defines in a single nft -f run
+
+HOWMANY=20000
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+	echo "Failed to create tmp file" >&2
+	exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+generate1()
+{
+	for ((i=0; i<=HOWMANY; i++)) ; do
+		echo "define data_${i} = ${i}"
+	done
+}
+
+generate2()
+{
+	for ((i=0; i<=HOWMANY; i++)) ; do
+		echo "iifname \$data_${i}"
+	done
+}
+
+echo " $(generate1)
+table t {
+	chain c {
+		$(generate2)
+	}
+}" > $tmpfile
+
+set -e
+$NFT -f $tmpfile


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [nft PATCH 2/2] tests: shell: add testcase for different defines usage
  2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez
@ 2016-11-28 12:59 ` Arturo Borrero Gonzalez
  2016-11-29 21:20   ` Pablo Neira Ayuso
  2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw)
  To: netfilter-devel

From: Arturo Borrero Gonzalez <arturo@debian.org>

This testcase add some defines in a nft -f run and then uses
them in different spots (which are not covered in previous testcases).

 * defines used to define another one
 * different datatypes (numbers, strings, bits, ranges)
 * usage in sets, maps, contatenatios
 * single rules with single statements, multiple statements
 * reuse define in same rule

Perhaps this isn't testing many different code path, but I find this
interesting to have given it will probably be one of the most common
use cases of nftables.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
 .../shell/testcases/nft-f/0012different_defines_0  |   44 ++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100755 tests/shell/testcases/nft-f/0012different_defines_0

diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0
new file mode 100755
index 0000000..9c496d5
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0012different_defines_0
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# tests different spots, datatypes and usages for nft defines
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+	echo "Failed to create tmp file" >&2
+	exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+echo "
+define d_iifname = whatever
+define d_oifname = \$d_iifname
+define d_iif = lo
+define d_oif = \$d_iif
+define d_mark = 123
+define d_state = new,established,related
+define d_ipv4 = 10.0.0.0
+define d_ipv4_2 = 10.0.0.2
+define d_ipv6 = fe0::1
+define d_ipv6_2 = fe0::2
+define d_ports = 100-222
+
+table inet t {
+	chain c {
+		iifname \$d_iifname oifname \$d_oifname iif \$d_iif oif \$d_oif
+		iifname { \$d_iifname , \$d_oifname } iif { \$d_iif , \$d_oif } meta mark \$d_mark
+		ct state \$d_state
+		ct state != \$d_state
+		ip saddr \$d_ipv4 ip daddr \$d_ipv4_2 ip saddr \$d_ipv4
+		ip6 daddr \$d_ipv6 ip6 saddr \$d_ipv6_2
+		ip saddr vmap { \$d_ipv4 : drop , \$d_ipv4_2 : accept }
+		ip6 daddr vmap { \$d_ipv6 : drop , \$d_ipv6_2 : accept }
+		ip6 saddr . ip6 nexthdr { \$d_ipv6 . udp, \$d_ipv6_2 . tcp }
+		ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept }
+		tcp dport \$d_ports
+		udp dport vmap { \$d_ports : accept }
+	}
+}" >> $tmpfile
+
+set -e
+$NFT -f $tmpfile


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [nft PATCH 1/2] tests: shell: add a testcase for many defines
  2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez
  2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
@ 2016-11-29 21:20 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Mon, Nov 28, 2016 at 01:59:22PM +0100, Arturo Borrero Gonzalez wrote:
> From: Arturo Borrero Gonzalez <arturo@debian.org>
> 
> Use many defines in a single nft -f run.

Applied, thanks Arturo.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [nft PATCH 2/2] tests: shell: add testcase for different defines usage
  2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
@ 2016-11-29 21:20   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Mon, Nov 28, 2016 at 01:59:28PM +0100, Arturo Borrero Gonzalez wrote:
> From: Arturo Borrero Gonzalez <arturo@debian.org>
> 
> This testcase add some defines in a nft -f run and then uses
> them in different spots (which are not covered in previous testcases).
> 
>  * defines used to define another one
>  * different datatypes (numbers, strings, bits, ranges)
>  * usage in sets, maps, contatenatios
>  * single rules with single statements, multiple statements
>  * reuse define in same rule
> 
> Perhaps this isn't testing many different code path, but I find this
> interesting to have given it will probably be one of the most common
> use cases of nftables.

Also applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-11-29 21:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez
2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
2016-11-29 21:20   ` Pablo Neira Ayuso
2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.