* [nft PATCH 1/2] tests: shell: add a testcase for many defines @ 2016-11-28 12:59 Arturo Borrero Gonzalez 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez 2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso 0 siblings, 2 replies; 4+ messages in thread From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw) To: netfilter-devel From: Arturo Borrero Gonzalez <arturo@debian.org> Use many defines in a single nft -f run. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> --- tests/shell/testcases/nft-f/0011manydefines_0 | 37 +++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 tests/shell/testcases/nft-f/0011manydefines_0 diff --git a/tests/shell/testcases/nft-f/0011manydefines_0 b/tests/shell/testcases/nft-f/0011manydefines_0 new file mode 100755 index 0000000..84664f4 --- /dev/null +++ b/tests/shell/testcases/nft-f/0011manydefines_0 @@ -0,0 +1,37 @@ +#!/bin/bash + +# tests many defines in a single nft -f run + +HOWMANY=20000 + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +generate1() +{ + for ((i=0; i<=HOWMANY; i++)) ; do + echo "define data_${i} = ${i}" + done +} + +generate2() +{ + for ((i=0; i<=HOWMANY; i++)) ; do + echo "iifname \$data_${i}" + done +} + +echo " $(generate1) +table t { + chain c { + $(generate2) + } +}" > $tmpfile + +set -e +$NFT -f $tmpfile ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [nft PATCH 2/2] tests: shell: add testcase for different defines usage 2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez @ 2016-11-28 12:59 ` Arturo Borrero Gonzalez 2016-11-29 21:20 ` Pablo Neira Ayuso 2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso 1 sibling, 1 reply; 4+ messages in thread From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw) To: netfilter-devel From: Arturo Borrero Gonzalez <arturo@debian.org> This testcase add some defines in a nft -f run and then uses them in different spots (which are not covered in previous testcases). * defines used to define another one * different datatypes (numbers, strings, bits, ranges) * usage in sets, maps, contatenatios * single rules with single statements, multiple statements * reuse define in same rule Perhaps this isn't testing many different code path, but I find this interesting to have given it will probably be one of the most common use cases of nftables. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> --- .../shell/testcases/nft-f/0012different_defines_0 | 44 ++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 tests/shell/testcases/nft-f/0012different_defines_0 diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0 new file mode 100755 index 0000000..9c496d5 --- /dev/null +++ b/tests/shell/testcases/nft-f/0012different_defines_0 @@ -0,0 +1,44 @@ +#!/bin/bash + +# tests different spots, datatypes and usages for nft defines + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +echo " +define d_iifname = whatever +define d_oifname = \$d_iifname +define d_iif = lo +define d_oif = \$d_iif +define d_mark = 123 +define d_state = new,established,related +define d_ipv4 = 10.0.0.0 +define d_ipv4_2 = 10.0.0.2 +define d_ipv6 = fe0::1 +define d_ipv6_2 = fe0::2 +define d_ports = 100-222 + +table inet t { + chain c { + iifname \$d_iifname oifname \$d_oifname iif \$d_iif oif \$d_oif + iifname { \$d_iifname , \$d_oifname } iif { \$d_iif , \$d_oif } meta mark \$d_mark + ct state \$d_state + ct state != \$d_state + ip saddr \$d_ipv4 ip daddr \$d_ipv4_2 ip saddr \$d_ipv4 + ip6 daddr \$d_ipv6 ip6 saddr \$d_ipv6_2 + ip saddr vmap { \$d_ipv4 : drop , \$d_ipv4_2 : accept } + ip6 daddr vmap { \$d_ipv6 : drop , \$d_ipv6_2 : accept } + ip6 saddr . ip6 nexthdr { \$d_ipv6 . udp, \$d_ipv6_2 . tcp } + ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept } + tcp dport \$d_ports + udp dport vmap { \$d_ports : accept } + } +}" >> $tmpfile + +set -e +$NFT -f $tmpfile ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [nft PATCH 2/2] tests: shell: add testcase for different defines usage 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez @ 2016-11-29 21:20 ` Pablo Neira Ayuso 0 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw) To: Arturo Borrero Gonzalez; +Cc: netfilter-devel On Mon, Nov 28, 2016 at 01:59:28PM +0100, Arturo Borrero Gonzalez wrote: > From: Arturo Borrero Gonzalez <arturo@debian.org> > > This testcase add some defines in a nft -f run and then uses > them in different spots (which are not covered in previous testcases). > > * defines used to define another one > * different datatypes (numbers, strings, bits, ranges) > * usage in sets, maps, contatenatios > * single rules with single statements, multiple statements > * reuse define in same rule > > Perhaps this isn't testing many different code path, but I find this > interesting to have given it will probably be one of the most common > use cases of nftables. Also applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [nft PATCH 1/2] tests: shell: add a testcase for many defines 2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez @ 2016-11-29 21:20 ` Pablo Neira Ayuso 1 sibling, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw) To: Arturo Borrero Gonzalez; +Cc: netfilter-devel On Mon, Nov 28, 2016 at 01:59:22PM +0100, Arturo Borrero Gonzalez wrote: > From: Arturo Borrero Gonzalez <arturo@debian.org> > > Use many defines in a single nft -f run. Applied, thanks Arturo. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-11-29 21:20 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez 2016-11-29 21:20 ` Pablo Neira Ayuso 2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.