[PATCH nft 1/3 nft] tests/py: add more interval tests for anonymous sets

[PATCH nft 1/3 nft] tests/py: add more interval tests for anonymous sets

[Pablo Neira Ayuso]

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/any/ct.t           |  1 +
 tests/py/any/ct.t.payload   |  9 +++++++++
 tests/py/any/meta.t         |  3 +++
 tests/py/any/meta.t.payload | 27 +++++++++++++++++++++++++++
 4 files changed, 40 insertions(+)

diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 095e86c..4d13213 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -44,6 +44,7 @@ ct mark != 0x00000032;ok
 ct mark 0x00000032-0x00000045;ok
 ct mark != 0x00000032-0x00000045;ok
 ct mark {0x32, 0x2222, 0x42de3};ok;ct mark { 0x00042de3, 0x00002222, 0x00000032}
+ct mark {0x32-0x2222, 0x4444-0x42de3};ok;ct mark { 0x00000032-0x00002222, 0x00004444-0x00042de3}
 - ct mark != {0x32, 0x2222, 0x42de3};ok
 
 # ct mark != {0x32, 0x2222, 0x42de3};ok
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index 62e9259..a7f664b 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -166,6 +166,15 @@ ip test-ip4 output
   [ ct load mark => reg 1 ]
   [ lookup reg 1 set set%d ]
 
+# ct mark {0x32-0x2222, 0x4444-0x42de3}
+set%d test-ip4 7
+set%d test-ip4 0
+        element 00000000  : 1 [end]     element 32000000  : 0 [end]     element 23220000  : 1 [end]     element 44440000  : 0 [end]     element e42d0400  : 1 [end]
+ip test-ip4 output
+  [ ct load mark => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set set%d ]
+
 # ct mark set 0x11 xor 0x1331
 ip test-ip4 output
   [ immediate reg 1 0x00001320 ]
diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t
index c10297a..424cb18 100644
--- a/tests/py/any/meta.t
+++ b/tests/py/any/meta.t
@@ -14,6 +14,8 @@ meta length != 233;ok
 meta length 33-45;ok
 meta length != 33-45;ok
 meta length { 33, 55, 67, 88};ok
+meta length { 33-55, 67-88};ok
+meta length { 33-55, 55-88, 100-120};ok;meta length { 33-88, 100-120}
 - meta length != { 33, 55, 67, 88};ok
 meta length { 33-55};ok
 - meta length != { 33-55};ok
@@ -162,6 +164,7 @@ meta cpu != 1;ok;cpu != 1
 meta cpu 1-3;ok;cpu 1-3
 meta cpu != 1-2;ok;cpu != 1-2
 meta cpu { 2,3};ok;cpu { 2,3}
+meta cpu { 2-3, 5-7};ok
 -meta cpu != { 2,3};ok; cpu != { 2,3}
 
 meta iifgroup 0;ok;iifgroup default
diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload
index 9f7a6d9..14a8948 100644
--- a/tests/py/any/meta.t.payload
+++ b/tests/py/any/meta.t.payload
@@ -44,6 +44,24 @@ ip test-ip4 input
   [ byteorder reg 1 = hton(reg 1, 4, 4) ]
   [ lookup reg 1 set set%d ]
 
+# meta length { 33-55, 67-88}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 21000000  : 0 [end]	element 38000000  : 1 [end]	element 43000000  : 0 [end]	element 59000000  : 1 [end]
+ip test-ip4 input
+  [ meta load len => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set set%d ]
+
+# meta length { 33-55, 55-88, 100-120}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 21000000  : 0 [end]	element 59000000  : 1 [end]	element 64000000  : 0 [end]	element 79000000  : 1 [end]
+ip test-ip4 input
+  [ meta load len => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set set%d ]
+
 # meta protocol { ip, arp, ip6, vlan }
 set%d test-ip4 3
 set%d test-ip4 0
@@ -594,6 +612,15 @@ ip test-ip4 input
   [ meta load cpu => reg 1 ]
   [ lookup reg 1 set set%d ]
 
+# meta cpu { 2-3, 5-7}
+set%d test-ip4 7
+set%d test-ip4 0
+	element 00000000  : 1 [end]	element 02000000  : 0 [end]	element 04000000  : 1 [end]	element 05000000  : 0 [end]	element 08000000  : 1 [end]
+ip test-ip4 input
+  [ meta load cpu => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set set%d ]
+
 # meta iifgroup 0
 ip test-ip4 input
   [ meta load iifgroup => reg 1 ]
-- 
2.1.4

[PATCH nft 2/3 nft] tests/py: explicitly indication of set type and flags from test definitions

[Pablo Neira Ayuso]

This patch adds explicit set type in test definitions, as well as flags.

This has triggered a rework that starts by introducing a Set class to
make this whole code more extensible and maintainable.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/ip/sets.t   | 12 ++++----
 tests/py/ip6/sets.t  | 10 +++----
 tests/py/nft-test.py | 78 ++++++++++++++++++++++++++++++++++++++--------------
 3 files changed, 68 insertions(+), 32 deletions(-)

diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t
index db50b00..2b4e7e1 100644
--- a/tests/py/ip/sets.t
+++ b/tests/py/ip/sets.t
@@ -5,12 +5,12 @@
 *inet;test-inet;input
 *netdev;test-netdev;ingress
 
-!set_ipv4_add ipv4_addr;ok
-!set_inet inet_proto;ok
-!set_inet_serv inet_service;ok
-!set_time time;ok
+!w type ipv4_addr;ok
+!x type inet_proto;ok
+!y type inet_service;ok
+!z type time;ok
 
-!set1 ipv4_addr;ok
+!set1 type ipv4_addr;ok
 ?set1 192.168.3.4;ok
 
 ?set1 192.168.3.4;fail
@@ -21,7 +21,7 @@
 ?set1 1234:1234:1234:1234:1234:1234:1234:1234;fail
 ?set2 192.168.3.4;fail
 
-!set2 ipv4_addr;ok
+!set2 type ipv4_addr;ok
 ?set2 192.168.3.4;ok
 ?set2 192.168.3.5 192.168.3.6;ok
 ?set2 192.168.3.5 192.168.3.6;fail
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
index 4bfa614..765b971 100644
--- a/tests/py/ip6/sets.t
+++ b/tests/py/ip6/sets.t
@@ -5,13 +5,13 @@
 *inet;test-inet;input
 *netdev;test-netdev;ingress
 
-!set_ipv6_add1 ipv6_addr;ok
-!set_inet1 inet_proto;ok
-!set_inet inet_service;ok
-!set_time time;ok
+!w type ipv6_addr;ok
+!x type inet_proto;ok
+!y type inet_service;ok
+!z type time;ok
 
 ?set2 192.168.3.4;fail
-!set2 ipv6_addr;ok
+!set2 type ipv6_addr;ok
 ?set2 1234:1234::1234:1234:1234:1234:1234;ok
 ?set2 1234:1234::1234:1234:1234:1234:1234;fail
 ?set2 1234::1234:1234:1234;ok
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 1256a33..bba91be 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -69,6 +69,20 @@ class Table:
         return self.__dict__ == other.__dict__
 
 
+class Set:
+    """Class that represents a set"""
+
+    def __init__(self, family, table, name, type, flags):
+        self.family = family
+        self.table = table
+        self.name = name
+        self.type = type
+        self.flags = flags
+
+    def __eq__(self, other):
+        return self.__dict__ == other.__dict__
+
+
 def print_msg(reason, filename=None, lineno=None, color=None, errstr=None):
     '''
     Prints a message with nice colors, indicating file and line number.
@@ -277,7 +291,7 @@ def chain_get_by_name(name):
     return chain
 
 
-def set_add(set_info, filename, lineno):
+def set_add(s, test_result, filename, lineno):
     '''
     Adds a set.
     '''
@@ -287,25 +301,30 @@ def set_add(set_info, filename, lineno):
         return -1
 
     for table in table_list:
-        if set_exist(set_info[0], table, filename, lineno):
-            reason = "This set " + set_info + " exists in " + table.name + \
-                     ". I cannot add it again"
+        s.table = table.name
+        s.family = table.family
+        if _set_exist(s, filename, lineno):
+            reason = "Set " + s.name + " already exists in " + table.name
             print_error(reason, filename, lineno)
             return -1
 
-        table_info = " " + table.family + " " + table.name + " "
-        set_text = " " + set_info[0] + " { type " + set_info[1] + " \;}"
-        cmd = NFT_BIN + " add set" + table_info + set_text
+        table_handle = " " + table.family + " " + table.name + " "
+        if s.flags == "":
+            set_cmd = " " + s.name + " { type " + s.type + "\;}"
+        else:
+            set_cmd = " " + s.name + " { type " + s.type + "\; flags " + s.flags + "\; }"
+
+        cmd = NFT_BIN + " add set" + table_handle + set_cmd
         ret = execute_cmd(cmd, filename, lineno)
 
-        if (ret == 0 and set_info[2].rstrip() == "fail") or \
-                (ret != 0 and set_info[2].rstrip() == "ok"):
-            reason = cmd + ": " + "I cannot add the set " + set_info[0]
+        if (ret == 0 and test_result == "fail") or \
+                (ret != 0 and test_result == "ok"):
+            reason = cmd + ": " + "I cannot add the set " + s.name
             print_error(reason, filename, lineno)
             return -1
 
-        if not set_exist(set_info[0], table, filename, lineno):
-            reason = "I have just added the set " + set_info[0] + \
+        if not _set_exist(s, filename, lineno):
+            reason = "I have just added the set " + s.name + \
                      " to the table " + table.name + " but it does not exist"
             print_error(reason, filename, lineno)
             return -1
@@ -419,6 +438,17 @@ def set_exist(set_name, table, filename, lineno):
     return True if (ret == 0) else False
 
 
+def _set_exist(s, filename, lineno):
+    '''
+    Check if the set exists.
+    '''
+    table_handle = " " + s.family + " " + s.table + " "
+    cmd = NFT_BIN + " list -nnn set" + table_handle + s.name
+    ret = execute_cmd(cmd, filename, lineno)
+
+    return True if (ret == 0) else False
+
+
 def set_check_element(rule1, rule2):
     '''
     Check if element exists in anonymous sets.
@@ -717,14 +747,20 @@ def chain_process(chain_line, lineno):
 
 
 def set_process(set_line, filename, lineno):
-    set_info = []
-    set_name = "".join(set_line[0].rstrip()[1:])
-    set_info.append(set_name)
-    set_type = set_line[1].split(";")[0]
-    set_state = set_line[1].split(";")[1]  # ok or fail
-    set_info.append(set_type)
-    set_info.append(set_state)
-    ret = set_add(set_info, filename, lineno)
+    test_result = set_line[1]
+
+    tokens = set_line[0].split(" ")
+    set_name = tokens[0]
+    set_type = tokens[2]
+
+    if len(tokens) == 5 and tokens[3] == "flags":
+        set_flags = tokens[4]
+    else:
+        set_flags = ""
+
+    s = Set("", "", set_name, set_type, set_flags)
+
+    ret = set_add(s, test_result, filename, lineno)
     if ret == 0:
         all_set[set_name] = set()
 
@@ -808,7 +844,7 @@ def run_test_file(filename, force_all_family_option, specific_file):
             continue
 
         if line[0] == "!":  # Adds this set
-            set_line = line.rstrip()[0:].split(" ")
+            set_line = line.rstrip()[1:].split(";")
             ret = set_process(set_line, filename, lineno)
             tests += 1
             if ret == -1:
-- 
2.1.4

[PATCH nft 3/3 nft] tests/py: add interval tests

[Pablo Neira Ayuso]

Add some initial tests to cover dynamic interval sets.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/ip/sets.t  | 12 ++++++++++++
 tests/py/ip6/sets.t | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t
index 2b4e7e1..0e2b193 100644
--- a/tests/py/ip/sets.t
+++ b/tests/py/ip/sets.t
@@ -31,3 +31,15 @@
 ip saddr @set1 drop;ok
 ip saddr @set2 drop;ok
 ip saddr @set33 drop;fail
+
+!set3 type ipv4_addr flags interval;ok
+?set3 192.168.0.0/16;ok
+?set3 172.16.0.0/12;ok
+?set3 10.0.0.0/8;ok
+
+!set4 type ipv4_addr flags interval;ok
+?set4 192.168.1.0/24;ok
+?set4 192.168.0.0/24;ok
+?set4 192.168.2.0/24;ok
+?set4 192.168.1.1;fail
+?set4 192.168.3.0/24;ok
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
index 765b971..ff38925 100644
--- a/tests/py/ip6/sets.t
+++ b/tests/py/ip6/sets.t
@@ -23,3 +23,14 @@
 
 ip6 saddr @set2 drop;ok
 ip6 saddr @set33 drop;fail
+
+!set3 type ipv6_addr flags interval;ok
+?set3 1234:1234:1234:1234::/64;ok
+?set3 1324:1234:1234:1235::/64;ok
+?set3 1324:1234:1234:1233::/64;ok
+?set3 1234:1234:1234:1234:1234:1234:/96;fail
+?set3 1324:1234:1234:1236::/64;ok
+
+!set4 type ipv6_addr flags interval;ok
+?set4 1234:1234:1234:1234::/64 4321:1234:1234:1234::/64;ok
+?set4 4321:1234:1234:1234:1234:1234::/96;fail
-- 
2.1.4