[nft PATCH 1/2] tests: shell: add a testcase for many defines

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [nft PATCH 1/2] tests: shell: add a testcase for many defines
@ 2016-11-28 12:59 Arturo Borrero Gonzalez
  2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
  2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso
  0 siblings, 2 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw)
  To: netfilter-devel

From: Arturo Borrero Gonzalez <arturo@debian.org>

Use many defines in a single nft -f run.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
 tests/shell/testcases/nft-f/0011manydefines_0 |   37 +++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100755 tests/shell/testcases/nft-f/0011manydefines_0

diff --git a/tests/shell/testcases/nft-f/0011manydefines_0 b/tests/shell/testcases/nft-f/0011manydefines_0
new file mode 100755
index 0000000..84664f4
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0011manydefines_0
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# tests many defines in a single nft -f run
+
+HOWMANY=20000
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+	echo "Failed to create tmp file" >&2
+	exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+generate1()
+{
+	for ((i=0; i<=HOWMANY; i++)) ; do
+		echo "define data_${i} = ${i}"
+	done
+}
+
+generate2()
+{
+	for ((i=0; i<=HOWMANY; i++)) ; do
+		echo "iifname \$data_${i}"
+	done
+}
+
+echo " $(generate1)
+table t {
+	chain c {
+		$(generate2)
+	}
+}" > $tmpfile
+
+set -e
+$NFT -f $tmpfile


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [nft PATCH 2/2] tests: shell: add testcase for different defines usage
  2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez
@ 2016-11-28 12:59 ` Arturo Borrero Gonzalez
  2016-11-29 21:20   ` Pablo Neira Ayuso
  2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw)
  To: netfilter-devel

From: Arturo Borrero Gonzalez <arturo@debian.org>

This testcase add some defines in a nft -f run and then uses
them in different spots (which are not covered in previous testcases).

 * defines used to define another one
 * different datatypes (numbers, strings, bits, ranges)
 * usage in sets, maps, contatenatios
 * single rules with single statements, multiple statements
 * reuse define in same rule

Perhaps this isn't testing many different code path, but I find this
interesting to have given it will probably be one of the most common
use cases of nftables.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
 .../shell/testcases/nft-f/0012different_defines_0  |   44 ++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100755 tests/shell/testcases/nft-f/0012different_defines_0

diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0
new file mode 100755
index 0000000..9c496d5
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0012different_defines_0
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# tests different spots, datatypes and usages for nft defines
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+	echo "Failed to create tmp file" >&2
+	exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+echo "
+define d_iifname = whatever
+define d_oifname = \$d_iifname
+define d_iif = lo
+define d_oif = \$d_iif
+define d_mark = 123
+define d_state = new,established,related
+define d_ipv4 = 10.0.0.0
+define d_ipv4_2 = 10.0.0.2
+define d_ipv6 = fe0::1
+define d_ipv6_2 = fe0::2
+define d_ports = 100-222
+
+table inet t {
+	chain c {
+		iifname \$d_iifname oifname \$d_oifname iif \$d_iif oif \$d_oif
+		iifname { \$d_iifname , \$d_oifname } iif { \$d_iif , \$d_oif } meta mark \$d_mark
+		ct state \$d_state
+		ct state != \$d_state
+		ip saddr \$d_ipv4 ip daddr \$d_ipv4_2 ip saddr \$d_ipv4
+		ip6 daddr \$d_ipv6 ip6 saddr \$d_ipv6_2
+		ip saddr vmap { \$d_ipv4 : drop , \$d_ipv4_2 : accept }
+		ip6 daddr vmap { \$d_ipv6 : drop , \$d_ipv6_2 : accept }
+		ip6 saddr . ip6 nexthdr { \$d_ipv6 . udp, \$d_ipv6_2 . tcp }
+		ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept }
+		tcp dport \$d_ports
+		udp dport vmap { \$d_ports : accept }
+	}
+}" >> $tmpfile
+
+set -e
+$NFT -f $tmpfile


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [nft PATCH 1/2] tests: shell: add a testcase for many defines
  2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez
  2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
@ 2016-11-29 21:20 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Mon, Nov 28, 2016 at 01:59:22PM +0100, Arturo Borrero Gonzalez wrote:
> From: Arturo Borrero Gonzalez <arturo@debian.org>
> 
> Use many defines in a single nft -f run.

Applied, thanks Arturo.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [nft PATCH 2/2] tests: shell: add testcase for different defines usage
  2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
@ 2016-11-29 21:20   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Mon, Nov 28, 2016 at 01:59:28PM +0100, Arturo Borrero Gonzalez wrote:
> From: Arturo Borrero Gonzalez <arturo@debian.org>
> 
> This testcase add some defines in a nft -f run and then uses
> them in different spots (which are not covered in previous testcases).
> 
>  * defines used to define another one
>  * different datatypes (numbers, strings, bits, ranges)
>  * usage in sets, maps, contatenatios
>  * single rules with single statements, multiple statements
>  * reuse define in same rule
> 
> Perhaps this isn't testing many different code path, but I find this
> interesting to have given it will probably be one of the most common
> use cases of nftables.

Also applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-11-29 21:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez
2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez
2016-11-29 21:20   ` Pablo Neira Ayuso
2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).