* [nft PATCH 1/2] tests: shell: add a testcase for many defines @ 2016-11-28 12:59 Arturo Borrero Gonzalez 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez 2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso 0 siblings, 2 replies; 4+ messages in thread From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw) To: netfilter-devel From: Arturo Borrero Gonzalez <arturo@debian.org> Use many defines in a single nft -f run. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> --- tests/shell/testcases/nft-f/0011manydefines_0 | 37 +++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 tests/shell/testcases/nft-f/0011manydefines_0 diff --git a/tests/shell/testcases/nft-f/0011manydefines_0 b/tests/shell/testcases/nft-f/0011manydefines_0 new file mode 100755 index 0000000..84664f4 --- /dev/null +++ b/tests/shell/testcases/nft-f/0011manydefines_0 @@ -0,0 +1,37 @@ +#!/bin/bash + +# tests many defines in a single nft -f run + +HOWMANY=20000 + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +generate1() +{ + for ((i=0; i<=HOWMANY; i++)) ; do + echo "define data_${i} = ${i}" + done +} + +generate2() +{ + for ((i=0; i<=HOWMANY; i++)) ; do + echo "iifname \$data_${i}" + done +} + +echo " $(generate1) +table t { + chain c { + $(generate2) + } +}" > $tmpfile + +set -e +$NFT -f $tmpfile ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [nft PATCH 2/2] tests: shell: add testcase for different defines usage 2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez @ 2016-11-28 12:59 ` Arturo Borrero Gonzalez 2016-11-29 21:20 ` Pablo Neira Ayuso 2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso 1 sibling, 1 reply; 4+ messages in thread From: Arturo Borrero Gonzalez @ 2016-11-28 12:59 UTC (permalink / raw) To: netfilter-devel From: Arturo Borrero Gonzalez <arturo@debian.org> This testcase add some defines in a nft -f run and then uses them in different spots (which are not covered in previous testcases). * defines used to define another one * different datatypes (numbers, strings, bits, ranges) * usage in sets, maps, contatenatios * single rules with single statements, multiple statements * reuse define in same rule Perhaps this isn't testing many different code path, but I find this interesting to have given it will probably be one of the most common use cases of nftables. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> --- .../shell/testcases/nft-f/0012different_defines_0 | 44 ++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 tests/shell/testcases/nft-f/0012different_defines_0 diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0 new file mode 100755 index 0000000..9c496d5 --- /dev/null +++ b/tests/shell/testcases/nft-f/0012different_defines_0 @@ -0,0 +1,44 @@ +#!/bin/bash + +# tests different spots, datatypes and usages for nft defines + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +echo " +define d_iifname = whatever +define d_oifname = \$d_iifname +define d_iif = lo +define d_oif = \$d_iif +define d_mark = 123 +define d_state = new,established,related +define d_ipv4 = 10.0.0.0 +define d_ipv4_2 = 10.0.0.2 +define d_ipv6 = fe0::1 +define d_ipv6_2 = fe0::2 +define d_ports = 100-222 + +table inet t { + chain c { + iifname \$d_iifname oifname \$d_oifname iif \$d_iif oif \$d_oif + iifname { \$d_iifname , \$d_oifname } iif { \$d_iif , \$d_oif } meta mark \$d_mark + ct state \$d_state + ct state != \$d_state + ip saddr \$d_ipv4 ip daddr \$d_ipv4_2 ip saddr \$d_ipv4 + ip6 daddr \$d_ipv6 ip6 saddr \$d_ipv6_2 + ip saddr vmap { \$d_ipv4 : drop , \$d_ipv4_2 : accept } + ip6 daddr vmap { \$d_ipv6 : drop , \$d_ipv6_2 : accept } + ip6 saddr . ip6 nexthdr { \$d_ipv6 . udp, \$d_ipv6_2 . tcp } + ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept } + tcp dport \$d_ports + udp dport vmap { \$d_ports : accept } + } +}" >> $tmpfile + +set -e +$NFT -f $tmpfile ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [nft PATCH 2/2] tests: shell: add testcase for different defines usage 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez @ 2016-11-29 21:20 ` Pablo Neira Ayuso 0 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw) To: Arturo Borrero Gonzalez; +Cc: netfilter-devel On Mon, Nov 28, 2016 at 01:59:28PM +0100, Arturo Borrero Gonzalez wrote: > From: Arturo Borrero Gonzalez <arturo@debian.org> > > This testcase add some defines in a nft -f run and then uses > them in different spots (which are not covered in previous testcases). > > * defines used to define another one > * different datatypes (numbers, strings, bits, ranges) > * usage in sets, maps, contatenatios > * single rules with single statements, multiple statements > * reuse define in same rule > > Perhaps this isn't testing many different code path, but I find this > interesting to have given it will probably be one of the most common > use cases of nftables. Also applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [nft PATCH 1/2] tests: shell: add a testcase for many defines 2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez @ 2016-11-29 21:20 ` Pablo Neira Ayuso 1 sibling, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2016-11-29 21:20 UTC (permalink / raw) To: Arturo Borrero Gonzalez; +Cc: netfilter-devel On Mon, Nov 28, 2016 at 01:59:22PM +0100, Arturo Borrero Gonzalez wrote: > From: Arturo Borrero Gonzalez <arturo@debian.org> > > Use many defines in a single nft -f run. Applied, thanks Arturo. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-11-29 21:20 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-11-28 12:59 [nft PATCH 1/2] tests: shell: add a testcase for many defines Arturo Borrero Gonzalez 2016-11-28 12:59 ` [nft PATCH 2/2] tests: shell: add testcase for different defines usage Arturo Borrero Gonzalez 2016-11-29 21:20 ` Pablo Neira Ayuso 2016-11-29 21:20 ` [nft PATCH 1/2] tests: shell: add a testcase for many defines Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).