* [PATCH nft 02/16] tests: files: Remove tests for ipv6
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 03/16] tests: shell: Add test for log statement Varsha Rao
` (13 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch removes test cases for ipv6 family. As they are already
present in tests/shell file.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/family-ipv6 | 13 -------------
1 file changed, 13 deletions(-)
delete mode 100644 tests/files/family-ipv6
diff --git a/tests/files/family-ipv6 b/tests/files/family-ipv6
deleted file mode 100644
index cfc740c..0000000
--- a/tests/files/family-ipv6
+++ /dev/null
@@ -1,13 +0,0 @@
-#! nft -f
-
-add table ip6 filter
-add chain ip6 filter output { type filter hook output priority 0 ; }
-
-# IP address
-add rule ip6 filter output ip6 daddr 2001:6f8:974::1 counter
-
-# Next protocol
-add rule ip6 filter output ip6 nexthdr tcp
-
-# TCP ports
-add rule ip6 filter output tcp dport 22 counter
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 03/16] tests: shell: Add test for log statement.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
2017-10-29 20:49 ` [PATCH nft 02/16] tests: files: Remove tests for ipv6 Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 04/16] tests: files: Remove log statement tests Varsha Rao
` (12 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
Add test case for log statement.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/optionals/log_0 | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
create mode 100755 tests/shell/testcases/optionals/log_0
diff --git a/tests/shell/testcases/optionals/log_0 b/tests/shell/testcases/optionals/log_0
new file mode 100755
index 0000000..672cff7
--- /dev/null
+++ b/tests/shell/testcases/optionals/log_0
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+ chain y {
+ type filter hook output priority 0; policy accept;
+ tcp dport ssh log group 0 counter packets 0 bytes 0
+ }
+}"
+
+$NFT add table ip x
+$NFT add chain ip x y { type filter hook output priority 0\; }
+$NFT add rule ip x y tcp dport 22 log group 0 counter
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 04/16] tests: files: Remove log statement tests.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
2017-10-29 20:49 ` [PATCH nft 02/16] tests: files: Remove tests for ipv6 Varsha Rao
2017-10-29 20:49 ` [PATCH nft 03/16] tests: shell: Add test for log statement Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 05/16] tests: shell: Add test for log flags Varsha Rao
` (11 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
New test case for log statement has been added to tests/shell file, so
remove it.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/stmt-log | 6 ------
1 file changed, 6 deletions(-)
delete mode 100644 tests/files/stmt-log
diff --git a/tests/files/stmt-log b/tests/files/stmt-log
deleted file mode 100644
index 2ae7aae..0000000
--- a/tests/files/stmt-log
+++ /dev/null
@@ -1,6 +0,0 @@
-#! nft -f
-
-add table ip filter
-add chain ip filter output { type filter hook output priority 0; }
-
-add rule ip filter output log saddr "prefix" group 0 counter
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 05/16] tests: shell: Add test for log flags.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (2 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 04/16] tests: files: Remove log statement tests Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 06/16] tests: shell: Add tests for payload expression Varsha Rao
` (10 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch adds test cases for log flags.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/optionals/log_flags_0 | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
create mode 100755 tests/shell/testcases/optionals/log_flags_0
diff --git a/tests/shell/testcases/optionals/log_flags_0 b/tests/shell/testcases/optionals/log_flags_0
new file mode 100755
index 0000000..7b8550f
--- /dev/null
+++ b/tests/shell/testcases/optionals/log_flags_0
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+ chain y {
+ log flags tcp sequence,options
+ log flags ip options
+ log flags skuid
+ log flags ether
+ log flags all
+ }
+}"
+
+$NFT add table ip x
+$NFT add chain ip x y
+$NFT add rule x y log flags tcp sequence,options
+$NFT add rule x y log flags ip options
+$NFT add rule x y log flags skuid
+$NFT add rule x y log flags ether
+$NFT add rule x y log flags all
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 06/16] tests: shell: Add tests for payload expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (3 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 05/16] tests: shell: Add test for log flags Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 07/16] tests: files: Remove payload expression tests Varsha Rao
` (9 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch adds test case for adjacent payload expression.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/transactions/0024rule_0 | 44 +++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
create mode 100755 tests/shell/testcases/transactions/0024rule_0
diff --git a/tests/shell/testcases/transactions/0024rule_0 b/tests/shell/testcases/transactions/0024rule_0
new file mode 100755
index 0000000..7644ce8
--- /dev/null
+++ b/tests/shell/testcases/transactions/0024rule_0
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Tests for adjacent payload expressions.
+
+set -e
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+RULESET="add table x
+add chain x y
+add rule x y tcp sport 1024 tcp dport 22 counter
+add rule x y ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter
+add rule x y tcp sequence 0 tcp sport 1024 tcp dport 22
+add rule x y tcp sport 1024 tcp dport 22 tcp sequence 0"
+
+echo "$RULESET" > $tmpfile
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+ echo "E: unable to load good ruleset" >&2
+ exit 1
+fi
+
+EXPECTED="table ip x {
+ chain y {
+ tcp sport 1024 tcp dport ssh counter packets 0 bytes 0
+ ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter packets 0 bytes 0
+ tcp sport 1024 tcp dport ssh tcp sequence 0
+ tcp sport 1024 tcp dport ssh tcp sequence 0
+ }
+}"
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 07/16] tests: files: Remove payload expression tests.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (4 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 06/16] tests: shell: Add tests for payload expression Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 08/16] tests: files: Remove test for syntactical errors Varsha Rao
` (8 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
Remove test for payload expression as new test has been added to
tests/shell.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/feat-adjancent-load-merging | 13 -------------
1 file changed, 13 deletions(-)
delete mode 100644 tests/files/feat-adjancent-load-merging
diff --git a/tests/files/feat-adjancent-load-merging b/tests/files/feat-adjancent-load-merging
deleted file mode 100644
index 1177174..0000000
--- a/tests/files/feat-adjancent-load-merging
+++ /dev/null
@@ -1,13 +0,0 @@
-#! nft -f
-
-# adjacent payload expressions: 4 bytes in order
-add rule filter output tcp sport 1024 tcp dport 22 counter
-
-# adjacent payload expressions: 8 bytes in order
-add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter
-
-# adjacent payload expressions: 8 bytes in order
-add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22
-
-# adjacent payload expressions: 8 bytes in reverse order
-add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 08/16] tests: files: Remove test for syntactical errors.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (5 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 07/16] tests: files: Remove payload expression tests Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 09/16] tests: shell: Add test for ct expression Varsha Rao
` (7 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch removes test for syntax error as they are not required.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/error.1 | 9 ---------
tests/files/error.2 | 18 ------------------
2 files changed, 27 deletions(-)
delete mode 100644 tests/files/error.1
delete mode 100644 tests/files/error.2
diff --git a/tests/files/error.1 b/tests/files/error.1
deleted file mode 100644
index bc3bf16..0000000
--- a/tests/files/error.1
+++ /dev/null
@@ -1,9 +0,0 @@
-#! nft -f
-
-# mixed syntactical and non-syntactical errors
-filter {
-filter input
-filter input tcp
-filter input tcp dport
-filter input tcp dport tcp
-filter input tcp dport tcp dport
diff --git a/tests/files/error.2 b/tests/files/error.2
deleted file mode 100644
index 744a63d..0000000
--- a/tests/files/error.2
+++ /dev/null
@@ -1,18 +0,0 @@
-#! nft -f
-
-# mixed syntactical and non-syntactical errors in blocks
-table filter {
- # missing identifier
- chain
-
- # missing chain block
- chain output
-
- chain output {
- tcp
- tcp dport
- tcp dport tcp
- tcp dport tcp dport
- tcp dport ssh
- }
-}
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 09/16] tests: shell: Add test for ct expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (6 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 08/16] tests: files: Remove test for syntactical errors Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 10/16] tests: files: Remove " Varsha Rao
` (6 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch adds test cases for ct expression.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/transactions/0025rule_0 | 36 +++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
create mode 100755 tests/shell/testcases/transactions/0025rule_0
diff --git a/tests/shell/testcases/transactions/0025rule_0 b/tests/shell/testcases/transactions/0025rule_0
new file mode 100755
index 0000000..b8df747
--- /dev/null
+++ b/tests/shell/testcases/transactions/0025rule_0
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Test for ct statements.
+
+set -e
+
+$NFT add table x
+$NFT add chain x y { type filter hook output priority 0\; }
+$NFT add rule x y ct state new,established
+$NFT add rule x y ct direction original
+$NFT add rule x y ct direction reply
+$NFT add rule x y ct status expected
+$NFT add rule x y ct mark 0
+$NFT add rule x y ct expiration 30
+$NFT add rule x y ct helper "ftp"
+
+EXPECTED="table ip x {
+ chain y {
+ type filter hook output priority 0; policy accept;
+ ct state established,new
+ ct direction original
+ ct direction reply
+ ct status expected
+ ct mark 0x00000000
+ ct expiration 30s
+ ct helper \"ftp\"
+ }
+}"
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 10/16] tests: files: Remove test for ct expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (7 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 09/16] tests: shell: Add test for ct expression Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 11/16] tests: files: Remove prefix file Varsha Rao
` (5 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch removes test cases for ct expression.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/expr-ct | 26 --------------------------
1 file changed, 26 deletions(-)
delete mode 100644 tests/files/expr-ct
diff --git a/tests/files/expr-ct b/tests/files/expr-ct
deleted file mode 100644
index 1dfc7ac..0000000
--- a/tests/files/expr-ct
+++ /dev/null
@@ -1,26 +0,0 @@
-#! nft -f
-
-add table ip filter
-add chain ip filter output { type filter hook output priority 0 ; }
-
-# ct: state
-add rule ip filter output ct state new,established counter
-
-# ct: direction original/reply
-add rule ip filter output ct direction original counter
-add rule ip filter output ct direction reply counter
-
-# ct: status
-add rule ip filter output ct status expected counter
-
-# ct: mark
-add rule ip filter output ct mark 0 counter
-
-# ct: secmark
-add rule ip filter output ct secmark 0 counter
-
-# ct: expiration
-add rule ip filter output ct expiration 30 counter
-
-# ct: helper ftp
-add rule ip filter output ct helper "ftp" counter
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 11/16] tests: files: Remove prefix file.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (8 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 10/16] tests: files: Remove " Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 12/16] tests: files: Test for meta expressions Varsha Rao
` (4 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
Test rules in prefix file are not required, so remove it.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/prefix | 5 -----
1 file changed, 5 deletions(-)
delete mode 100644 tests/files/prefix
diff --git a/tests/files/prefix b/tests/files/prefix
deleted file mode 100644
index bada850..0000000
--- a/tests/files/prefix
+++ /dev/null
@@ -1,5 +0,0 @@
-add rule filter OUTPUT meta mark 123/0x000000ff
-add rule filter OUTPUT ip daddr 192.168.0.0/24
-add rule filter OUTPUT ip daddr 192.168.0.0/255.255.255.0
-add rule filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24
-add rule filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24}
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 12/16] tests: files: Test for meta expressions.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (9 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 11/16] tests: files: Remove prefix file Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 13/16] tests: files: Remove test for meta expression Varsha Rao
` (3 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch adds test case for meta expressions.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/transactions/0026rule_0 | 44 +++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
create mode 100755 tests/shell/testcases/transactions/0026rule_0
diff --git a/tests/shell/testcases/transactions/0026rule_0 b/tests/shell/testcases/transactions/0026rule_0
new file mode 100755
index 0000000..4111ce9
--- /dev/null
+++ b/tests/shell/testcases/transactions/0026rule_0
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Test for meta expressions.
+
+set -e
+
+$NFT add table x
+$NFT add chain x y { type filter hook output priority 0\; }
+$NFT add rule x y meta length 1000
+$NFT add rule x y meta protocol 0x0800
+$NFT add rule x y meta mark 0
+$NFT add rule x y meta iif lo
+$NFT add rule x y meta iifname "eth0"
+$NFT add rule x y meta oif lo
+$NFT add rule x y meta oifname "eth0"
+$NFT add rule x y meta skuid 1000
+$NFT add rule x y meta nftrace set 1
+$NFT add rule x y meta rtclassid cosmos
+
+usr=$"$USER"
+
+EXPECTED="table ip x {
+ chain y {
+ type filter hook output priority 0; policy accept;
+ meta length 1000
+ meta protocol ip
+ mark 0x00000000
+ iif \"lo\"
+ iifname \"eth0\"
+ oif \"lo\"
+ oifname \"eth0\"
+ skuid \"$usr\"
+ nftrace set 1
+ rtclassid \"cosmos\"
+ }
+}"
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 13/16] tests: files: Remove test for meta expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (10 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 12/16] tests: files: Test for meta expressions Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 14/16] tests: shell: Add tests for concat expression Varsha Rao
` (2 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
This patch removes test cases for meta expression. As new test is added
to tests/shell.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/expr-meta | 40 ----------------------------------------
1 file changed, 40 deletions(-)
delete mode 100644 tests/files/expr-meta
diff --git a/tests/files/expr-meta b/tests/files/expr-meta
deleted file mode 100644
index 360caa7..0000000
--- a/tests/files/expr-meta
+++ /dev/null
@@ -1,40 +0,0 @@
-#! nft -f
-
-add table ip filter
-add chain ip filter output { type filter hook output priority 0 ; }
-
-# meta: skb len
-add rule ip filter output meta length 1000 counter
-
-# meta: skb protocol
-add rule ip filter output meta protocol 0x0800 counter
-
-# meta: skb mark
-add rule ip filter output meta mark 0 counter
-
-# meta: skb iif
-add rule ip filter output meta iif lo counter
-
-# meta: skb iifname
-add rule ip filter output meta iifname "eth0" counter
-
-# meta: skb oif
-add rule ip filter output meta oif lo counter
-
-# meta: skb oifname
-add rule ip filter output meta oifname "eth0" counter
-
-# meta: skb sk uid
-add rule ip filter output meta skuid 1000 counter
-
-# meta: skb sk gid
-add rule ip filter output meta skgid 1000 counter
-
-# meta: nftrace
-add rule ip filter output meta nftrace 1 counter
-
-# meta: rtclassid (see /etc/iproute2/rt_realms)
-add rule ip filter output meta rtclassid cosmos counter
-
-# meta: secmark
-add rule ip filter output meta secmark 0 counter
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 14/16] tests: shell: Add tests for concat expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (11 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 13/16] tests: files: Remove test for meta expression Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 15/16] tests: files: Remove " Varsha Rao
2017-10-29 20:49 ` [PATCH nft 16/16] tests: shell: Add test case for map expression Varsha Rao
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
Add test cases for concat type and element mismatch.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/transactions/0050concat_1 | 26 +++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100755 tests/shell/testcases/transactions/0050concat_1
diff --git a/tests/shell/testcases/transactions/0050concat_1 b/tests/shell/testcases/transactions/0050concat_1
new file mode 100755
index 0000000..0e4f6e1
--- /dev/null
+++ b/tests/shell/testcases/transactions/0050concat_1
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -e
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+RULESET="add table ip x
+add chain ip x y
+add rule ip x y ip daddr . tcp sport . tcp dport { \
+ 192.168.0.1 . 22, \
+ 192.168.0.1 . 80, \
+}
+add rule ip x y ip daddr . tcp dport { \
+ 192.168.0.1 . 192.168.0.2, \
+ 192.168.0.1 . 192.168.0.3, \
+}"
+
+echo "$RULESET" > $tmpfile
+$NFT -f $tmpfile
+echo "E: Allowed concat type and element mismatch"
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 15/16] tests: files: Remove tests for concat expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (12 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 14/16] tests: shell: Add tests for concat expression Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
2017-10-29 20:49 ` [PATCH nft 16/16] tests: shell: Add test case for map expression Varsha Rao
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
New test cases for concat expression has been added to tests/shell file,
so remove it.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/files/expr-concat | 19 -------------------
1 file changed, 19 deletions(-)
delete mode 100644 tests/files/expr-concat
diff --git a/tests/files/expr-concat b/tests/files/expr-concat
deleted file mode 100644
index bb284cc..0000000
--- a/tests/files/expr-concat
+++ /dev/null
@@ -1,19 +0,0 @@
-#! nft -f
-
-# Concat element mismatch
-add rule ip filter output ip daddr . tcp sport . tcp dport { \
- 192.168.0.1 . 22, \
- 192.168.0.1 . 80, \
-}
-
-# Concat type mismatch
-add rule ip filter output ip daddr . tcp dport { \
- 192.168.0.1 . 192.168.0.2, \
- 192.168.0.1 . 192.168.0.3, \
-}
-
-# Concat expression
-add rule ip filter output ip daddr . tcp dport { \
- 192.168.0.1 . 22, \
- 192.168.0.1 . 80, \
-}
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread* [PATCH nft 16/16] tests: shell: Add test case for map expression.
2017-10-29 20:49 ` [PATCH nft 01/16] tests: files: Remove tests for ipv4 Varsha Rao
` (13 preceding siblings ...)
2017-10-29 20:49 ` [PATCH nft 15/16] tests: files: Remove " Varsha Rao
@ 2017-10-29 20:49 ` Varsha Rao
14 siblings, 0 replies; 18+ messages in thread
From: Varsha Rao @ 2017-10-29 20:49 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: Varsha Rao
Add tests for different map expression.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
tests/shell/testcases/maps/different_map_types_1 | 10 ++++++++++
1 file changed, 10 insertions(+)
create mode 100755 tests/shell/testcases/maps/different_map_types_1
diff --git a/tests/shell/testcases/maps/different_map_types_1 b/tests/shell/testcases/maps/different_map_types_1
new file mode 100755
index 0000000..4d09163
--- /dev/null
+++ b/tests/shell/testcases/maps/different_map_types_1
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# must fail: expr MAP { expr : type1, expr : type2, .. } expr
+
+set -e
+
+$NFT add table ip filter
+$NFT add chain ip filter output { type filter hook output priority 0 \; }
+$NFT add rule ip filter output meta mark set tcp dport map { 22 : 1, 23 : 192.168.0.1 }
+echo "E: Added two different types of expression to map"
--
2.13.6
^ permalink raw reply related [flat|nested] 18+ messages in thread