From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables PATCH] tests: shell: Stabilize nft-only/0009-needless-bitwise_0
Date: Fri, 20 Nov 2020 19:50:00 +0100 [thread overview]
Message-ID: <20201120185000.GA17769@salvia> (raw)
In-Reply-To: <20201120175757.8063-1-phil@nwl.cc>
On Fri, Nov 20, 2020 at 06:57:57PM +0100, Phil Sutter wrote:
> Netlink debug output varies depending on host's endianness and therefore
> the test fails on Big Endian machines. Since for the sake of asserting
> no needless bitwise expressions in output the actual data values are not
> relevant, simply crop the output to just the expression names.
Probably we can fix this in libnftnl before we apply patches like this
to nft as well?
> Fixes: 81a2e12851283 ("tests/shell: Add test for bitwise avoidance fixes")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> .../nft-only/0009-needless-bitwise_0 | 413 +++++++++---------
> 1 file changed, 208 insertions(+), 205 deletions(-)
>
> diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
> index 41d765e537312..0254208bcf69f 100755
> --- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
> +++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
> @@ -1,4 +1,4 @@
> -#!/bin/bash -x
> +#!/bin/bash
>
> [[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
> set -e
> @@ -53,287 +53,290 @@ ff:00:00:00:00:00
> ) | $XT_MULTI ebtables-restore
>
> EXPECT="ip filter OUTPUT 4
> - [ payload load 4b @ network header + 16 => reg 1 ]
> - [ cmp eq reg 1 0x0302010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip filter OUTPUT 5 4
> - [ payload load 4b @ network header + 16 => reg 1 ]
> - [ cmp eq reg 1 0x0302010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip filter OUTPUT 6 5
> - [ payload load 4b @ network header + 16 => reg 1 ]
> - [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ]
> - [ cmp eq reg 1 0x0002010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ bitwise ]
> + [ cmp ]
> + [ counter ]
>
> ip filter OUTPUT 7 6
> - [ payload load 3b @ network header + 16 => reg 1 ]
> - [ cmp eq reg 1 0x0002010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip filter OUTPUT 8 7
> - [ payload load 2b @ network header + 16 => reg 1 ]
> - [ cmp eq reg 1 0x0000010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip filter OUTPUT 9 8
> - [ payload load 1b @ network header + 16 => reg 1 ]
> - [ cmp eq reg 1 0x0000000a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip filter OUTPUT 10 9
> - [ counter pkts 0 bytes 0 ]
> + [ counter ]
>
> ip6 filter OUTPUT 4
> - [ payload load 16b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x0a090807 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 5 4
> - [ payload load 16b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x0a090807 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 6 5
> - [ payload load 16b @ network header + 24 => reg 1 ]
> - [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xffffffff 0xffffffff 0xf0ffffff ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00090807 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ bitwise ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 7 6
> - [ payload load 15b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00090807 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 8 7
> - [ payload load 14b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00000807 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 9 8
> - [ payload load 11b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x00050403 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 10 9
> - [ payload load 10b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x00000403 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 11 10
> - [ payload load 8b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x020100ee ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 12 11
> - [ payload load 6b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0xffc0edfe 0x000000ee ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 13 12
> - [ payload load 2b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x0000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 14 13
> - [ payload load 1b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x000000fe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> ip6 filter OUTPUT 15 14
> - [ counter pkts 0 bytes 0 ]
> + [ counter ]
>
> arp filter OUTPUT 3
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 4b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x0302010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 4 3
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 4b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x0302010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 5 4
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 4b @ network header + 24 => reg 1 ]
> - [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ]
> - [ cmp eq reg 1 0x0002010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ bitwise ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 6 5
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 3b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x0002010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 7 6
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 2b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x0000010a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 8 7
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 1b @ network header + 24 => reg 1 ]
> - [ cmp eq reg 1 0x0000000a ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 9 8
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 10 9
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 6b @ network header + 18 => reg 1 ]
> - [ cmp eq reg 1 0xc000edfe 0x0000eeff ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 11 10
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 6b @ network header + 18 => reg 1 ]
> - [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ]
> - [ cmp eq reg 1 0xc000edfe 0x0000e0ff ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ bitwise ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 12 11
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 5b @ network header + 18 => reg 1 ]
> - [ cmp eq reg 1 0xc000edfe 0x000000ff ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 13 12
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 4b @ network header + 18 => reg 1 ]
> - [ cmp eq reg 1 0xc000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 14 13
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 3b @ network header + 18 => reg 1 ]
> - [ cmp eq reg 1 0x0000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 15 14
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 2b @ network header + 18 => reg 1 ]
> - [ cmp eq reg 1 0x0000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> arp filter OUTPUT 16 15
> - [ payload load 2b @ network header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x00000100 ]
> - [ payload load 1b @ network header + 4 => reg 1 ]
> - [ cmp eq reg 1 0x00000006 ]
> - [ payload load 1b @ network header + 5 => reg 1 ]
> - [ cmp eq reg 1 0x00000004 ]
> - [ payload load 1b @ network header + 18 => reg 1 ]
> - [ cmp eq reg 1 0x000000fe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 4
> - [ payload load 6b @ link header + 0 => reg 1 ]
> - [ cmp eq reg 1 0xc000edfe 0x0000eeff ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 5 4
> - [ payload load 6b @ link header + 0 => reg 1 ]
> - [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ]
> - [ cmp eq reg 1 0xc000edfe 0x0000e0ff ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ bitwise ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 6 5
> - [ payload load 5b @ link header + 0 => reg 1 ]
> - [ cmp eq reg 1 0xc000edfe 0x000000ff ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 7 6
> - [ payload load 4b @ link header + 0 => reg 1 ]
> - [ cmp eq reg 1 0xc000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 8 7
> - [ payload load 3b @ link header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x0000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 9 8
> - [ payload load 2b @ link header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x0000edfe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
>
> bridge filter OUTPUT 10 9
> - [ payload load 1b @ link header + 0 => reg 1 ]
> - [ cmp eq reg 1 0x000000fe ]
> - [ counter pkts 0 bytes 0 ]
> + [ payload ]
> + [ cmp ]
> + [ counter ]
> "
>
> -diff -u -Z <(echo "$EXPECT") <(nft --debug=netlink list ruleset | awk '/^table/{exit} {print}')
> +diff -u -Z <(echo "$EXPECT") <(nft --debug=netlink list ruleset | awk '
> + /^table/{exit}
> + {print gensub(/\[ ([^ ]+) .* ]/,"[ \\1 ]", "g")}'
> +)
> --
> 2.28.0
>
next prev parent reply other threads:[~2020-11-20 18:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-20 17:57 [iptables PATCH] tests: shell: Stabilize nft-only/0009-needless-bitwise_0 Phil Sutter
2020-11-20 18:50 ` Pablo Neira Ayuso [this message]
2020-11-20 19:37 ` Phil Sutter
2020-11-21 12:11 ` Pablo Neira Ayuso
2020-11-23 0:13 ` Phil Sutter
2020-11-25 13:31 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201120185000.GA17769@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).