[nft PATCH 03/11] tests: py: fix inet/ip_tcp.t test

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [nft PATCH 03/11] tests: py: fix inet/ip_tcp.t test
Date: Tue, 21 Dec 2021 19:36:49 +0000	[thread overview]
Message-ID: <20211221193657.430866-4-jeremy@azazel.net> (raw)
In-Reply-To: <20211221193657.430866-1-jeremy@azazel.net>

Contrary to the comment and expected output, nft does _not_ eliminate
the redundant `ip protocol` expression from the second test.  Dependency
elimination requires a higher level expression.  `ip saddr` cannot lead
to the elimination of `ip protocol` since they are both L3 expressions.
`tcp dport` cannot because although `ip saddr` and `ip protocol` both
imply that the L3 protocol is `ip`, only protocol matches are stored as
dependencies, so the redundancy is not apparent, and in fact,
`payload_may_dependency_kill` explicitly checks for the combination of
inet, bridge or netdev family, L4 expression and L3 ipv4 or ipv6
dependency and returns false.

Correct the expected output and comment.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 tests/py/inet/ip_tcp.t             |  4 ++--
 tests/py/inet/ip_tcp.t.json.output | 12 ++++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/tests/py/inet/ip_tcp.t b/tests/py/inet/ip_tcp.t
index ab76ffa90a9c..03bafc098536 100644
--- a/tests/py/inet/ip_tcp.t
+++ b/tests/py/inet/ip_tcp.t
@@ -9,8 +9,8 @@
 # must not remove ip dependency -- ONLY ipv4 packets should be matched
 ip protocol tcp tcp dport 22;ok;ip protocol 6 tcp dport 22
 
-# can remove it here, ip protocol is implied via saddr.
-ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip saddr 1.2.3.4 tcp dport 22
+# could in principle remove it here since ipv4 is implied via saddr.
+ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 ip saddr 1.2.3.4 tcp dport 22
 
 # but not here.
 ip protocol tcp counter ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 counter ip saddr 1.2.3.4 tcp dport 22
diff --git a/tests/py/inet/ip_tcp.t.json.output b/tests/py/inet/ip_tcp.t.json.output
index 4a6a05d7f10a..acad8b1fae76 100644
--- a/tests/py/inet/ip_tcp.t.json.output
+++ b/tests/py/inet/ip_tcp.t.json.output
@@ -28,6 +28,18 @@
 
 # ip protocol tcp ip saddr 1.2.3.4 tcp dport 22
 [
+    {
+        "match": {
+            "left": {
+                "payload": {
+                    "field": "protocol",
+                    "protocol": "ip"
+                }
+            },
+	    "op": "==",
+            "right": 6
+        }
+    },
     {
         "match": {
             "left": {
-- 
2.34.1

next prev parent reply	other threads:[~2021-12-21 19:37 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-21 19:36 [nft PATCH 00/11] Store multiple payload dependencies Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 01/11] tests: py: fix inet/sets.t netdev payload Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 02/11] tests: py: fix inet/ip.t payloads Jeremy Sowden
2021-12-21 19:36 ` Jeremy Sowden [this message]
2021-12-21 19:36 ` [nft PATCH 04/11] netlink_delinearize: fix typo Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 05/11] src: remove arithmetic on booleans Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 06/11] src: reduce indentation Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 07/11] src: simplify logic governing storing payload dependencies Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 08/11] src: add a helper that returns a payload dependency for a particular base Jeremy Sowden
2022-01-15 16:48   ` Florian Westphal
2022-01-15 16:57     ` Jeremy Sowden
2022-01-15 17:07       ` Jeremy Sowden
2022-01-15 17:09         ` Florian Westphal
2022-01-15 17:09           ` Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 09/11] src: store more than one payload dependency Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 10/11] tests: py: remove redundant payload expressions Jeremy Sowden
2021-12-21 19:36 ` [nft PATCH 11/11] tests: shell: " Jeremy Sowden

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ab76ffa90a9 dfblob:03bafc09853 dfblob:4a6a05d7f10
dfblob:acad8b1fae7 )
 OR (
bs:"[nft PATCH 03/11] tests: py: fix inet/ip_tcp.t test" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211221193657.430866-4-jeremy@azazel.net \
    --to=jeremy@azazel.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).