[PATCH nft 14/14] tests/shell: check diff in "maps/typeof_maps_0" and "sets/typeof_sets_0" test

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Thomas Haller <thaller@redhat.com>
To: NetFilter <netfilter-devel@vger.kernel.org>
Cc: Thomas Haller <thaller@redhat.com>
Subject: [PATCH nft 14/14] tests/shell: check diff in "maps/typeof_maps_0" and "sets/typeof_sets_0" test
Date: Mon, 18 Sep 2023 12:28:28 +0200	[thread overview]
Message-ID: <20230918102947.2125883-15-thaller@redhat.com> (raw)
In-Reply-To: <20230918102947.2125883-1-thaller@redhat.com>

These tests run different variants based on NFT_TEST_HAVE_osf support.
Consequently, we cannot check the pre-generated diff.

Instead, construct what we expect dynamically in the script, and compare
the ruleset against that.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 tests/shell/testcases/maps/typeof_maps_0 |  75 ++++++++++---
 tests/shell/testcases/sets/typeof_sets_0 | 133 ++++++++++++++++++++---
 2 files changed, 177 insertions(+), 31 deletions(-)

diff --git a/tests/shell/testcases/maps/typeof_maps_0 b/tests/shell/testcases/maps/typeof_maps_0
index 263390d51a5d..98517fd52506 100755
--- a/tests/shell/testcases/maps/typeof_maps_0
+++ b/tests/shell/testcases/maps/typeof_maps_0
@@ -4,18 +4,24 @@
 # without typeof, this is 'type string' and 'type integer',
 # but neither could be used because it lacks size information.
 
-OSFMAP=""
-OSFRULE=""
-if [ "$NFT_TEST_HAVE_osf" != n ] ; then
-	OSFMAP="map m1 {
-		typeof osf name : ct mark
-		elements = { "Linux" : 0x00000001 }
-	}"
-	OSFRULE="ct mark set osf name map @m1"
+set -e
+
+die() {
+	printf '%s\n' "$*"
+	exit 1
+}
+
+INPUT_OSF_CT="
+		ct mark set osf name map @m1"
+if [ "$NFT_TEST_HAVE_osf" = n ] ; then
+	INPUT_OSF_CT=
 fi
 
-EXPECTED="table inet t {
-	$OSFMAP
+INPUT="table inet t {
+	map m1 {
+		typeof osf name : ct mark
+		elements = { Linux : 0x00000001 }
+	}
 
 	map m2 {
 		typeof vlan id : mark
@@ -39,8 +45,7 @@ EXPECTED="table inet t {
 		elements = { 23 . eth0 : accept }
 	}
 
-	chain c {
-		$OSFRULE
+	chain c {$INPUT_OSF_CT
 		ether type vlan meta mark set vlan id map @m2
 		meta mark set ip saddr . ip daddr map @m3
 		iifname . ip protocol . th dport vmap @m4
@@ -49,10 +54,48 @@ EXPECTED="table inet t {
 	}
 }"
 
-set -e
-$NFT -f - <<< $EXPECTED
+EXPECTED="table inet t {
+	map m1 {
+		typeof osf name : ct mark
+		elements = { \"Linux\" : 0x00000001 }
+	}
+
+	map m2 {
+		typeof vlan id : meta mark
+		elements = { 1 : 0x00000001, 4095 : 0x00004095 }
+	}
+
+	map m3 {
+		typeof ip saddr . ip daddr : meta mark
+		elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001,
+			     2.3.4.5 . 6.7.8.9 : 0x00000002 }
+	}
+
+	map m4 {
+		typeof iifname . ip protocol . th dport : verdict
+		elements = { \"eth0\" . tcp . 22 : accept }
+	}
+
+	map m5 {
+		typeof ipsec in reqid . iifname : verdict
+		elements = { 23 . \"eth0\" : accept }
+	}
+
+	chain c {$INPUT_OSF_CT
+		meta mark set vlan id map @m2
+		meta mark set ip saddr . ip daddr map @m3
+		iifname . ip protocol . th dport vmap @m4
+		iifname . ip protocol . th dport vmap { \"eth0\" . tcp . 22 : accept, \"eth1\" . udp . 67 : drop }
+		ipsec in reqid . iifname vmap @m5
+	}
+}"
+
+$NFT -f - <<< "$INPUT" || die $'nft command failed to process input:\n'">$INPUT<"
+
+$DIFF -u <($NFT list ruleset) - <<<"$EXPECTED" || die $'diff failed between ruleset and expected data.\nExpected:\n'">$EXPECTED<"
+
 
 if [ "$NFT_TEST_HAVE_osf" = n ] ; then
-	echo "Partial test due to NFT_TEST_HAVE_osf=n. Skip"
-	exit 77
+    echo "Partial test due to NFT_TEST_HAVE_osf=n. Skip"
+    exit 77
 fi
diff --git a/tests/shell/testcases/sets/typeof_sets_0 b/tests/shell/testcases/sets/typeof_sets_0
index 6ed0c354bc25..c1c0f51f399c 100755
--- a/tests/shell/testcases/sets/typeof_sets_0
+++ b/tests/shell/testcases/sets/typeof_sets_0
@@ -4,21 +4,35 @@
 # s1 and s2 are identical, they just use different
 # ways for declaration.
 
-OSFSET=""
-OSFCHAIN=""
-if [ "$NFT_TEST_HAVE_osf" != n ] ; then
-	OSFSET="set s1 {
+set -e
+
+die() {
+	printf '%s\n' "$*"
+	exit 1
+}
+
+INPUT_OSF_SET="
+	set s1 {
 		typeof osf name
 		elements = { \"Linux\" }
-	}"
-	OSFCHAIN="chain c1 {
+	}
+"
+INPUT_OSF_CHAIN="
+	chain c1 {
 		osf name @s1 accept
-	}"
-fi
+	}
+"
 
-EXPECTED="table inet t {
-	$OSFSET
+if [ "$NFT_TEST_HAVE_osf" = n ] ; then
+	if [ "$((RANDOM % 2))" -eq 1 ] ; then
+		# Regardless of $NFT_TEST_HAVE_osf, we can define the set.
+		# Randomly do so.
+		INPUT_OSF_SET=
+	fi
+	INPUT_OSF_CHAIN=
+fi
 
+INPUT="table inet t {$INPUT_OSF_SET
 	set s2 {
 		typeof vlan id
 		elements = { 2, 3, 103 }
@@ -68,9 +82,7 @@ EXPECTED="table inet t {
 		typeof vlan id . ip saddr
 		elements = { 3567 . 1.2.3.4 }
 	}
-
-	$OSFCHAIN
-
+$INPUT_OSF_CHAIN
 	chain c2 {
 		ether type vlan vlan id @s2 accept
 	}
@@ -108,8 +120,99 @@ EXPECTED="table inet t {
 	}
 }"
 
-set -e
-$NFT -f - <<< $EXPECTED
+EXPECTED="table inet t {$INPUT_OSF_SET
+	set s2 {
+		typeof vlan id
+		elements = { 2, 3, 103 }
+	}
+
+	set s3 {
+		typeof meta ibrpvid
+		elements = { 2, 3, 103 }
+	}
+
+	set s4 {
+		typeof frag frag-off
+		elements = { 1, 1024 }
+	}
+
+	set s5 {
+		typeof ip option ra value
+		elements = { 1, 1024 }
+	}
+
+	set s6 {
+		typeof tcp option maxseg size
+		elements = { 1, 1024 }
+	}
+
+	set s7 {
+		typeof sctp chunk init num-inbound-streams
+		elements = { 1, 4 }
+	}
+
+	set s8 {
+		typeof ip version
+		elements = { 4, 6 }
+	}
+
+	set s9 {
+		typeof ip hdrlength
+		elements = { 0, 1, 2, 3, 4,
+			     15 }
+	}
+
+	set s10 {
+		typeof iifname . ip saddr . ipsec in reqid
+		elements = { \"eth0\" . 10.1.1.2 . 42 }
+	}
+
+	set s11 {
+		typeof vlan id . ip saddr
+		elements = { 3567 . 1.2.3.4 }
+	}
+$INPUT_OSF_CHAIN
+	chain c2 {
+		vlan id @s2 accept
+	}
+
+	chain c4 {
+		frag frag-off @s4 accept
+	}
+
+	chain c5 {
+		ip option ra value @s5 accept
+	}
+
+	chain c6 {
+		tcp option maxseg size @s6 accept
+	}
+
+	chain c7 {
+		sctp chunk init num-inbound-streams @s7 accept
+	}
+
+	chain c8 {
+		ip version @s8 accept
+	}
+
+	chain c9 {
+		ip hdrlength @s9 accept
+	}
+
+	chain c10 {
+		iifname . ip saddr . ipsec in reqid @s10 accept
+	}
+
+	chain c11 {
+		vlan id . ip saddr @s11 accept
+	}
+}"
+
+
+$NFT -f - <<< "$INPUT" || die $'nft command failed to process input:\n'">$INPUT<"
+
+$DIFF -u <($NFT list ruleset) - <<<"$EXPECTED" || die $'diff failed between ruleset and expected data.\nExpected:\n'">$EXPECTED<"
 
 if [ "$NFT_TEST_HAVE_osf" = n ] ; then
 	echo "Partial test due to NFT_TEST_HAVE_osf=n. Skip"
-- 
2.41.0

     prev parent reply	other threads:[~2023-09-18 10:32 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-18 10:28 [PATCH nft 00/14] tests/shell: fix tests to skip on lacking feature support Thomas Haller
2023-09-18 10:28 ` [PATCH nft 01/14] tests/shell: add and use chain binding feature probe Thomas Haller
2023-09-18 10:28 ` [PATCH nft 02/14] tests/shell: skip netdev_chain_0 if kernel requires netdev device Thomas Haller
2023-09-18 10:28 ` [PATCH nft 03/14] tests/shell: skip map query if kernel lacks support Thomas Haller
2023-09-18 10:28 ` [PATCH nft 04/14] tests/shell: skip inner matching tests if unsupported Thomas Haller
2023-09-18 10:28 ` [PATCH nft 05/14] tests/shell: skip bitshift tests if kernel lacks support Thomas Haller
2023-09-18 10:28 ` [PATCH nft 06/14] tests/shell: skip some tests if kernel lacks netdev egress support Thomas Haller
2023-09-18 10:28 ` [PATCH nft 07/14] tests/shell: skip inet ingress tests if kernel lacks support Thomas Haller
2023-09-18 10:28 ` [PATCH nft 08/14] tests/shell: skip destroy " Thomas Haller
2023-09-18 10:28 ` [PATCH nft 09/14] tests/shell: skip catchall " Thomas Haller
2023-09-18 10:28 ` [PATCH nft 10/14] tests/shell: skip test cases involving osf match " Thomas Haller
2023-09-18 10:28 ` [PATCH nft 11/14] tests/shell: skip test cases if ct expectation and/or timeout " Thomas Haller
2023-09-18 10:28 ` [PATCH nft 12/14] tests/shell: skip reset tests if kernel " Thomas Haller
2023-09-18 10:28 ` [PATCH nft 13/14] tests/shell: implement NFT_TEST_HAVE_json feature detection as script Thomas Haller
2023-09-18 10:28 ` Thomas Haller [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:263390d51a5 dfblob:98517fd5250 dfblob:6ed0c354bc2
dfblob:c1c0f51f399 )
 OR (
bs:"[PATCH nft 14/14] tests/shell: check diff in "
bs:"maps/typeof_maps_0"
bs:" and "
bs:"sets/typeof_sets_0"
bs:" test" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230918102947.2125883-15-thaller@redhat.com \
    --to=thaller@redhat.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).