[PATCH nft 1/1] tests/shell: test for maximum length of "comment" in "comments_objects

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft 1/1] tests/shell: test for maximum length of "comment" in "comments_objects_0"
@ 2023-10-23 13:38 Thomas Haller
  0 siblings, 0 replies; only message in thread
From: Thomas Haller @ 2023-10-23 13:38 UTC (permalink / raw)
  To: NetFilter; +Cc: Thomas Haller

The comment length is limited to NFTNL_UDATA_COMMENT_MAXLEN. Test for
that.

Adjust an existing test for that.

Also rename $EXPECTED to $RULESET. We don't compare the value of
$EXPECTED against the actually configured rules. It also wouldn't work,
because the input is not normalized and wouldn't match. It also isn't
necessary, because there is a .nft dump file.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 .../testcases/optionals/comments_objects_0    | 22 ++++++++++++++-----
 .../optionals/dumps/comments_objects_0.nft    |  7 +++++-
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/tests/shell/testcases/optionals/comments_objects_0 b/tests/shell/testcases/optionals/comments_objects_0
index 7437c77beb0b..301f5518fb80 100755
--- a/tests/shell/testcases/optionals/comments_objects_0
+++ b/tests/shell/testcases/optionals/comments_objects_0
@@ -1,9 +1,23 @@
 #!/bin/bash
 
-EXPECTED='table ip filter {
+set -e
+
+COMMENT128="12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
+
+# test for pass with comment that is 128 bytes long.
+rc=0
+$NFT add table ip filter \{ quota foo1 \{ comment "\"${COMMENT128}\"" \}\; \}\; || rc="$?"
+test "$rc" = 0
+
+# test for failure with comment that is 128+1 bytes long.
+rc=0
+$NFT add table ip filter \{ quota foo2 \{ comment "\"${COMMENT128}x\"" \}\; \}\; || rc="$?"
+test "$rc" = 1
+
+RULESET='table ip filter {
 	quota q {
 		over 1200 bytes
-		comment "test1"
+		comment "'"$COMMENT128"'"
 	}
 
 	counter c {
@@ -39,6 +53,4 @@ EXPECTED='table ip filter {
 }
 '
 
-set -e
-
-$NFT -f - <<< "$EXPECTED"
+$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/optionals/dumps/comments_objects_0.nft b/tests/shell/testcases/optionals/dumps/comments_objects_0.nft
index b760ced60424..13822209ebab 100644
--- a/tests/shell/testcases/optionals/dumps/comments_objects_0.nft
+++ b/tests/shell/testcases/optionals/dumps/comments_objects_0.nft
@@ -1,6 +1,11 @@
 table ip filter {
+	quota foo1 {
+		comment "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
+		0 bytes
+	}
+
 	quota q {
-		comment "test1"
+		comment "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
 		over 1200 bytes
 	}
 
-- 
2.41.0


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2023-10-23 13:39 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-23 13:38 [PATCH nft 1/1] tests/shell: test for maximum length of "comment" in "comments_objects_0" Thomas Haller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).