diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-06 13:20:13 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:28 +0200 |
commit | a7f1e208cdf9c6392c99d3c52764701d004bdde7 (patch) | |
tree | a479e3469ac3b1ec03b867acfdcd3912891162fd /iptables/tests | |
parent | 70a3c1a07585de64b5780a415dc157079c34911b (diff) |
nft: split parsing from netlink commands
This patch updates the parser to generate a list of command objects.
This list of commands is then transformed to a list of netlink jobs.
This new command object stores the rule using the nftnl representation
via nft_rule_new().
To reduce the number of updates in this patch, the nft_*_rule_find()
functions have been updated to restore the native representation to
skip the update of the rule comparison code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/tests')
-rwxr-xr-x | iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 | 1 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/iptables/0004-return-codes_0 | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 b/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 index f023b791..c583b0eb 100755 --- a/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 +++ b/iptables/tests/shell/testcases/ip6tables/0004-return-codes_0 @@ -26,6 +26,7 @@ cmd 1 ip6tables -N foo # test rule adding cmd 0 ip6tables -A INPUT -j ACCEPT cmd 1 ip6tables -A noexist -j ACCEPT +cmd 2 ip6tables -I INPUT -j foobar # test rule checking cmd 0 ip6tables -C INPUT -j ACCEPT diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 index ce02e0bc..f730bede 100755 --- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 +++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 @@ -54,10 +54,16 @@ cmd 1 "$ENOENT" iptables -Z bar # test chain rename cmd 0 iptables -E foo bar cmd 1 "$EEXIST_F" iptables -E foo bar +cmd 1 "$ENOENT" iptables -E foo bar2 +cmd 0 iptables -N foo2 +cmd 1 "$EEXIST_F" iptables -E foo2 bar # test rule adding cmd 0 iptables -A INPUT -j ACCEPT cmd 1 "$ENOENT" iptables -A noexist -j ACCEPT +cmd 2 "" iptables -I INPUT -j foobar +cmd 2 "" iptables -R INPUT 1 -j foobar +cmd 2 "" iptables -D INPUT -j foobar # test rulenum commands cmd 1 "$E2BIG_I" iptables -I INPUT 23 -j ACCEPT |