diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-08-04 13:10:19 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-08-04 23:58:45 +0200 |
| commit | 2ce9f65a374bad212899bc584d3e5f4698df6fc6 (patch) | |
| tree | 471dc1f9624e772b9072c63ef54546453b0ad8e1 /iptables/tests | |
| parent | cd79556bfa15056f2a430e57993a2a64c734b3cf (diff) | |
xtables: Match verbose ip{,6}tables output with legacy
Legacy ip{,6}tables prints feedback for various commands if in verbose
mode, make sure nft variants do the same.
There is one difference, namely when checking a rule (-C command):
Legacy ip{,6}tables print the rule in any case, nft variants don't in
case the rule wasn't found. Changing this though would require to
populate the nftnl_rule object just for printing, which is probably not
feasible.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/tests')
| -rwxr-xr-x | iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 | 51 | ||||
| -rwxr-xr-x | iptables/tests/shell/testcases/iptables/0002-verbose-output_0 | 51 |
2 files changed, 102 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 new file mode 100755 index 00000000..7b0e6468 --- /dev/null +++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 @@ -0,0 +1,51 @@ +#!/bin/bash + +set -e +#set -x + +# ensure verbose output is identical between legacy and nft tools + +RULE1='-i eth2 -o eth3 -s feed:babe::1 -d feed:babe::2 -j ACCEPT' +VOUT1='ACCEPT all opt in eth2 out eth3 feed:babe::1 -> feed:babe::2' +RULE2='-i eth2 -o eth3 -s feed:babe::4 -d feed:babe::5 -j ACCEPT' +VOUT2='ACCEPT all opt in eth2 out eth3 feed:babe::4 -> feed:babe::5' + +diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -A FORWARD $RULE1) +diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -I FORWARD 2 $RULE2) + +diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -C FORWARD $RULE1) +diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -C FORWARD $RULE2) + +EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes) + pkts bytes target prot opt in out source destination + +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) + pkts bytes target prot opt in out source destination + 0 0 ACCEPT all eth2 eth3 feed:babe::1 feed:babe::2 + 0 0 ACCEPT all eth2 eth3 feed:babe::4 feed:babe::5 + +Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) + pkts bytes target prot opt in out source destination' + +diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI ip6tables -v -n -L) + +diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI ip6tables -v -D FORWARD $RULE1) +diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI ip6tables -v -D FORWARD $RULE2) + +EXPECT="Flushing chain \`INPUT' +Flushing chain \`FORWARD' +Flushing chain \`OUTPUT'" + +diff -u <(echo -e "$EXPECT") <($XT_MULTI ip6tables -v -F) + +EXPECT="Zeroing chain \`INPUT' +Zeroing chain \`FORWARD' +Zeroing chain \`OUTPUT'" + +diff -u <(echo -e "$EXPECT") <($XT_MULTI ip6tables -v -Z) + +diff -u <(echo "Flushing chain \`OUTPUT'") <($XT_MULTI ip6tables -v -F OUTPUT) +diff -u <(echo "Zeroing chain \`OUTPUT'") <($XT_MULTI ip6tables -v -Z OUTPUT) + +$XT_MULTI ip6tables -N foo +diff -u <(echo "Deleting chain \`foo'") <($XT_MULTI ip6tables -v -X foo) diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 new file mode 100755 index 00000000..2e805953 --- /dev/null +++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 @@ -0,0 +1,51 @@ +#!/bin/bash + +set -e +#set -x + +# ensure verbose output is identical between legacy and nft tools + +RULE1='-i eth2 -o eth3 -s 10.0.0.1 -d 10.0.0.2 -j ACCEPT' +VOUT1='ACCEPT all opt -- in eth2 out eth3 10.0.0.1 -> 10.0.0.2' +RULE2='-i eth2 -o eth3 -s 10.0.0.4 -d 10.0.0.5 -j ACCEPT' +VOUT2='ACCEPT all opt -- in eth2 out eth3 10.0.0.4 -> 10.0.0.5' + +diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -A FORWARD $RULE1) +diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -I FORWARD 2 $RULE2) + +diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -C FORWARD $RULE1) +diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -C FORWARD $RULE2) + +EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes) + pkts bytes target prot opt in out source destination + +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) + pkts bytes target prot opt in out source destination + 0 0 ACCEPT all -- eth2 eth3 10.0.0.1 10.0.0.2 + 0 0 ACCEPT all -- eth2 eth3 10.0.0.4 10.0.0.5 + +Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) + pkts bytes target prot opt in out source destination' + +diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -n -L) + +diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -D FORWARD $RULE1) +diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -D FORWARD $RULE2) + +EXPECT="Flushing chain \`INPUT' +Flushing chain \`FORWARD' +Flushing chain \`OUTPUT'" + +diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -F) + +EXPECT="Zeroing chain \`INPUT' +Zeroing chain \`FORWARD' +Zeroing chain \`OUTPUT'" + +diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -Z) + +diff -u <(echo "Flushing chain \`OUTPUT'") <($XT_MULTI iptables -v -F OUTPUT) +diff -u <(echo "Zeroing chain \`OUTPUT'") <($XT_MULTI iptables -v -Z OUTPUT) + +$XT_MULTI iptables -N foo +diff -u <(echo "Deleting chain \`foo'") <($XT_MULTI iptables -v -X foo) |