diff options
Diffstat (limited to 'iptables/tests/shell/testcases/nft-only')
4 files changed, 21 insertions, 9 deletions
diff --git a/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 b/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 index 43880ffb..981f007f 100755 --- a/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 +++ b/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 @@ -13,11 +13,11 @@ COMMIT :foo [0:0] EOF -$XT_MULTI iptables-save | grep -q ':foo' +sleep 1 +$XT_MULTI iptables-save | grep -q ':foo' || exit 1 nft flush ruleset echo "COMMIT" >&"${COPROC[1]}" -sleep 1 - -[[ -n $COPROC_PID ]] && kill $COPROC_PID -wait +# close the pipe to make iptables-restore exit if it didn't error out yet +eval "exec ${COPROC[1]}>&-" +wait $COPROC_PID diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 index 41588a10..34802cc2 100755 --- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 +++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 @@ -340,7 +340,7 @@ bridge filter OUTPUT 10 9 # - lines with bytecode (starting with ' [') # - empty lines (so printed diff is not a complete mess) filter() { - awk '/^( \[|$)/{print}' + awk '/^table /{exit} /^( \[|$)/{print}' } diff -u -Z <(filter <<< "$EXPECT") <(nft --debug=netlink list ruleset | filter) diff --git a/iptables/tests/shell/testcases/nft-only/0010-iptables-nft-save.txt b/iptables/tests/shell/testcases/nft-only/0010-iptables-nft-save.txt index 73d7108c..5ee4c231 100644 --- a/iptables/tests/shell/testcases/nft-only/0010-iptables-nft-save.txt +++ b/iptables/tests/shell/testcases/nft-only/0010-iptables-nft-save.txt @@ -13,9 +13,9 @@ -A INPUT -d 0.0.0.0/2 -m ttl --ttl-gt 2 -j ACCEPT -A INPUT -d 0.0.0.0/3 -m ttl --ttl-lt 254 -j ACCEPT -A INPUT -d 0.0.0.0/4 -m ttl ! --ttl-eq 255 -j DROP --A INPUT -d 8.0.0.0/5 -p icmp -j ACCEPT --A INPUT -d 8.0.0.0/6 -p icmp -j ACCEPT --A INPUT -d 10.0.0.0/7 -p icmp -j ACCEPT +-A INPUT -d 8.0.0.0/5 -p icmp -m icmp --icmp-type 1 -j ACCEPT +-A INPUT -d 8.0.0.0/6 -p icmp -m icmp --icmp-type 2/3 -j ACCEPT +-A INPUT -d 10.0.0.0/7 -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT -A INPUT -m pkttype ! --pkt-type unicast -j DROP -A INPUT -p tcp diff --git a/iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 b/iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 new file mode 100755 index 00000000..e276a953 --- /dev/null +++ b/iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 @@ -0,0 +1,12 @@ +#!/bin/bash + +[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } + +set -e + +rule="-p tcp -m tcp --dport 27374 -c 23 42 -j TPROXY --on-port 50080" +for cmd in iptables ip6tables; do + $XT_MULTI $cmd -t mangle -A PREROUTING $rule + $XT_MULTI $cmd -t mangle -Z + $XT_MULTI $cmd -t mangle -v -S | grep -q -- "${rule/23 42/0 0}" +done |