diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/nft-chain-xml-add.sh | 123 | ||||
-rwxr-xr-x | test/nft-rule-xml-add.sh | 132 | ||||
-rwxr-xr-x | test/nft-table-xml-add.sh | 75 |
3 files changed, 330 insertions, 0 deletions
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh new file mode 100755 index 0000000..d1bd839 --- /dev/null +++ b/test/nft-chain-xml-add.sh @@ -0,0 +1,123 @@ +#!/bin/bash + +# +# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# This is a small testbench for adding nftables chains to kernel +# in XML format. + +BINARY="../examples/nft-chain-xml-add" +NFT=$( which nft ) +MKTEMP=$( which mktemp) +TMPFILE=$( $MKTEMP ) + +if [ ! -x "$BINARY" ] ; then + echo "E: Binary not found $BINARY" + exit 1 +fi + +if [ ! -x "$MKTEMP" ] ; then + echo "E: mktemp not found and is neccesary" + exit 1 +fi + +if [ ! -w "$TMPFILE" ] ; then + echo "E: Unable to create temp file via mktemp" + exit 1 +fi + +[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT" + +XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=\"0\"> + <properties> + <type>filter</type> + <table>filter</table> + <prio>0</prio> + <use>0</use> + <hooknum>2</hooknum> + <policy>1</policy> + <family>2</family> + </properties> +</chain>" + +$NFT delete chain ip filter test1 2>/dev/null >&2 +echo $XML > $TMPFILE +if ! $BINARY "$TMPFILE" ; then + echo "E: Unable to add XML:" + echo "$XML" + exit 1 +fi + +# This is valid (as long as the table exist) +XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0\"> + <properties> + <type>filter</type> + <table>filter</table> + <prio>1</prio> + <use>0</use> + <hooknum>4</hooknum> + <policy>1</policy> + <family>10</family> + </properties> +</chain>" + +$NFT delete chain ip6 filter test2 2>/dev/null >&2 +echo $XML > $TMPFILE +if ! $BINARY "$TMPFILE" ; then + echo "E: Unable to add XML:" + echo "$XML" + rm -rf $TMPFILE 2>/dev/null + exit 1 +fi + +# This is valid (as long as the table exist) +XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"1123123123\" version=\"0\"> + <properties> + <type>filter</type> + <table>filter</table> + <prio>0</prio> + <use>0</use> + <hooknum>4</hooknum> + <policy>1</policy> + <family>2</family> + </properties> +</chain>" + +$NFT delete chain ip6 filter test3 2>/dev/null >&2 +echo $XML > $TMPFILE +if ! $BINARY "$TMPFILE" ; then + echo "E: Unable to add XML:" + echo "$XML" + rm -rf $TMPFILE 2>/dev/null + exit 1 +fi + +# This is invalid +XML="<chain name=\"XXXX\" handle=\"XXXX\" bytes=\"XXXXXXX\" packets=\"XXXXXXX\" > + <properties> + <flags>asdasd</flags> + <type>filter</type> + <table>filter</table> + <prio>asdasd</prio> + <use>asdasd</use> + <hooknum>asdasd</hooknum> + <policy>asdasd</policy> + <family>asdasd</family> + </properties> + </chain>" + +if $BINARY "$XML" 2>/dev/null; then + echo "E: Accepted invalid XML:" + echo "$XML" + rm -rf $TMPFILE 2>/dev/null + exit 1 +fi + +rm -rf $TMPFILE 2>/dev/null +echo "I: Test OK" diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh new file mode 100755 index 0000000..426b975 --- /dev/null +++ b/test/nft-rule-xml-add.sh @@ -0,0 +1,132 @@ +#!/bin/bash + +# +# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# This is a small testbench for adding nftables rules to kernel +# in XML format. + +BINARY="../examples/nft-rule-xml-add" +NFT="$( which nft )" +MKTEMP="$( which mktemp )" +TMPFILE="$( $MKTEMP )" + +if [ ! -x "$BINARY" ] ; then + echo "E: Binary not found $BINARY" + exit 1 +fi + +if [ ! -x "$MKTEMP" ] ; then + echo "E: mktemp not found. Is mandatory." + exit 1 +fi + +if [ ! -w "$TMPFILE" ] ; then + echo "E: Unable to create tempfile with mktemp" + exit 1 +fi + +[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT" + +XML="<rule family=\"2\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\"> + <rule_flags>0</rule_flags> + <flags>127</flags> + <compat_flags>0</compat_flags> + <compat_proto>0</compat_proto> + <expr type=\"meta\"> + <dreg>1</dreg> + <key>4</key> + </expr> + <expr type=\"cmp\"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type=\"value\"> + <len>1</len> + <data0>0x04000000</data0> + </data_reg> + </cmpdata> + </expr> + <expr type=\"payload\"> + <dreg>1</dreg> + <base>1</base> + <offset>12</offset> + <len>4</len> + </expr> + <expr type=\"cmp\"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type=\"value\"> + <len>1</len> + <data0>0x96d60496</data0> + </data_reg> + </cmpdata> + </expr> + <expr type=\"payload\"> + <dreg>1</dreg> + <base>1</base> + <offset>16</offset> + <len>4</len> + </expr> + <expr type=\"cmp\"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type=\"value\"> + <len>1</len> + <data0>0x96d60329</data0> + </data_reg> + </cmpdata> + </expr> + <expr type=\"payload\"> + <dreg>1</dreg> + <base>1</base> + <offset>9</offset> + <len>1</len> + </expr> + <expr type=\"cmp\"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type=\"value\"> + <len>1</len> + <data0>0x06000000</data0> + </data_reg> + </cmpdata> + </expr> + <expr type=\"match\"> + <name>state</name> + <rev>0</rev> + <info> + </info> + </expr> + <expr type=\"counter\"> + <pkts>123123</pkts> + <bytes>321321</bytes> + </expr> + <expr type=\"target\"> + <name>LOG</name> + <rev>0</rev> + <info> + </info> + </expr> +</rule>" + +$NFT add table filter 2>/dev/null >&2 +$NFT add chain filter INPUT 2>/dev/null >&2 + +echo $XML > $TMPFILE +if ! $BINARY "$TMPFILE" ; then + echo "E: Unable to add XML." + rm -rf $TMPFILE 2>/dev/null + exit 1 +fi + +rm -rf $TMPFILE 2>/dev/null +echo "I: Test OK" diff --git a/test/nft-table-xml-add.sh b/test/nft-table-xml-add.sh new file mode 100755 index 0000000..2c55edc --- /dev/null +++ b/test/nft-table-xml-add.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +# +# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# This is a small testbench for adding nftables tables to kernel +# in XML format. + +BINARY="../examples/nft-table-xml-add" +NFT="$( which nft )" +MKTEMP="$( which mktemp)" +TMPFILE="$( $MKTEMP )" + +if [ ! -x "$BINARY" ] ; then + echo "E: Binary not found $BINARY" + exit 1 +fi + +if [ ! -x "$MKTEMP" ] ; then + echo "E: mktemp not found and is neccesary" + exit 1 +fi + +if [ ! -w "$TMPFILE" ] ; then + echo "E: Unable to create temp file via mktemp" + exit 1 +fi + + +if [ ! -x "$NFT" ] ; then + echo "W: nftables main binary not found but continuing anyway $NFT" +fi + +# This is valid +XML="<table name=\"filter_test\" version=\"0\"> + <properties> + <family>2</family> + <table_flags>0</table_flags> + </properties> +</table>" + +$NFT delete table filter_test 2>/dev/null >&2 +echo $XML > $TMPFILE +if ! $BINARY "$TMPFILE" ; then + echo "E: Unable to add XML:" + echo "$XML" + rm -rf $TMPFILE 2>/dev/null + exit 1 +fi + +# This is valid +XML="<table name=\"filter6_test\" version=\"0\"> + <properties> + <family>10</family> + <table_flags>0</table_flags> + </properties> +</table>" + +$NFT delete table filter6_test 2>/dev/null >&2 +echo $XML > $TMPFILE +if ! $BINARY "$TMPFILE" ; then + echo "E: Unable to add XML:" + echo "$XML" + rm -rf $TMPFILE 2>/dev/null + exit 1 +fi + +rm -rf $TMPFILE 2>/dev/null +echo "I: Test OK" |