summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/jsonfiles/64-ruleset.json2
-rw-r--r--tests/nft-parsing-test.c40
-rw-r--r--tests/xmlfiles/75-ruleset.xml1
3 files changed, 43 insertions, 0 deletions
diff --git a/tests/jsonfiles/64-ruleset.json b/tests/jsonfiles/64-ruleset.json
new file mode 100644
index 0000000..c4fffa1
--- /dev/null
+++ b/tests/jsonfiles/64-ruleset.json
@@ -0,0 +1,2 @@
+{ "nftables": [{"table" : {"name" : "filter","family" : "ip","flags" : 0}},{"table" : {"name" : "filter2","family" : "ip6","flags" : 0}},{ "chain": {"name": "input","handle": 1,"bytes": 10681449,"packets": 16216,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "input","prio": 0,"policy": "accept"}},{ "chain": {"name": "forward","handle": 2,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "forward","prio": 0,"policy": "accept"}},{ "chain": {"name": "output","handle": 3,"bytes": 2375830,"packets": 15184,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "output","prio": 0,"policy": "accept"}},{ "chain": {"name": "chain1","handle": 4,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0}},{ "set": { "name": "set0","table": "filter","flags": 3,"family": "ip","key_type": 12,"key_len": 2}},{ "rule": { "family" : "ip", "table" : "filter", "chain" : "output", "handle" : 6,"flags" : 0, " expr" : [ { "type" : "payload", "dreg" : 1, "offset" : 16, "len" : 4, "base" : "link"}, { "type" : "cmp", "sreg" : 1, "op" : "eq", "cmpdata" : {"data_reg": { "type" : "value", "len" : 4, "data0" : "0x0100a8c0"}}}, { "type" : "counter", "pkts" : 0, "bytes" : 0}, { "type" : "immediate", "dreg" : 0, "immediatedata" : {"data_reg": {"type" : "verdict", "verdict" : "drop"}}}]}},{ "rule": { "family" : "ip", "table" : "filter", "chain" : "output", "handle" : 9,"flags" : 0, "expr" : [ { "type" : "payload", "dreg" : 1, "offset" : 9, "len" : 1, "base" : "link"}, { "type" : "cmp", "sreg" : 1, "op" : "eq", "cmpdata" : {"data_reg": { "type" : "value", "len" : 1, "data0" : "0x00000006"}}}, { "type" : "payload", "dreg" : 1, "offset" : 2, "len" : 2, "base" : "link"}, { "type" : "cmp", "sreg" : 1, "op" : "eq", "cmpdata" : {"data_reg": { "type" : "value", "len" : 2, "data0" : "0x00001600"}}}, { "type" : "counter", "pkts" : 0, "bytes" : 0}]}},{ "rule": { "family" : "ip", "table" : "filter", "chain" : "output", "handle" : 10,"flags" : 0, "expr" : [ { "type" : "payload", "dreg" : 1, "offset" : 16, "len" : 4, "base" : "link"}, { "type" : "cmp", "sreg" : 1, "op" : "eq", "cmpdata" : {"data_reg": { "type" : "value", "len" : 4, "data0" : "0x0100a8c0"}}}, { "type" : "counter", "pkts" : 0, "bytes" : 0}]}},{ "rule": { "family" : "ip", "table" : "filter", "chain" : "output", "handle" : 11,"flags" : 0, "expr" : [ { "type" : "payload", "dreg" : 1, "offset" : 16, "len" : 4, "base" : "link"}, { "type" : "cmp", "sreg" : 1, "op" : "eq", "cmpdata" : {"data_reg": { "type" : "value", "len" : 4, "data0" : "0x0100a8c0"}}}, { "type" : "counter", "pkts" : 0, "bytes" : 0}, { "type" : "immediate", "dreg" : 0, "immediatedata" : {"data_reg": {"type" : "verdict", "verdict" : "drop"}}}]}}]}
+
diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c
index ecde0e2..866c985 100644
--- a/tests/nft-parsing-test.c
+++ b/tests/nft-parsing-test.c
@@ -6,6 +6,7 @@
#include <errno.h>
#include <libmnl/libmnl.h> /*nlmsghdr*/
+#include <libnftables/ruleset.h>
#include <libnftables/table.h>
#include <libnftables/chain.h>
#include <libnftables/rule.h>
@@ -24,10 +25,12 @@ enum {
TEST_XML_CHAIN,
TEST_XML_RULE,
TEST_XML_SET,
+ TEST_XML_RULESET,
TEST_JSON_TABLE,
TEST_JSON_CHAIN,
TEST_JSON_RULE,
TEST_JSON_SET,
+ TEST_JSON_RULESET,
};
#if defined(XML_PARSING) || defined(JSON_PARSING)
@@ -76,6 +79,7 @@ static int compare_test(uint32_t type, void *input, const char *filename)
struct nft_chain *c = NULL;
struct nft_rule *r = NULL;
struct nft_set *s = NULL;
+ struct nft_ruleset *rs = NULL;
char orig[4096];
char out[4096];
FILE *fp;
@@ -97,6 +101,10 @@ static int compare_test(uint32_t type, void *input, const char *filename)
case TEST_JSON_SET:
s = (struct nft_set *)input;
break;
+ case TEST_XML_RULESET:
+ case TEST_JSON_RULESET:
+ rs = (struct nft_ruleset *)input;
+ break;
default:
errno = EINVAL;
return -1;
@@ -127,6 +135,14 @@ static int compare_test(uint32_t type, void *input, const char *filename)
case TEST_JSON_SET:
nft_set_snprintf(out, sizeof(out), s, NFT_SET_O_JSON, 0);
break;
+ case TEST_XML_RULESET:
+ nft_ruleset_snprintf(out, sizeof(out), rs,
+ NFT_RULESET_O_XML, 0);
+ break;
+ case TEST_JSON_RULESET:
+ nft_ruleset_snprintf(out, sizeof(out), rs,
+ NFT_RULESET_O_JSON, 0);
+ break;
default:
errno = EINVAL;
return -1;
@@ -159,6 +175,7 @@ static int test_json(const char *filename)
struct nft_chain *c;
struct nft_rule *r;
struct nft_set *s;
+ struct nft_ruleset *rs;
json_t *root;
json_error_t error;
char *json;
@@ -211,6 +228,16 @@ static int test_json(const char *filename)
nft_set_free(s);
}
+ } else if (json_object_get(root, "nftables") != NULL) {
+ rs = nft_ruleset_alloc();
+ if (rs != NULL) {
+ if (nft_ruleset_parse(rs, NFT_RULESET_PARSE_JSON, json) == 0)
+ ret = compare_test(TEST_JSON_RULESET, rs, filename);
+ else
+ ret = -1;
+
+ nft_ruleset_free(rs);
+ }
}
free(json);
@@ -237,6 +264,7 @@ static int test_xml(const char *filename)
struct nft_chain *c;
struct nft_rule *r;
struct nft_set *s;
+ struct nft_ruleset *rs;
FILE *fp;
mxml_node_t *tree;
char *xml;
@@ -293,6 +321,18 @@ static int test_xml(const char *filename)
nft_set_free(s);
}
+ } else if (strcmp(tree->value.opaque, "nftables") == 0) {
+ rs = nft_ruleset_alloc();
+ if (rs != NULL) {
+ if (nft_ruleset_parse(rs, NFT_RULESET_PARSE_XML,
+ xml) == 0)
+ ret = compare_test(TEST_XML_RULESET, rs,
+ filename);
+ else
+ ret = -1;
+
+ nft_ruleset_free(rs);
+ }
}
return ret;
diff --git a/tests/xmlfiles/75-ruleset.xml b/tests/xmlfiles/75-ruleset.xml
new file mode 100644
index 0000000..926c2be
--- /dev/null
+++ b/tests/xmlfiles/75-ruleset.xml
@@ -0,0 +1 @@
+<nftables><table><name>filter</name><family>ip</family><flags>0</flags></table><table><name>filter2</name><family>ip</family><flags>0</flags></table><chain><name>input</name><handle>1</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><chain><name>output</name><handle>3</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><set><family>ip</family><table>filter</table><name>set0</name><flags>3</flags><key_type>12</key_type><key_len>2</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00001900</data0></data_reg></key></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00001600</data0></data_reg></key></set_elem></set><set><family>ip</family><table>filter</table><name>set1</name><flags>3</flags><key_type>12</key_type><key_len>2</key_len><data_type>0</data_type><data_len>0</data_len><set_el
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-16 11:34:24 +0000