diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-08-03 19:56:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-08-06 14:33:54 +0200 |
commit | 9a32c83f7529ca7b3f6d4b3253b537a9da5681af (patch) | |
tree | 96b7840de24864de175cd19e9b3bd01dd8f0439e | |
parent | e5990b016a7c7d17e0dac1cadb6e8bc2c91610b0 (diff) |
tests: fix test, commands now comes before the family and table name
Most tests still don't work though. They still need another fix.
Reported-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--[-rwxr-xr-x] | tests/dictionary | 26 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/expr-concat | 6 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/expr-ct | 20 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/expr-meta | 28 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/family-bridge | 10 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/family-ipv4 | 8 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/family-ipv6 | 8 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/feat-adjancent-load-merging | 8 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/obj-chain | 22 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/obj-table | 6 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/payload-ll | 10 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/prefix | 10 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/set | 8 | ||||
-rw-r--r--[-rwxr-xr-x] | tests/stmt-log | 6 |
14 files changed, 88 insertions, 88 deletions
diff --git a/tests/dictionary b/tests/dictionary index 20d53570..e489c4ec 100755..100644 --- a/tests/dictionary +++ b/tests/dictionary @@ -1,52 +1,52 @@ #! nft -f # -table add ip filter -chain add ip filter OUTPUT NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter OUTPUT NF_INET_LOCAL_OUT 0 -chain add ip filter chain1 -rule add ip filter chain1 handle 1 counter +add chain ip filter chain1 +add rule ip filter chain1 handle 1 counter -chain add ip filter chain2 -rule add ip filter chain2 handle 1 counter +add chain ip filter chain2 +add rule ip filter chain2 handle 1 counter # must succeed: expr { expr, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22, \ 23, \ } # must fail: expr { type1, type2, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22, \ 192.168.0.1, \ } # must succeed: expr { expr => verdict, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22 => jump chain1, \ 23 => jump chain2, \ } # must fail: expr { expr => verdict, expr => expr, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22 => jump chain1, \ 23 => 0x100, \ } # must fail: expr { expr => expr, ...} -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22 => 0x100, \ 23 => 0x200, \ } # must succeed: expr MAP { expr => expr, ... } expr -rule add ip filter OUTPUT ip protocol 6 map tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 map tcp dport { \ 22 => 1, \ 23 => 2, \ } 2 # must fail: expr MAP { expr => type1, expr => type2, .. } expr -rule add ip filter OUTPUT ip protocol 6 map tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 map tcp dport { \ 22 => 1, \ 23 => 192.168.0.1, \ } 2 diff --git a/tests/expr-concat b/tests/expr-concat index d9c553b6..bb284cce 100755..100644 --- a/tests/expr-concat +++ b/tests/expr-concat @@ -1,19 +1,19 @@ #! nft -f # Concat element mismatch -rule add ip filter output ip daddr . tcp sport . tcp dport { \ +add rule ip filter output ip daddr . tcp sport . tcp dport { \ 192.168.0.1 . 22, \ 192.168.0.1 . 80, \ } # Concat type mismatch -rule add ip filter output ip daddr . tcp dport { \ +add rule ip filter output ip daddr . tcp dport { \ 192.168.0.1 . 192.168.0.2, \ 192.168.0.1 . 192.168.0.3, \ } # Concat expression -rule add ip filter output ip daddr . tcp dport { \ +add rule ip filter output ip daddr . tcp dport { \ 192.168.0.1 . 22, \ 192.168.0.1 . 80, \ } diff --git a/tests/expr-ct b/tests/expr-ct index 8391c3ec..d464a949 100755..100644 --- a/tests/expr-ct +++ b/tests/expr-ct @@ -1,26 +1,26 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 # ct: state -rule add ip filter output ct state 0 counter +add rule ip filter output ct state 0 counter # ct: direction original/reply -rule add ip filter output ct direction 0 counter -rule add ip filter output ct direction 1 counter +add rule ip filter output ct direction 0 counter +add rule ip filter output ct direction 1 counter # ct: status -rule add ip filter output ct status 0 counter +add rule ip filter output ct status 0 counter # ct: mark -rule add ip filter output ct mark 0 counter +add rule ip filter output ct mark 0 counter # ct: secmark -rule add ip filter output ct secmark 0 counter +add rule ip filter output ct secmark 0 counter # ct: expiration -rule add ip filter output ct expiration 30 counter +add rule ip filter output ct expiration 30 counter # ct: helper ftp -rule add ip filter output ct helper "ftp" counter +add rule ip filter output ct helper "ftp" counter diff --git a/tests/expr-meta b/tests/expr-meta index 122d2895..97582aa1 100755..100644 --- a/tests/expr-meta +++ b/tests/expr-meta @@ -1,40 +1,40 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 # meta: skb len -rule add ip filter output meta length 1000 counter +add rule ip filter output meta length 1000 counter # meta: skb protocol -rule add ip filter output meta protocol 0x0800 counter +add rule ip filter output meta protocol 0x0800 counter # meta: skb mark -rule add ip filter output meta mark 0 counter +add rule ip filter output meta mark 0 counter # meta: skb iif -rule add ip filter output meta iif 1 counter +add rule ip filter output meta iif 1 counter # meta: skb iifname -rule add ip filter output meta iifname "eth0" counter +add rule ip filter output meta iifname "eth0" counter # meta: skb oif -rule add ip filter output meta oif 1 counter +add rule ip filter output meta oif 1 counter # meta: skb oifname -rule add ip filter output meta oifname "eth0" counter +add rule ip filter output meta oifname "eth0" counter # meta: skb sk uid -rule add ip filter output meta skuid 1000 counter +add rule ip filter output meta skuid 1000 counter # meta: skb sk gid -rule add ip filter output meta skgid 1000 counter +add rule ip filter output meta skgid 1000 counter # meta: nftrace - broken, probably should be removed to avoid abuse -#rule add ip filter output meta nftrace 0 counter +#add rule ip filter output meta nftrace 0 counter # meta: rtclassid -rule add ip filter output meta rtclassid 1 counter +add rule ip filter output meta rtclassid 1 counter # meta: secmark -rule add ip filter output meta secmark 0 counter +add rule ip filter output meta secmark 0 counter diff --git a/tests/family-bridge b/tests/family-bridge index 633211fb..0e3d8f1b 100755..100644 --- a/tests/family-bridge +++ b/tests/family-bridge @@ -1,13 +1,13 @@ #! nft -f -table add bridge filter -chain add bridge filter output NF_INET_LOCAL_OUT 0 +add table bridge filter +add chain bridge filter output NF_INET_LOCAL_OUT 0 # LL protocol -rule add bridge filter output eth type 0x0800 counter +add rule bridge filter output eth type 0x0800 counter # IP address -rule add bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter +add rule bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter # IPv6 address -rule add bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter +add rule bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter diff --git a/tests/family-ipv4 b/tests/family-ipv4 index 7c28bb43..b15d1595 100755..100644 --- a/tests/family-ipv4 +++ b/tests/family-ipv4 @@ -1,10 +1,10 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 # IP address -rule add ip filter output ip daddr 192.168.0.1 counter +add rule ip filter output ip daddr 192.168.0.1 counter # TCP ports -rule add ip filter output ip protocol 6 tcp dport 22 counter +add rule ip filter output ip protocol 6 tcp dport 22 counter diff --git a/tests/family-ipv6 b/tests/family-ipv6 index 7cf54d6f..1ddb53e5 100755..100644 --- a/tests/family-ipv6 +++ b/tests/family-ipv6 @@ -1,10 +1,10 @@ #! nft -f -table add ip6 filter -chain add ip6 filter output NF_INET_LOCAL_OUT 0 +add table ip6 filter +add chain ip6 filter output NF_INET_LOCAL_OUT 0 # IP address -rule add ip6 filter output ip6 daddr 2001:6f8:974::1 counter +add rule ip6 filter output ip6 daddr 2001:6f8:974::1 counter # TCP ports -rule add ip6 filter output ip6 nexthdr 6 tcp dport 22 counter +add rule ip6 filter output ip6 nexthdr 6 tcp dport 22 counter diff --git a/tests/feat-adjancent-load-merging b/tests/feat-adjancent-load-merging index 9c41f509..34234f1a 100755..100644 --- a/tests/feat-adjancent-load-merging +++ b/tests/feat-adjancent-load-merging @@ -1,13 +1,13 @@ #! nft -f # adjacent payload expressions: 4 bytes in order -rule add filter output ip protocol 6 tcp sport 1024 tcp dport 22 counter +add rule filter output ip protocol 6 tcp sport 1024 tcp dport 22 counter # adjacent payload expressions: 8 bytes in order -rule add filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter +add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter # adjacent payload expressions: 8 bytes in order -rule add filter output tcp sequence 0 tcp sport 1024 tcp dport 22 +add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22 # adjacent payload expressions: 8 bytes in reverse order -rule add filter output tcp sport 1024 tcp dport 22 tcp sequence 0 +add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0 diff --git a/tests/obj-chain b/tests/obj-chain index 8422f3a3..53d78333 100755..100644 --- a/tests/obj-chain +++ b/tests/obj-chain @@ -1,22 +1,22 @@ #! nft -f -table add filter +add table filter # chains: add and delete chain -chain add filter testchain -chain delete filter testchain +add chain filter testchain +delete chain filter testchain # chains: add and delete base chain -chain add filter input NF_INET_LOCAL_OUT 0 -chain delete filter input NF_INET_LOCAL_OUT 0 +add chain filter input NF_INET_LOCAL_OUT 0 +delete chain filter input NF_INET_LOCAL_OUT 0 # chains: can not delete chain while referenced -chain add filter testchain -chain add filter testchain2 +add chain filter testchain +add chain filter testchain2 -rule add filter testchain handle 1 jump testchain2 -chain delete filter testchain2 +add rule filter testchain handle 1 jump testchain2 +delete chain filter testchain2 rule delete filter testchain handle 1 -chain delete filter testchain2 -chain delete filter testchain +delete chain filter testchain2 +delete chain filter testchain diff --git a/tests/obj-table b/tests/obj-table index 3c3e222a..548c26fa 100755..100644 --- a/tests/obj-table +++ b/tests/obj-table @@ -1,11 +1,11 @@ #! nft -f # table: add and delete table -table add filter +add table filter table delete filter # table: deleting table with chain must fail # FIXME: not implemented -# table add filter -# chain add filter output +# add table filter +# add chain filter output # table delete filter diff --git a/tests/payload-ll b/tests/payload-ll index 8d2480ac..feaf5874 100755..100644 --- a/tests/payload-ll +++ b/tests/payload-ll @@ -1,15 +1,15 @@ #! nft -f -table add ip filter -chain add ip filter input NF_INET_LOCAL_IN 0 +add table ip filter +add chain ip filter input NF_INET_LOCAL_IN 0 # mac source -rule add ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter +add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter # mac dest -rule add ip filter input @ll,0,48 00:1b:21:02:6f:ad counter +add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad counter # mac source and mac dest -rule add ip filter input @ll,0,48 00:1b:21:02:6f:ad \ +add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad \ @ll,48,48 00:15:e9:f0:10:f8 \ counter diff --git a/tests/prefix b/tests/prefix index 139f13cc..bada8503 100755..100644 --- a/tests/prefix +++ b/tests/prefix @@ -1,5 +1,5 @@ -rule add filter OUTPUT meta mark 123/0x000000ff -rule add filter OUTPUT ip daddr 192.168.0.0/24 -rule add filter OUTPUT ip daddr 192.168.0.0/255.255.255.0 -rule add filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24 -rule add filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24} +add rule filter OUTPUT meta mark 123/0x000000ff +add rule filter OUTPUT ip daddr 192.168.0.0/24 +add rule filter OUTPUT ip daddr 192.168.0.0/255.255.255.0 +add rule filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24 +add rule filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24} diff --git a/tests/set b/tests/set index 17fb2183..b3e7ad65 100755..100644 --- a/tests/set +++ b/tests/set @@ -1,14 +1,14 @@ #! nft -f -table add filter -chain add filter output NF_INET_LOCAL_OUT 0 +add table filter +add chain filter output NF_INET_LOCAL_OUT 0 # set: IP addresses -rule add filter output ip daddr { \ +add rule filter output ip daddr { \ 192.168.0.1, \ 192.168.0.2, \ 192.168.0.3, \ } # set: tcp ports -rule add filter output ip protocol 6 tcp dport { 22, 23 } counter +add rule filter output ip protocol 6 tcp dport { 22, 23 } counter diff --git a/tests/stmt-log b/tests/stmt-log index c2d0f868..21537721 100755..100644 --- a/tests/stmt-log +++ b/tests/stmt-log @@ -1,6 +1,6 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 -rule add ip filter output log saddr "prefix" group 0 counter +add rule ip filter output log saddr "prefix" group 0 counter |