diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-07-03 16:29:26 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-07-05 00:10:47 +0200 |
| commit | 8047086e454f5696c1686fea98a32e1fe3e65f90 (patch) | |
| tree | c3599a456daa2ec20b2c1d1bcc47cfc094a30929 | |
| parent | 551a4ad68b922fa6c942f5e79ac59f723a12e233 (diff) | |
tests: shell: cover set element deletion in maps
Extend existing coverage to deal with set element deletion, including
catchall elements too.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rwxr-xr-x | tests/shell/testcases/maps/delete_element | 28 | ||||
| -rwxr-xr-x | tests/shell/testcases/maps/delete_element_catchall | 35 | ||||
| -rw-r--r-- | tests/shell/testcases/maps/dumps/delete_elem_catchall.nft | 12 | ||||
| -rw-r--r-- | tests/shell/testcases/maps/dumps/delete_element.nft | 12 |
4 files changed, 87 insertions, 0 deletions
diff --git a/tests/shell/testcases/maps/delete_element b/tests/shell/testcases/maps/delete_element new file mode 100755 index 00000000..75272f44 --- /dev/null +++ b/tests/shell/testcases/maps/delete_element @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +RULESET="flush ruleset + +table ip x { + map m { + typeof ct bytes : meta priority + flags interval + elements = { + 0-2048000 : 1:0001, + 2048001-4000000 : 1:0002, + } + } + + chain y { + type filter hook output priority 0; policy accept; + + meta priority set ct bytes map @m + } +}" + +$NFT -f - <<< $RULESET + +$NFT delete element ip x m { 0-2048000 } +$NFT add element ip x m { 0-2048000 : 1:0002 } +$NFT delete element ip x m { 0-2048000 : 1:0002 } diff --git a/tests/shell/testcases/maps/delete_element_catchall b/tests/shell/testcases/maps/delete_element_catchall new file mode 100755 index 00000000..a6a0fc6f --- /dev/null +++ b/tests/shell/testcases/maps/delete_element_catchall @@ -0,0 +1,35 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_catchall_element) + +set -e + +RULESET="flush ruleset + +table ip x { + map m { + typeof ct bytes : meta priority + flags interval + elements = { + 0-2048000 : 1:0001, + * : 1:0002, + } + } + + chain y { + type filter hook output priority 0; policy accept; + + meta priority set ct bytes map @m + } +}" + +$NFT -f - <<< $RULESET + +$NFT delete element ip x m { 0-2048000 } +$NFT add element ip x m { 0-2048000 : 1:0002 } +$NFT delete element ip x m { 0-2048000 : 1:0002 } + +$NFT 'delete element ip x m { * }' +$NFT 'add element ip x m { * : 1:0003 }' +$NFT 'delete element ip x m { * : 1:0003 }' +$NFT 'add element ip x m { * : 1:0003 }' diff --git a/tests/shell/testcases/maps/dumps/delete_elem_catchall.nft b/tests/shell/testcases/maps/dumps/delete_elem_catchall.nft new file mode 100644 index 00000000..14054f4d --- /dev/null +++ b/tests/shell/testcases/maps/dumps/delete_elem_catchall.nft @@ -0,0 +1,12 @@ +table ip x { + map m { + typeof ct bytes : meta priority + flags interval + elements = { * : 1:3 } + } + + chain y { + type filter hook output priority filter; policy accept; + meta priority set ct bytes map @m + } +} diff --git a/tests/shell/testcases/maps/dumps/delete_element.nft b/tests/shell/testcases/maps/dumps/delete_element.nft new file mode 100644 index 00000000..5275b4dc --- /dev/null +++ b/tests/shell/testcases/maps/dumps/delete_element.nft @@ -0,0 +1,12 @@ +table ip x { + map m { + typeof ct bytes : meta priority + flags interval + elements = { 2048001-4000000 : 1:2 } + } + + chain y { + type filter hook output priority filter; policy accept; + meta priority set ct bytes map @m + } +} |