diff options
author | Phil Sutter <phil@nwl.cc> | 2018-04-10 19:00:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-04-11 09:57:28 +0200 |
commit | e760d200a4b9cd31928b68a1f2f882157344351e (patch) | |
tree | 036bb19faa6f17ff5eec97520ea8caa4b18e56e7 /tests/py/ip | |
parent | 4885331de84cbb895d31b83696a9b6d6542f2a81 (diff) |
tests/py: Use libnftables instead of calling nft binary
This adds a simple nftables Python class in py/nftables.py which gives
access to libnftables API via ctypes module.
nft-test.py is extended to make use of the above class instead of
calling nft binary. Since command line formatting had to be touched
anyway, this patch also streamlines things a bit by introducing
__str__ methods to classes Table and Chain and making extensive use of
format strings instead of onerously adding all string parts together.
Since the called commands don't see a shell anymore, all shell meta
character escaping done in testcases is removed.
The visible effects of this change are:
* Four new warnings in ip/flowtable.t due to changing objref IDs (will
be addressed later in a patch to libnftnl).
* Reported command line in warning and error messages changed slightly
for obvious reasons.
* Reduction of a full test run's runtime by a factor of four. Status
diff after running with 'time':
< 83 test files, 77 files passed, 1724 unit tests, 0 error, 33 warning
< 87.23user 696.13system 15:11.82elapsed 85%CPU (0avgtext+0avgdata 9604maxresident)k
< 8inputs+36800outputs (0major+35171235minor)pagefaults 0swaps
> 83 test files, 77 files passed, 1724 unit tests, 4 error, 33 warning
> 6.80user 30.18system 3:45.86elapsed 16%CPU (0avgtext+0avgdata 14064maxresident)k
> 0inputs+35808outputs (0major+2874minor)pagefaults 0swaps
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip')
-rw-r--r-- | tests/py/ip/ip.t | 6 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload | 6 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload.bridge | 6 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload.inet | 6 | ||||
-rw-r--r-- | tests/py/ip/ip.t.payload.netdev | 6 | ||||
-rw-r--r-- | tests/py/ip/objects.t | 4 |
6 files changed, 17 insertions, 17 deletions
diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index d773042a..0421d01b 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -113,10 +113,10 @@ ip daddr 192.168.0.1;ok ip daddr 192.168.0.1 drop;ok ip daddr 192.168.0.2;ok -ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 -ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127 +ip saddr & 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 +ip saddr & 0.0.0.255 < 0.0.0.127;ok -ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 +ip saddr & 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 ip version 4 ip hdrlength 5;ok ip hdrlength 0;ok diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload index e9de690d..eba79dec 100644 --- a/tests/py/ip/ip.t.payload +++ b/tests/py/ip/ip.t.payload @@ -484,19 +484,19 @@ ip test-ip4 input [ payload load 4b @ network header + 16 => reg 1 ] [ cmp eq reg 1 0x0200a8c0 ] -# ip saddr \& 0xff == 1 +# ip saddr & 0xff == 1 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] -# ip saddr \& 0.0.0.255 \< 0.0.0.127 +# ip saddr & 0.0.0.255 < 0.0.0.127 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] -# ip saddr \& 0xffff0000 == 0xffff0000 +# ip saddr & 0xffff0000 == 0xffff0000 ip test-ip4 input [ payload load 4b @ network header + 12 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ] diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge index d1c57a01..f16759bf 100644 --- a/tests/py/ip/ip.t.payload.bridge +++ b/tests/py/ip/ip.t.payload.bridge @@ -632,7 +632,7 @@ bridge test-bridge input [ payload load 4b @ network header + 16 => reg 1 ] [ cmp eq reg 1 0x0200a8c0 ] -# ip saddr \& 0xff == 1 +# ip saddr & 0xff == 1 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -640,7 +640,7 @@ bridge test-bridge input [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] -# ip saddr \& 0.0.0.255 \< 0.0.0.127 +# ip saddr & 0.0.0.255 < 0.0.0.127 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -648,7 +648,7 @@ bridge test-bridge input [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] -# ip saddr \& 0xffff0000 == 0xffff0000 +# ip saddr & 0xffff0000 == 0xffff0000 bridge test-bridge input [ payload load 2b @ link header + 12 => reg 1 ] [ cmp eq reg 1 0x00000008 ] diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet index e6cb700f..12b03e2e 100644 --- a/tests/py/ip/ip.t.payload.inet +++ b/tests/py/ip/ip.t.payload.inet @@ -632,7 +632,7 @@ inet test-inet input [ payload load 4b @ network header + 16 => reg 1 ] [ cmp eq reg 1 0x0200a8c0 ] -# ip saddr \& 0xff == 1 +# ip saddr & 0xff == 1 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -640,7 +640,7 @@ inet test-inet input [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] -# ip saddr \& 0.0.0.255 \< 0.0.0.127 +# ip saddr & 0.0.0.255 < 0.0.0.127 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] @@ -648,7 +648,7 @@ inet test-inet input [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] -# ip saddr \& 0xffff0000 == 0xffff0000 +# ip saddr & 0xffff0000 == 0xffff0000 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev index 0f15247f..187a39f3 100644 --- a/tests/py/ip/ip.t.payload.netdev +++ b/tests/py/ip/ip.t.payload.netdev @@ -531,7 +531,7 @@ netdev test-netdev ingress [ cmp eq reg 1 0x0100a8c0 ] [ immediate reg 0 drop ] -# ip saddr \& 0xff == 1 +# ip saddr & 0xff == 1 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -539,7 +539,7 @@ netdev test-netdev ingress [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp eq reg 1 0x01000000 ] -# ip saddr \& 0.0.0.255 \< 0.0.0.127 +# ip saddr & 0.0.0.255 < 0.0.0.127 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] @@ -547,7 +547,7 @@ netdev test-netdev ingress [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ] [ cmp lt reg 1 0x7f000000 ] -# ip saddr \& 0xffff0000 == 0xffff0000 +# ip saddr & 0xffff0000 == 0xffff0000 netdev test-netdev ingress [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t index 76b802ac..5e8c7631 100644 --- a/tests/py/ip/objects.t +++ b/tests/py/ip/objects.t @@ -19,8 +19,8 @@ ip saddr 192.168.1.3 quota name "qt3";fail quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"};ok # ct helper -%cthelp1 type ct helper { type \"ftp\" protocol tcp\; };ok -%cthelp2 type ct helper { type \"ftp\" protocol tcp\; l3proto ip6\; };fail +%cthelp1 type ct helper { type "ftp" protocol tcp; };ok +%cthelp2 type ct helper { type "ftp" protocol tcp; l3proto ip6; };fail ct helper set "cthelp1";ok ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" };ok |