diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-06-24 18:11:06 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-06-27 00:39:05 +0200 |
| commit | f4b646032acff4d743ad4f734aaca68e9264bdbb (patch) | |
| tree | 9cd4d2172b7b61a7cc17c33b51a8a6d3e6baea34 /tests/py | |
| parent | 646acfaceb1f550c982c31ba6e60996b0bb012d7 (diff) | |
fib: allow to check if route exists in maps
f686a17eafa0 ("fib: Support existence check") adds EXPR_F_BOOLEAN as a
workaround to infer from the rhs of the relational expression if the fib
lookup wants to check for a specific output interface or, instead,
simply check for existence. This, however, does not work with maps.
The NFT_FIB_F_PRESENT flag can be used both with NFT_FIB_RESULT_OIF and
NFT_FIB_RESULT_OFINAME, my understanding is that they serve the same
purpose which is to check if a route exists, so they are redundant.
Add a 'check' fib result to check for routes while still keeping the
inference workaround for backward compatibility, but prefer the new
syntax in the listing.
Update man nft(8) and tests/py.
Fixes: f686a17eafa0 ("fib: Support existence check")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
| -rw-r--r-- | tests/py/inet/fib.t | 6 | ||||
| -rw-r--r-- | tests/py/inet/fib.t.json | 35 | ||||
| -rw-r--r-- | tests/py/inet/fib.t.json.output | 6 | ||||
| -rw-r--r-- | tests/py/inet/fib.t.payload | 8 |
4 files changed, 46 insertions, 9 deletions
diff --git a/tests/py/inet/fib.t b/tests/py/inet/fib.t index dbe45d95..f9c03b3a 100644 --- a/tests/py/inet/fib.t +++ b/tests/py/inet/fib.t @@ -13,5 +13,7 @@ fib daddr . iif type local;ok fib daddr . iif type vmap { blackhole : drop, prohibit : drop, unicast : accept };ok fib daddr . oif type local;fail -fib daddr oif exists;ok -fib daddr oif missing;ok +fib daddr check missing;ok +fib daddr oif exists;ok;fib daddr check exists + +fib daddr check vmap { missing : drop, exists : accept };ok diff --git a/tests/py/inet/fib.t.json b/tests/py/inet/fib.t.json index c2989156..c2e9d454 100644 --- a/tests/py/inet/fib.t.json +++ b/tests/py/inet/fib.t.json @@ -103,7 +103,7 @@ "flags": [ "daddr" ], - "result": "oif" + "result": "check" } }, "op": "==", @@ -112,7 +112,7 @@ } ] -# fib daddr oif missing +# fib daddr check missing [ { "match": { @@ -121,7 +121,7 @@ "flags": [ "daddr" ], - "result": "oif" + "result": "check" } }, "op": "==", @@ -130,3 +130,32 @@ } ] +# fib daddr check vmap { missing : drop, exists : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + false, + { + "drop": null + } + ], + [ + true, + { + "accept": null + } + ] + ] + }, + "key": { + "fib": { + "flags": "daddr", + "result": "check" + } + } + } + } +] diff --git a/tests/py/inet/fib.t.json.output b/tests/py/inet/fib.t.json.output index e21f1e72..e8d01669 100644 --- a/tests/py/inet/fib.t.json.output +++ b/tests/py/inet/fib.t.json.output @@ -44,7 +44,7 @@ "left": { "fib": { "flags": "daddr", - "result": "oif" + "result": "check" } }, "op": "==", @@ -53,14 +53,14 @@ } ] -# fib daddr oif missing +# fib daddr check missing [ { "match": { "left": { "fib": { "flags": "daddr", - "result": "oif" + "result": "check" } }, "op": "==", diff --git a/tests/py/inet/fib.t.payload b/tests/py/inet/fib.t.payload index 050857d9..e09a260c 100644 --- a/tests/py/inet/fib.t.payload +++ b/tests/py/inet/fib.t.payload @@ -26,7 +26,13 @@ ip test-ip prerouting [ fib daddr oif present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# fib daddr oif missing +# fib daddr check missing ip test-ip prerouting [ fib daddr oif present => reg 1 ] [ cmp eq reg 1 0x00000000 ] + +# fib daddr check vmap { missing : drop, exists : accept } + element 00000000 : drop 0 [end] element 00000001 : accept 0 [end] +ip test-ip prerouting + [ fib daddr oif present => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] |