diff options
author | Thomas Haller <thaller@redhat.com> | 2023-11-14 17:08:28 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-11-15 13:12:06 +0100 |
commit | 3d24b16b9ac132d26869953f54ef7c69f1c1d58f (patch) | |
tree | c9432f7716f192c913b1aefc353bd7f220340376 /tests/shell/testcases/cache | |
parent | c9caa99c52752907509584b7165ad6180764d87d (diff) |
tests/shell: add JSON dump files
Generate and add ".json-nft" files. These files contain the output of
`nft -j list ruleset` after the test. Also, "test-wrapper.sh" will
compare the current ruleset against the ".json-nft" files and test them
with "nft -j --check -f $FILE`. These are useful extra tests, that we
almost get for free.
Note that for some JSON dumps, `nft -f --check` fails (or prints
something). For those tests no *.json-nft file is added. The bugs needs
to be fixed first.
An example of such an issue is:
$ DUMPGEN=all ./tests/shell/run-tests.sh tests/shell/testcases/maps/nat_addr_port
which gives a file "rc-failed-chkdump" with
Command `./tests/shell/../../src/nft -j --check -f "tests/shell/testcases/maps/dumps/nat_addr_port.json-nft"` failed
>>>>
internal:0:0-0: Error: Invalid map type 'ipv4_addr . inet_service'.
internal:0:0-0: Error: Parsing command array at index 3 failed.
internal:0:0-0: Error: unqualified type integer specified in map definition. Try "typeof expression" instead of "type datatype".
<<<<
Tests like "tests/shell/testcases/nft-f/0012different_defines_0" and
"tests/shell/testcases/nft-f/0024priority_0" also don't get a .json-nft
dump yet, because their output is not stable. That needs fixing too.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/cache')
10 files changed, 10 insertions, 0 deletions
diff --git a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft new file mode 100644 index 00000000..d4223d90 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "test", "handle": 2}}, {"set": {"family": "inet", "name": "test", "table": "test", "type": "ipv4_addr", "handle": 6, "elem": ["1.1.1.1", "3.3.3.3"]}}, {"chain": {"family": "inet", "table": "test", "name": "test", "handle": 1}}, {"rule": {"family": "inet", "table": "test", "chain": "test", "handle": 5, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": {"set": ["2.2.2.2", "4.4.4.4"]}}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "test", "chain": "test", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@test"}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "test", "chain": "test", "handle": 9, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": {"set": ["2.2.2.2", "4.4.4.4"]}}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0002_interval_0.json-nft b/tests/shell/testcases/cache/dumps/0002_interval_0.json-nft new file mode 100644 index 00000000..2292ef10 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0002_interval_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "t", "handle": 2}}, {"set": {"family": "inet", "name": "s", "table": "t", "type": "ipv4_addr", "handle": 1, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.0.0", "len": 24}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft b/tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft new file mode 100644 index 00000000..65dc93a8 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 1}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1}}, {"table": {"family": "ip", "name": "t2", "handle": 2}}, {"chain": {"family": "ip", "table": "t2", "name": "c", "handle": 1}}, {"table": {"family": "ip", "name": "t3", "handle": 3}}, {"table": {"family": "ip", "name": "t4", "handle": 4}}, {"chain": {"family": "ip", "table": "t4", "name": "c", "handle": 1}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 2, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": "icmp"}}, {"accept": null}]}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 3, "expr": [{"drop": null}]}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 4, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": "igmp"}}, {"accept": null}]}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 5, "expr": [{"drop": null}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft b/tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft new file mode 100644 index 00000000..eeece69c --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "testfilter", "handle": 1}}, {"chain": {"family": "inet", "table": "testfilter", "name": "test", "handle": 1}}, {"rule": {"family": "inet", "table": "testfilter", "chain": "test", "handle": 2, "expr": [{"counter": {"packets": 0, "bytes": 0}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft b/tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft new file mode 100644 index 00000000..83fc56a5 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"map": {"family": "ip", "name": "mapping", "table": "x", "type": "ipv4_addr", "handle": 3, "map": "inet_service", "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "z", "handle": 2}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 6, "expr": [{"map": {"op": "update", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": {"payload": {"protocol": "tcp", "field": "sport"}}, "map": "@mapping"}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft b/tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft new file mode 100644 index 00000000..83fc56a5 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"map": {"family": "ip", "name": "mapping", "table": "x", "type": "ipv4_addr", "handle": 3, "map": "inet_service", "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "z", "handle": 2}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 6, "expr": [{"map": {"op": "update", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": {"payload": {"protocol": "tcp", "field": "sport"}}, "map": "@mapping"}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft b/tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft new file mode 100644 index 00000000..fe134236 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "t", "handle": 1}}, {"chain": {"family": "inet", "table": "t", "name": "c", "handle": 1}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 2, "comment": "first", "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 4, "comment": "second", "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 3, "comment": "third", "expr": [{"accept": null}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft b/tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft new file mode 100644 index 00000000..5f8cd066 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 2}}]} diff --git a/tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft b/tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/cache/dumps/0011_index_0.json-nft b/tests/shell/testcases/cache/dumps/0011_index_0.json-nft new file mode 100644 index 00000000..0fed2a69 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0011_index_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "t", "handle": 1}}, {"chain": {"family": "inet", "table": "t", "name": "c", "handle": 1, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 2, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 1234}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 4, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 4321}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 3, "expr": [{"accept": null}]}}]} |