diff options
author | Thomas Haller <thaller@redhat.com> | 2023-11-14 17:08:28 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-11-15 13:12:06 +0100 |
commit | 3d24b16b9ac132d26869953f54ef7c69f1c1d58f (patch) | |
tree | c9432f7716f192c913b1aefc353bd7f220340376 /tests/shell/testcases/listing | |
parent | c9caa99c52752907509584b7165ad6180764d87d (diff) |
tests/shell: add JSON dump files
Generate and add ".json-nft" files. These files contain the output of
`nft -j list ruleset` after the test. Also, "test-wrapper.sh" will
compare the current ruleset against the ".json-nft" files and test them
with "nft -j --check -f $FILE`. These are useful extra tests, that we
almost get for free.
Note that for some JSON dumps, `nft -f --check` fails (or prints
something). For those tests no *.json-nft file is added. The bugs needs
to be fixed first.
An example of such an issue is:
$ DUMPGEN=all ./tests/shell/run-tests.sh tests/shell/testcases/maps/nat_addr_port
which gives a file "rc-failed-chkdump" with
Command `./tests/shell/../../src/nft -j --check -f "tests/shell/testcases/maps/dumps/nat_addr_port.json-nft"` failed
>>>>
internal:0:0-0: Error: Invalid map type 'ipv4_addr . inet_service'.
internal:0:0-0: Error: Parsing command array at index 3 failed.
internal:0:0-0: Error: unqualified type integer specified in map definition. Try "typeof expression" instead of "type datatype".
<<<<
Tests like "tests/shell/testcases/nft-f/0012different_defines_0" and
"tests/shell/testcases/nft-f/0024priority_0" also don't get a .json-nft
dump yet, because their output is not stable. That needs fixing too.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/listing')
21 files changed, 21 insertions, 0 deletions
diff --git a/tests/shell/testcases/listing/dumps/0001ruleset_0.json-nft b/tests/shell/testcases/listing/dumps/0001ruleset_0.json-nft new file mode 100644 index 00000000..448f4311 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0001ruleset_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}]} diff --git a/tests/shell/testcases/listing/dumps/0002ruleset_0.json-nft b/tests/shell/testcases/listing/dumps/0002ruleset_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0002ruleset_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/listing/dumps/0003table_0.json-nft b/tests/shell/testcases/listing/dumps/0003table_0.json-nft new file mode 100644 index 00000000..448f4311 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0003table_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}]} diff --git a/tests/shell/testcases/listing/dumps/0004table_0.json-nft b/tests/shell/testcases/listing/dumps/0004table_0.json-nft new file mode 100644 index 00000000..298f3461 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0004table_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"table": {"family": "ip", "name": "test2", "handle": 2}}]} diff --git a/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.json-nft b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.json-nft new file mode 100644 index 00000000..31cd1307 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"table": {"family": "inet", "name": "test", "handle": 3}}, {"table": {"family": "arp", "name": "test", "handle": 4}}, {"table": {"family": "bridge", "name": "test", "handle": 5}}]} diff --git a/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.json-nft b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.json-nft new file mode 100644 index 00000000..31cd1307 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"table": {"family": "inet", "name": "test", "handle": 3}}, {"table": {"family": "arp", "name": "test", "handle": 4}}, {"table": {"family": "bridge", "name": "test", "handle": 5}}]} diff --git a/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.json-nft b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.json-nft new file mode 100644 index 00000000..31cd1307 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"table": {"family": "inet", "name": "test", "handle": 3}}, {"table": {"family": "arp", "name": "test", "handle": 4}}, {"table": {"family": "bridge", "name": "test", "handle": 5}}]} diff --git a/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.json-nft b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.json-nft new file mode 100644 index 00000000..31cd1307 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"table": {"family": "inet", "name": "test", "handle": 3}}, {"table": {"family": "arp", "name": "test", "handle": 4}}, {"table": {"family": "bridge", "name": "test", "handle": 5}}]} diff --git a/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.json-nft b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.json-nft new file mode 100644 index 00000000..31cd1307 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"table": {"family": "inet", "name": "test", "handle": 3}}, {"table": {"family": "arp", "name": "test", "handle": 4}}, {"table": {"family": "bridge", "name": "test", "handle": 5}}]} diff --git a/tests/shell/testcases/listing/dumps/0010sets_0.json-nft b/tests/shell/testcases/listing/dumps/0010sets_0.json-nft new file mode 100644 index 00000000..04d2ab40 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0010sets_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "nat", "handle": 1}}, {"set": {"family": "ip", "name": "ssh", "table": "nat", "type": "ipv4_addr", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"set": {"family": "ip6", "name": "testset", "table": "test", "type": "ipv6_addr", "handle": 1}}, {"table": {"family": "arp", "name": "test_arp", "handle": 3}}, {"set": {"family": "arp", "name": "test_set_arp00", "table": "test_arp", "type": "inet_service", "handle": 1}}, {"set": {"family": "arp", "name": "test_set_arp01", "table": "test_arp", "type": "inet_service", "handle": 2, "flags": ["constant"]}}, {"table": {"family": "bridge", "name": "test_bridge", "handle": 4}}, {"set": {"family": "bridge", "name": "test_set_bridge", "table": "test_bridge", "type": "inet_service", "handle": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 5}}, {"set": {"family": "inet", "name": "set0", "table": "filter", "type": "inet_service", "handle": 1}}, {"set": {"family": "inet", "name": "set1", "table": "filter", "type": "inet_service", "handle": 2, "flags": ["constant"]}}, {"set": {"family": "inet", "name": "set2", "table": "filter", "type": "icmpv6_type", "handle": 3}}]} diff --git a/tests/shell/testcases/listing/dumps/0011sets_0.json-nft b/tests/shell/testcases/listing/dumps/0011sets_0.json-nft new file mode 100644 index 00000000..3dab33f4 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0011sets_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "nat", "handle": 1}}, {"chain": {"family": "ip", "table": "nat", "name": "test", "handle": 1}}, {"rule": {"family": "ip", "table": "nat", "chain": "test", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [123, 321]}}}]}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"chain": {"family": "ip6", "table": "test", "name": "test", "handle": 1}}, {"rule": {"family": "ip6", "table": "test", "chain": "test", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "sport"}}, "right": {"set": [123, 321]}}}]}}, {"table": {"family": "arp", "name": "test_arp", "handle": 3}}, {"chain": {"family": "arp", "table": "test_arp", "name": "test", "handle": 1}}, {"rule": {"family": "arp", "table": "test_arp", "chain": "test", "handle": 3, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "mark"}}, "right": {"set": [123, 321]}}}]}}, {"table": {"family": "bridge", "name": "test_bridge", "handle": 4}}, {"chain": {"family": "bridge", "table": "test_bridge", "name": "test", "handle": 1}}, {"rule": {"family": "bridge", "table": "test_bridge", "chain": "test", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": {"set": ["1.1.1.1", "2.2.2.2"]}}}]}}, {"table": {"family": "inet", "name": "filter", "handle": 5}}, {"chain": {"family": "inet", "table": "filter", "name": "test", "handle": 1}}, {"rule": {"family": "inet", "table": "filter", "chain": "test", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [80, 443]}}}]}}]} diff --git a/tests/shell/testcases/listing/dumps/0012sets_0.json-nft b/tests/shell/testcases/listing/dumps/0012sets_0.json-nft new file mode 100644 index 00000000..04d2ab40 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0012sets_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "nat", "handle": 1}}, {"set": {"family": "ip", "name": "ssh", "table": "nat", "type": "ipv4_addr", "handle": 1}}, {"table": {"family": "ip6", "name": "test", "handle": 2}}, {"set": {"family": "ip6", "name": "testset", "table": "test", "type": "ipv6_addr", "handle": 1}}, {"table": {"family": "arp", "name": "test_arp", "handle": 3}}, {"set": {"family": "arp", "name": "test_set_arp00", "table": "test_arp", "type": "inet_service", "handle": 1}}, {"set": {"family": "arp", "name": "test_set_arp01", "table": "test_arp", "type": "inet_service", "handle": 2, "flags": ["constant"]}}, {"table": {"family": "bridge", "name": "test_bridge", "handle": 4}}, {"set": {"family": "bridge", "name": "test_set_bridge", "table": "test_bridge", "type": "inet_service", "handle": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 5}}, {"set": {"family": "inet", "name": "set0", "table": "filter", "type": "inet_service", "handle": 1}}, {"set": {"family": "inet", "name": "set1", "table": "filter", "type": "inet_service", "handle": 2, "flags": ["constant"]}}, {"set": {"family": "inet", "name": "set2", "table": "filter", "type": "icmpv6_type", "handle": 3}}]} diff --git a/tests/shell/testcases/listing/dumps/0014objects_0.json-nft b/tests/shell/testcases/listing/dumps/0014objects_0.json-nft new file mode 100644 index 00000000..95a79ebf --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0014objects_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"quota": {"family": "ip", "name": "https-quota", "table": "test", "handle": 1, "bytes": 26214400, "used": 0, "inv": false}}, {"ct helper": {"family": "ip", "name": "cthelp", "table": "test", "handle": 2, "type": "sip", "protocol": "tcp", "l3proto": "ip"}}, {"table": {"family": "ip", "name": "test-ip", "handle": 2}}]} diff --git a/tests/shell/testcases/listing/dumps/0015dynamic_0.json-nft b/tests/shell/testcases/listing/dumps/0015dynamic_0.json-nft new file mode 100644 index 00000000..2191dcd2 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0015dynamic_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}, {"set": {"family": "ip", "name": "test_set", "table": "filter", "type": ["ipv4_addr", "inet_service", "ipv4_addr", "inet_service", "inet_proto"], "handle": 1, "size": 100000, "flags": ["timeout", "dynamic"]}}]} diff --git a/tests/shell/testcases/listing/dumps/0016anonymous_0.json-nft b/tests/shell/testcases/listing/dumps/0016anonymous_0.json-nft new file mode 100644 index 00000000..a22625bd --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0016anonymous_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 2, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "1.1.1.1"}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 4, "expr": [{"mangle": {"key": {"meta": {"key": "mark"}}, "value": {"map": {"key": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": {"set": [["1.1.1.1", 2]]}}}}}]}}]} diff --git a/tests/shell/testcases/listing/dumps/0017objects_0.json-nft b/tests/shell/testcases/listing/dumps/0017objects_0.json-nft new file mode 100644 index 00000000..c5ef2a1c --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0017objects_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"map": {"family": "inet", "name": "countermap", "table": "filter", "type": "ipv4_addr", "handle": 1, "map": "counter"}}]} diff --git a/tests/shell/testcases/listing/dumps/0018data_0.json-nft b/tests/shell/testcases/listing/dumps/0018data_0.json-nft new file mode 100644 index 00000000..b0646262 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0018data_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"map": {"family": "inet", "name": "ipmap", "table": "filter", "type": "ipv4_addr", "handle": 1, "map": "ipv4_addr"}}]} diff --git a/tests/shell/testcases/listing/dumps/0019set_0.json-nft b/tests/shell/testcases/listing/dumps/0019set_0.json-nft new file mode 100644 index 00000000..715437b8 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0019set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"set": {"family": "inet", "name": "ipset", "table": "filter", "type": "ipv4_addr", "handle": 1}}]} diff --git a/tests/shell/testcases/listing/dumps/0020flowtable_0.json-nft b/tests/shell/testcases/listing/dumps/0020flowtable_0.json-nft new file mode 100644 index 00000000..3675b3fd --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0020flowtable_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"flowtable": {"family": "inet", "name": "f", "table": "filter", "handle": 1, "hook": "ingress", "prio": 0, "dev": "lo"}}, {"flowtable": {"family": "inet", "name": "f2", "table": "filter", "handle": 2, "hook": "ingress", "prio": 0}}, {"table": {"family": "ip", "name": "filter", "handle": 2}}, {"flowtable": {"family": "ip", "name": "f", "table": "filter", "handle": 1, "hook": "ingress", "prio": 0, "dev": "lo"}}, {"flowtable": {"family": "ip", "name": "f2", "table": "filter", "handle": 2, "hook": "ingress", "prio": 0}}]} diff --git a/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.json-nft b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.json-nft new file mode 100644 index 00000000..19c9f4d8 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "test", "handle": 1}}, {"set": {"family": "ip", "name": "s", "table": "test", "type": "ipv4_addr", "handle": 2, "elem": ["192.168.3.4", "192.168.3.5"]}}, {"chain": {"family": "ip", "table": "test", "name": "c", "handle": 1}}]} diff --git a/tests/shell/testcases/listing/dumps/0022terse_0.json-nft b/tests/shell/testcases/listing/dumps/0022terse_0.json-nft new file mode 100644 index 00000000..ec2bb0b1 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0022terse_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"set": {"family": "inet", "name": "example", "table": "filter", "type": "ipv4_addr", "handle": 2, "flags": ["interval"], "elem": ["10.10.10.10", "10.10.11.11"]}}, {"chain": {"family": "inet", "table": "filter", "name": "input", "handle": 1, "type": "filter", "hook": "prerouting", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "input", "handle": 4, "expr": [{"match": {"op": "!=", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": {"set": ["10.10.10.100", "10.10.10.111"]}}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@example"}}, {"drop": null}]}}]} |