tests: shell: autogenerate dump verification

Complete the automated shell tests with the verification of the test file dump, only for positive tests and if the test execution was successful. It's able to generate the dump file with the -g option. Example: # ./run-tests.sh -g testcases/chains/0001jumps_0 The dump files are generated in the same path in the folder named dumps/ with .nft extension. It has been avoided the dump verification code in every test file. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Laura Garcia Liebana <nevola@gmail.com> 2018-03-07 22:51:10 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-09 12:45:16 +0100
commit: 7d93e2c2fbc77f05fd7acb63a2acf9874c9ad58f (patch)
tree: 6773a61dcd261a25d525457bf8b6049787345424 /tests/shell/testcases/sets/dumps
parent: 1870165e0241bd06f96da43edbee0e0e82bfa09d (diff)
26 files changed, 235 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/dumps/0001named_interval_0.nft b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
new file mode 100644
index 00000000..3049aa84
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
@@ -0,0 +1,34 @@
+table inet t {
+	set s1 {
+		type ipv4_addr
+		flags interval
+		elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
+	}
+
+	set s2 {
+		type ipv6_addr
+		flags interval
+		elements = { fe00::/64,
+			     fe11::-fe22:: }
+	}
+
+	set s3 {
+		type inet_proto
+		flags interval
+		elements = { 10-20, 50-60 }
+	}
+
+	set s4 {
+		type inet_service
+		flags interval
+		elements = { 0-1024, 8080-8082, 10000-40000 }
+	}
+
+	chain c {
+		ip saddr @s1 accept
+		ip6 daddr @s2 accept
+		ip protocol @s3 accept
+		ip6 nexthdr @s3 accept
+		tcp dport @s4 accept
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
new file mode 100644
index 00000000..452ee23e
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+	set s {
+		type ipv4_addr
+		flags interval
+		elements = { 192.168.0.0/24, 192.168.1.0/24 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
new file mode 100644
index 00000000..70c32a85
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+	set s {
+		type ipv4_addr
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
new file mode 100644
index 00000000..940030a1
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+	set s {
+		type ipv6_addr
+		flags interval
+		elements = { fe00::/64 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
new file mode 100644
index 00000000..4224d9da
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+	set s {
+		type ipv6_addr
+		flags interval
+		elements = { fe00::/48 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0006create_set_0.nft b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
new file mode 100644
index 00000000..70c32a85
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+	set s {
+		type ipv4_addr
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0007create_element_0.nft b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
new file mode 100644
index 00000000..169be117
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+	set s {
+		type ipv4_addr
+		elements = { 1.1.1.1 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
new file mode 100644
index 00000000..5e7a7680
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+	set s {
+		type ipv4_addr
+		flags interval
+		elements = { 1.1.1.1 comment "test" }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
new file mode 100644
index 00000000..ab0fe80d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+	map sourcemap {
+		type ipv4_addr : verdict
+		elements = { 100.123.10.2 : jump c }
+	}
+
+	chain postrouting {
+		ip saddr vmap @sourcemap accept
+	}
+
+	chain c {
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
new file mode 100644
index 00000000..455ebe3e
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+	set s {
+		type ipv4_addr
+		flags timeout
+		elements = { 1.1.1.1 comment "test" }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0010comments_0.nft b/tests/shell/testcases/sets/dumps/0010comments_0.nft
new file mode 100644
index 00000000..6e42ec4b
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0010comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+	set s {
+		type ipv6_addr
+		elements = { ::1 comment "test" }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+	set y {
+		type ipv4_addr
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+	set y {
+		type ipv4_addr
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
new file mode 100644
index 00000000..f6eddbf8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
@@ -0,0 +1,11 @@
+table ip t {
+	chain c {
+	}
+}
+table inet filter {
+	set blacklist_v4 {
+		type ipv4_addr
+		flags interval
+		elements = { 192.168.0.0/24 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0016element_leak_0.nft b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
new file mode 100644
index 00000000..9d2b0afe
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+	set s {
+		type ipv4_addr
+		size 2
+		elements = { 1.1.1.1 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
new file mode 100644
index 00000000..9d2b0afe
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+	set s {
+		type ipv4_addr
+		size 2
+		elements = { 1.1.1.1 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
new file mode 100644
index 00000000..8cd37076
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+	set s {
+		type ipv4_addr
+		size 2
+		elements = { 1.1.1.1, 1.1.1.2 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft
new file mode 100644
index 00000000..d5330848
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+	set s {
+		type inet_service
+		elements = { ssh comment "test" }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0021nesting_0.nft b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
new file mode 100644
index 00000000..6fd2a441
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+	chain y {
+		ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
new file mode 100644
index 00000000..3dd97602
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+	set s {
+		type ipv4_addr
+	}
+
+	map m {
+		type ipv4_addr : inet_service
+	}
+
+	chain c {
+		tcp dport http meter f { ip saddr limit rate 10/second} 
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
new file mode 100644
index 00000000..985768ba
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
@@ -0,0 +1,2 @@
+table ip t {
+}
diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
new file mode 100644
index 00000000..929c5d93
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
@@ -0,0 +1,28 @@
+table inet x {
+	counter user123 {
+		packets 12 bytes 1433
+	}
+
+	quota user123 {
+		over 2000 bytes
+	}
+
+	quota user124 {
+		over 2000 bytes
+	}
+
+	set y {
+		type ipv4_addr
+	}
+
+	map test {
+		type ipv4_addr : quota
+		elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
+	}
+
+	chain y {
+		type filter hook input priority 0; policy accept;
+		counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
+		quota name ip saddr map @test drop
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
new file mode 100644
index 00000000..c823ae9d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+	chain c {
+		type filter hook output priority 0; policy accept;
+		ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 }
+		tcp dport { ssh, telnet } counter packets 0 bytes 0
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
new file mode 100644
index 00000000..0d1f1254
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
@@ -0,0 +1,10 @@
+table ip filter {
+	limit http-traffic {
+		rate 1/second
+	}
+
+	chain input {
+		type filter hook input priority 0; policy accept;
+		limit name tcp dport map { http : "http-traffic", https : "http-traffic" }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
new file mode 100644
index 00000000..c49eefae
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+	set s {
+		type ipv6_addr
+		flags interval
+		elements = { ::ffff:0.0.0.0/96 }
+	}
+}
diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
new file mode 100644
index 00000000..2c82e57d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
@@ -0,0 +1,11 @@
+table inet t {
+	set s {
+		type ifname
+		elements = { "eth0" }
+	}
+
+	chain c {
+		iifname @s accept
+		oifname @s accept
+	}
+}
author	Laura Garcia Liebana <nevola@gmail.com>	2018-03-07 22:51:10 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-09 12:45:16 +0100
commit	7d93e2c2fbc77f05fd7acb63a2acf9874c9ad58f (patch)
tree	6773a61dcd261a25d525457bf8b6049787345424 /tests/shell/testcases/sets/dumps
parent	1870165e0241bd06f96da43edbee0e0e82bfa09d (diff)