summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases
diff options
context:
space:
mode:
authorLaura Garcia Liebana <nevola@gmail.com>2018-03-07 22:51:10 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-03-09 12:45:16 +0100
commit7d93e2c2fbc77f05fd7acb63a2acf9874c9ad58f (patch)
tree6773a61dcd261a25d525457bf8b6049787345424 /tests/shell/testcases
parent1870165e0241bd06f96da43edbee0e0e82bfa09d (diff)
tests: shell: autogenerate dump verification
Complete the automated shell tests with the verification of the test file dump, only for positive tests and if the test execution was successful. It's able to generate the dump file with the -g option. Example: # ./run-tests.sh -g testcases/chains/0001jumps_0 The dump files are generated in the same path in the folder named dumps/ with .nft extension. It has been avoided the dump verification code in every test file. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rw-r--r--tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft12
-rw-r--r--tests/shell/testcases/cache/dumps/0002_interval_0.nft7
-rwxr-xr-xtests/shell/testcases/chains/0016delete_handle_023
-rw-r--r--tests/shell/testcases/chains/dumps/0001jumps_0.nft64
-rw-r--r--tests/shell/testcases/chains/dumps/0006masquerade_0.nft6
-rw-r--r--tests/shell/testcases/chains/dumps/0013rename_0.nft4
-rw-r--r--tests/shell/testcases/chains/dumps/0016delete_handle_0.nft20
-rwxr-xr-xtests/shell/testcases/flowtable/0001flowtable_08
-rwxr-xr-xtests/shell/testcases/flowtable/dumps/0001flowtable_0.nft10
-rwxr-xr-xtests/shell/testcases/import/vm_json_import_08
-rw-r--r--tests/shell/testcases/include/dumps/0001absolute_0.nft2
-rw-r--r--tests/shell/testcases/include/dumps/0002relative_0.nft2
-rw-r--r--tests/shell/testcases/include/dumps/0003includepath_0.nft2
-rw-r--r--tests/shell/testcases/include/dumps/0006glob_single_0.nft2
-rw-r--r--tests/shell/testcases/include/dumps/0007glob_double_0.nft4
-rw-r--r--tests/shell/testcases/include/dumps/0011glob_dependency_0.nft4
-rw-r--r--tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft2
-rw-r--r--tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft4
-rwxr-xr-xtests/shell/testcases/listing/0001ruleset_011
-rwxr-xr-xtests/shell/testcases/listing/0002ruleset_09
-rw-r--r--tests/shell/testcases/listing/dumps/0001ruleset_0.nft2
-rwxr-xr-xtests/shell/testcases/maps/0005interval_map_add_many_elements_015
-rwxr-xr-xtests/shell/testcases/maps/0006interval_map_overlap_014
-rwxr-xr-xtests/shell/testcases/maps/0007named_ifname_dtype_07
-rw-r--r--tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft8
-rw-r--r--tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft7
-rw-r--r--tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft11
-rw-r--r--tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft5
-rw-r--r--tests/shell/testcases/maps/dumps/map_with_flags_0.nft6
-rw-r--r--tests/shell/testcases/maps/dumps/named_snat_map_0.nft10
-rwxr-xr-xtests/shell/testcases/maps/map_with_flags_015
-rwxr-xr-xtests/shell/testcases/nft-f/0002rollback_rule_010
-rwxr-xr-xtests/shell/testcases/nft-f/0003rollback_jump_010
-rwxr-xr-xtests/shell/testcases/nft-f/0004rollback_set_010
-rwxr-xr-xtests/shell/testcases/nft-f/0005rollback_map_010
-rwxr-xr-xtests/shell/testcases/nft-f/0008split_tables_019
-rw-r--r--tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft16
-rw-r--r--tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft16
-rw-r--r--tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft16
-rw-r--r--tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft16
-rw-r--r--tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft10
-rw-r--r--tests/shell/testcases/nft-f/dumps/0009variable_0.nft7
-rw-r--r--tests/shell/testcases/nft-f/dumps/0010variable_0.nft6
-rw-r--r--tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft16
-rw-r--r--tests/shell/testcases/optionals/dumps/comments_0.nft5
-rw-r--r--tests/shell/testcases/optionals/dumps/comments_handles_0.nft5
-rw-r--r--tests/shell/testcases/optionals/dumps/handles_0.nft5
-rwxr-xr-xtests/shell/testcases/rule_management/0001addposition_016
-rwxr-xr-xtests/shell/testcases/rule_management/0002insertposition_016
-rwxr-xr-xtests/shell/testcases/rule_management/0003insert_016
-rwxr-xr-xtests/shell/testcases/rule_management/0004replace_014
-rwxr-xr-xtests/shell/testcases/rule_management/0007delete_014
-rw-r--r--tests/shell/testcases/rule_management/dumps/0001addposition_0.nft7
-rw-r--r--tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft7
-rw-r--r--tests/shell/testcases/rule_management/dumps/0003insert_0.nft7
-rw-r--r--tests/shell/testcases/rule_management/dumps/0004replace_0.nft5
-rw-r--r--tests/shell/testcases/rule_management/dumps/0007delete_0.nft5
-rwxr-xr-xtests/shell/testcases/sets/0012add_delete_many_elements_013
-rwxr-xr-xtests/shell/testcases/sets/0013add_delete_many_elements_014
-rwxr-xr-xtests/shell/testcases/sets/0021nesting_014
-rwxr-xr-xtests/shell/testcases/sets/0029named_ifname_dtype_08
-rw-r--r--tests/shell/testcases/sets/dumps/0001named_interval_0.nft34
-rw-r--r--tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0006create_set_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0007create_element_0.nft6
-rw-r--r--tests/shell/testcases/sets/dumps/0008comments_interval_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft13
-rw-r--r--tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0010comments_0.nft6
-rw-r--r--tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft11
-rw-r--r--tests/shell/testcases/sets/dumps/0016element_leak_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0019set_check_size_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0020comments_0.nft6
-rw-r--r--tests/shell/testcases/sets/dumps/0021nesting_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft13
-rw-r--r--tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft2
-rw-r--r--tests/shell/testcases/sets/dumps/0024named_objects_0.nft28
-rw-r--r--tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0026named_limit_0.nft10
-rw-r--r--tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft11
-rwxr-xr-xtests/shell/testcases/transactions/0001table_013
-rwxr-xr-xtests/shell/testcases/transactions/0002table_012
-rwxr-xr-xtests/shell/testcases/transactions/0003table_010
-rwxr-xr-xtests/shell/testcases/transactions/0010chain_013
-rwxr-xr-xtests/shell/testcases/transactions/0011chain_014
-rwxr-xr-xtests/shell/testcases/transactions/0012chain_014
-rwxr-xr-xtests/shell/testcases/transactions/0013chain_014
-rwxr-xr-xtests/shell/testcases/transactions/0020rule_010
-rwxr-xr-xtests/shell/testcases/transactions/0021rule_014
-rwxr-xr-xtests/shell/testcases/transactions/0030set_011
-rwxr-xr-xtests/shell/testcases/transactions/0031set_014
-rwxr-xr-xtests/shell/testcases/transactions/0032set_014
-rwxr-xr-xtests/shell/testcases/transactions/0033set_011
-rwxr-xr-xtests/shell/testcases/transactions/0034set_014
-rwxr-xr-xtests/shell/testcases/transactions/0035set_015
-rwxr-xr-xtests/shell/testcases/transactions/0037set_015
-rwxr-xr-xtests/shell/testcases/transactions/0038set_016
-rwxr-xr-xtests/shell/testcases/transactions/0039set_016
-rwxr-xr-xtests/shell/testcases/transactions/0040set_023
-rw-r--r--tests/shell/testcases/transactions/dumps/0001table_0.nft4
-rw-r--r--tests/shell/testcases/transactions/dumps/0002table_0.nft3
-rw-r--r--tests/shell/testcases/transactions/dumps/0010chain_0.nft4
-rw-r--r--tests/shell/testcases/transactions/dumps/0011chain_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0012chain_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0013chain_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0021rule_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0030set_0.nft2
-rw-r--r--tests/shell/testcases/transactions/dumps/0031set_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0032set_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0033set_0.nft2
-rw-r--r--tests/shell/testcases/transactions/dumps/0034set_0.nft5
-rw-r--r--tests/shell/testcases/transactions/dumps/0035set_0.nft6
-rw-r--r--tests/shell/testcases/transactions/dumps/0037set_0.nft6
-rw-r--r--tests/shell/testcases/transactions/dumps/0038set_0.nft7
-rw-r--r--tests/shell/testcases/transactions/dumps/0039set_0.nft7
-rw-r--r--tests/shell/testcases/transactions/dumps/0040set_0.nft14
123 files changed, 668 insertions, 557 deletions
diff --git a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
new file mode 100644
index 00000000..f6dd6541
--- /dev/null
+++ b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
@@ -0,0 +1,12 @@
+table inet test {
+ set test {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+
+ chain test {
+ ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept
+ ip saddr @test counter packets 0 bytes 0 accept
+ ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept
+ }
+}
diff --git a/tests/shell/testcases/cache/dumps/0002_interval_0.nft b/tests/shell/testcases/cache/dumps/0002_interval_0.nft
new file mode 100644
index 00000000..6a081320
--- /dev/null
+++ b/tests/shell/testcases/cache/dumps/0002_interval_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.0.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/chains/0016delete_handle_0 b/tests/shell/testcases/chains/0016delete_handle_0
index cf11da8a..677fba37 100755
--- a/tests/shell/testcases/chains/0016delete_handle_0
+++ b/tests/shell/testcases/chains/0016delete_handle_0
@@ -11,26 +11,3 @@ $NFT add chain ip6 test-ip6 y # should have handle 2
$NFT add chain ip6 test-ip6 z # should have handle 3
$NFT delete chain test-ip handle 2
$NFT delete chain ip6 test-ip6 handle 3
-
-EXPECTED="table ip test-ip {
- chain x {
- }
-
- chain z {
- }
-}
-table ip6 test-ip6 {
- chain x {
- }
-
- chain y {
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/chains/dumps/0001jumps_0.nft b/tests/shell/testcases/chains/dumps/0001jumps_0.nft
new file mode 100644
index 00000000..7054cde4
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0001jumps_0.nft
@@ -0,0 +1,64 @@
+table ip t {
+ chain c1 {
+ jump c2
+ }
+
+ chain c2 {
+ jump c3
+ }
+
+ chain c3 {
+ jump c4
+ }
+
+ chain c4 {
+ jump c5
+ }
+
+ chain c5 {
+ jump c6
+ }
+
+ chain c6 {
+ jump c7
+ }
+
+ chain c7 {
+ jump c8
+ }
+
+ chain c8 {
+ jump c9
+ }
+
+ chain c9 {
+ jump c10
+ }
+
+ chain c10 {
+ jump c11
+ }
+
+ chain c11 {
+ jump c12
+ }
+
+ chain c12 {
+ jump c13
+ }
+
+ chain c13 {
+ jump c14
+ }
+
+ chain c14 {
+ jump c15
+ }
+
+ chain c15 {
+ jump c16
+ }
+
+ chain c16 {
+ }
+}
diff --git a/tests/shell/testcases/chains/dumps/0006masquerade_0.nft b/tests/shell/testcases/chains/dumps/0006masquerade_0.nft
new file mode 100644
index 00000000..e4b9872b
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0006masquerade_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+ chain c1 {
+ type nat hook postrouting priority 0; policy accept;
+ masquerade
+ }
+}
diff --git a/tests/shell/testcases/chains/dumps/0013rename_0.nft b/tests/shell/testcases/chains/dumps/0013rename_0.nft
new file mode 100644
index 00000000..e4e0171c
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0013rename_0.nft
@@ -0,0 +1,4 @@
+table ip t {
+ chain c2 {
+ }
+}
diff --git a/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft b/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft
new file mode 100644
index 00000000..de6ee9c0
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft
@@ -0,0 +1,20 @@
+table ip test-ip {
+ chain x {
+ }
+
+ chain y {
+ }
+
+ chain z {
+ }
+}
+table ip6 test-ip6 {
+ chain x {
+ }
+
+ chain y {
+ }
+
+ chain z {
+ }
+}
diff --git a/tests/shell/testcases/flowtable/0001flowtable_0 b/tests/shell/testcases/flowtable/0001flowtable_0
index 307f06f6..6d08e254 100755
--- a/tests/shell/testcases/flowtable/0001flowtable_0
+++ b/tests/shell/testcases/flowtable/0001flowtable_0
@@ -23,11 +23,3 @@ EXPECTED='table inet t {
echo "$EXPECTED" > $tmpfile
set -e
$NFT -f $tmpfile
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
new file mode 100755
index 00000000..5188b207
--- /dev/null
+++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
@@ -0,0 +1,10 @@
+table inet t {
+ flowtable f {
+ hook ingress priority 10
+ devices = { eth0, wlan0 }
+ }
+
+ chain c {
+ flow offload @f
+ }
+}
diff --git a/tests/shell/testcases/import/vm_json_import_0 b/tests/shell/testcases/import/vm_json_import_0
index dc367f64..e5ecbcc4 100755
--- a/tests/shell/testcases/import/vm_json_import_0
+++ b/tests/shell/testcases/import/vm_json_import_0
@@ -61,11 +61,3 @@ $NFT -f $tmpfile
$NFT export vm json > $tmpfile
$NFT flush ruleset
cat $tmpfile | $NFT import vm json
-
-RESULT="$($NFT list ruleset)"
-
-
-if [ "$RULESET" != "$RESULT" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$RESULT")
-fi
diff --git a/tests/shell/testcases/include/dumps/0001absolute_0.nft b/tests/shell/testcases/include/dumps/0001absolute_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0001absolute_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/include/dumps/0002relative_0.nft b/tests/shell/testcases/include/dumps/0002relative_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0002relative_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/include/dumps/0003includepath_0.nft b/tests/shell/testcases/include/dumps/0003includepath_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0003includepath_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/include/dumps/0006glob_single_0.nft b/tests/shell/testcases/include/dumps/0006glob_single_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0006glob_single_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/include/dumps/0007glob_double_0.nft b/tests/shell/testcases/include/dumps/0007glob_double_0.nft
new file mode 100644
index 00000000..f9cb080f
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0007glob_double_0.nft
@@ -0,0 +1,4 @@
+table ip y {
+}
+table ip x {
+}
diff --git a/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft
new file mode 100644
index 00000000..8e818d2d
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+ chain y {
+ }
+}
diff --git a/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft
new file mode 100644
index 00000000..8e818d2d
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+ chain y {
+ }
+}
diff --git a/tests/shell/testcases/listing/0001ruleset_0 b/tests/shell/testcases/listing/0001ruleset_0
index 1a3a73b1..19cb3b04 100755
--- a/tests/shell/testcases/listing/0001ruleset_0
+++ b/tests/shell/testcases/listing/0001ruleset_0
@@ -2,17 +2,6 @@
# list ruleset shows a table
-EXPECTED="table ip test {
-}"
-
set -e
$NFT add table test
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/listing/0002ruleset_0 b/tests/shell/testcases/listing/0002ruleset_0
index 45121fb7..b4a535c4 100755
--- a/tests/shell/testcases/listing/0002ruleset_0
+++ b/tests/shell/testcases/listing/0002ruleset_0
@@ -5,12 +5,3 @@
EXPECTED=""
set -e
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/listing/dumps/0001ruleset_0.nft b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft
new file mode 100644
index 00000000..1c9f40c5
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft
@@ -0,0 +1,2 @@
+table ip test {
+}
diff --git a/tests/shell/testcases/maps/0005interval_map_add_many_elements_0 b/tests/shell/testcases/maps/0005interval_map_add_many_elements_0
index 55f90555..0714963d 100755
--- a/tests/shell/testcases/maps/0005interval_map_add_many_elements_0
+++ b/tests/shell/testcases/maps/0005interval_map_add_many_elements_0
@@ -56,18 +56,3 @@ n=$HOWMANY
echo "add element x y { 10.${n}.${n}.0/24 : 10.0.${n}.${n} }" > $tmpfile
$NFT -f $tmpfile
-
-EXPECTED="table ip x {
- map y {
- type ipv4_addr : ipv4_addr
- flags interval
- elements = { "$(generate_test)" }
- }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/maps/0006interval_map_overlap_0 b/tests/shell/testcases/maps/0006interval_map_overlap_0
index 8597639e..682ac65b 100755
--- a/tests/shell/testcases/maps/0006interval_map_overlap_0
+++ b/tests/shell/testcases/maps/0006interval_map_overlap_0
@@ -25,17 +25,3 @@ echo "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile
$NFT -f $tmpfile
-EXPECTED="table ip x {
- map y {
- type ipv4_addr : ipv4_addr
- flags interval
- elements = { 10.0.1.0/24 : 10.0.0.1, 10.0.2.0/24 : 10.0.0.2 }
- }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/maps/0007named_ifname_dtype_0 b/tests/shell/testcases/maps/0007named_ifname_dtype_0
index dcbcf2f0..5e51a605 100755
--- a/tests/shell/testcases/maps/0007named_ifname_dtype_0
+++ b/tests/shell/testcases/maps/0007named_ifname_dtype_0
@@ -26,10 +26,3 @@ set -e
echo "$EXPECTED" > $tmpfile
$NFT -f $tmpfile
-GET="$($NFT list ruleset)"
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft b/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft
new file mode 100644
index 00000000..ab992c4a
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft
@@ -0,0 +1,8 @@
+table ip x {
+ map y {
+ type ipv4_addr : ipv4_addr
+ flags interval
+ elements = { 10.1.1.0/24 : 10.0.1.1, 10.1.2.0/24 : 10.0.1.2,
+ 10.2.1.0/24 : 10.0.2.1, 10.2.2.0/24 : 10.0.2.2 }
+ }
+}
diff --git a/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft b/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft
new file mode 100644
index 00000000..1f5343f4
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ map y {
+ type ipv4_addr : ipv4_addr
+ flags interval
+ elements = { 10.0.1.0/24 : 10.0.0.1, 10.0.2.0/24 : 10.0.0.2 }
+ }
+}
diff --git a/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft b/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft
new file mode 100644
index 00000000..878e7c06
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft
@@ -0,0 +1,11 @@
+table inet t {
+ map m1 {
+ type ifname : ipv4_addr
+ elements = { "eth0" : 1.1.1.1 }
+ }
+
+ chain c {
+ ip daddr set iifname map @m1
+ ip daddr set oifname map @m1
+ }
+}
diff --git a/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft b/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft
new file mode 100644
index 00000000..5009560c
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft
@@ -0,0 +1,5 @@
+table ip nat {
+ chain postrouting {
+ snat to ip saddr map { 1.1.1.1 : 2.2.2.2 }
+ }
+}
diff --git a/tests/shell/testcases/maps/dumps/map_with_flags_0.nft b/tests/shell/testcases/maps/dumps/map_with_flags_0.nft
new file mode 100644
index 00000000..c96b1ed2
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/map_with_flags_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+ map y {
+ type ipv4_addr : ipv4_addr
+ flags timeout
+ }
+}
diff --git a/tests/shell/testcases/maps/dumps/named_snat_map_0.nft b/tests/shell/testcases/maps/dumps/named_snat_map_0.nft
new file mode 100644
index 00000000..a7c57518
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/named_snat_map_0.nft
@@ -0,0 +1,10 @@
+table ip nat {
+ map m {
+ type ipv4_addr : ipv4_addr
+ elements = { 1.1.1.1 : 2.2.2.2 }
+ }
+
+ chain postrouting {
+ snat to ip saddr map @m
+ }
+}
diff --git a/tests/shell/testcases/maps/map_with_flags_0 b/tests/shell/testcases/maps/map_with_flags_0
index 8774eb51..68bd80d2 100755
--- a/tests/shell/testcases/maps/map_with_flags_0
+++ b/tests/shell/testcases/maps/map_with_flags_0
@@ -4,18 +4,3 @@ set -e
$NFT add table x
$NFT add map x y { type ipv4_addr : ipv4_addr\; flags timeout\; }
-
-EXPECTED="table ip x {
- map y {
- type ipv4_addr : ipv4_addr
- flags timeout
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0
index ddeb5423..19690544 100755
--- a/tests/shell/testcases/nft-f/0002rollback_rule_0
+++ b/tests/shell/testcases/nft-f/0002rollback_rule_0
@@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
- exit 1
-fi
-
-exit 0
diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0
index 6c43df9d..f53fd238 100755
--- a/tests/shell/testcases/nft-f/0003rollback_jump_0
+++ b/tests/shell/testcases/nft-f/0003rollback_jump_0
@@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
- exit 1
-fi
-
-exit 0
diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0
index 1dea85ec..7674106f 100755
--- a/tests/shell/testcases/nft-f/0004rollback_set_0
+++ b/tests/shell/testcases/nft-f/0004rollback_set_0
@@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
- exit 1
-fi
-
-exit 0
diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0
index 777cc717..ba1fcc59 100755
--- a/tests/shell/testcases/nft-f/0005rollback_map_0
+++ b/tests/shell/testcases/nft-f/0005rollback_map_0
@@ -51,13 +51,3 @@ if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
- exit 1
-fi
-
-exit 0
diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0
index dd03545b..b244d14e 100755
--- a/tests/shell/testcases/nft-f/0008split_tables_0
+++ b/tests/shell/testcases/nft-f/0008split_tables_0
@@ -29,22 +29,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table inet filter {
- chain ssh {
- type filter hook input priority 0; policy accept;
- tcp dport ssh accept
- }
-
- chain input {
- type filter hook input priority 1; policy accept;
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
new file mode 100644
index 00000000..f6f26158
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+ set t {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+
+ chain c {
+ ct state new
+ tcp dport { 22222 }
+ ip saddr @t drop
+ jump other
+ }
+
+ chain other {
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
new file mode 100644
index 00000000..f6f26158
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+ set t {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+
+ chain c {
+ ct state new
+ tcp dport { 22222 }
+ ip saddr @t drop
+ jump other
+ }
+
+ chain other {
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
new file mode 100644
index 00000000..f6f26158
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+ set t {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+
+ chain c {
+ ct state new
+ tcp dport { 22222 }
+ ip saddr @t drop
+ jump other
+ }
+
+ chain other {
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
new file mode 100644
index 00000000..f6f26158
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+ set t {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+
+ chain c {
+ ct state new
+ tcp dport { 22222 }
+ ip saddr @t drop
+ jump other
+ }
+
+ chain other {
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft
new file mode 100644
index 00000000..1211411f
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft
@@ -0,0 +1,10 @@
+table inet filter {
+ chain ssh {
+ type filter hook input priority 0; policy accept;
+ tcp dport ssh accept
+ }
+
+ chain input {
+ type filter hook input priority 1; policy accept;
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft
new file mode 100644
index 00000000..a793751b
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft
@@ -0,0 +1,7 @@
+table inet forward {
+ set concat-set-variable {
+ type ipv4_addr . inet_service
+ elements = { 10.10.10.10 . smtp,
+ 10.10.10.10 . imap2 }
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft
new file mode 100644
index 00000000..1f3d05e8
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft
@@ -0,0 +1,6 @@
+table inet filter {
+ set whitelist_v4 {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
new file mode 100644
index 00000000..e9eef4b1
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
@@ -0,0 +1,16 @@
+table inet t {
+ chain c {
+ iifname "whatever" oifname "whatever" iif "lo" oif "lo"
+ iifname { "whatever" } iif { "lo" } mark 0x0000007b
+ ct state established,related,new
+ ct state != established | related | new
+ ip saddr 10.0.0.0 ip saddr 10.0.0.0 ip daddr 10.0.0.2
+ ip6 daddr fe0::1 ip6 saddr fe0::2
+ ip saddr vmap { 10.0.0.0 : drop, 10.0.0.2 : accept }
+ ip6 daddr vmap { fe0::1 : drop, fe0::2 : accept }
+ ip6 saddr . ip6 nexthdr { fe0::1 . udp, fe0::2 . tcp }
+ ip daddr . iif vmap { 10.0.0.0 . "lo" : accept }
+ tcp dport 100-222
+ udp dport vmap { 100-222 : accept }
+ }
+}
diff --git a/tests/shell/testcases/optionals/dumps/comments_0.nft b/tests/shell/testcases/optionals/dumps/comments_0.nft
new file mode 100644
index 00000000..416a07e0
--- /dev/null
+++ b/tests/shell/testcases/optionals/dumps/comments_0.nft
@@ -0,0 +1,5 @@
+table ip test {
+ chain test {
+ tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment"
+ }
+}
diff --git a/tests/shell/testcases/optionals/dumps/comments_handles_0.nft b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft
new file mode 100644
index 00000000..416a07e0
--- /dev/null
+++ b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft
@@ -0,0 +1,5 @@
+table ip test {
+ chain test {
+ tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment"
+ }
+}
diff --git a/tests/shell/testcases/optionals/dumps/handles_0.nft b/tests/shell/testcases/optionals/dumps/handles_0.nft
new file mode 100644
index 00000000..eb0af811
--- /dev/null
+++ b/tests/shell/testcases/optionals/dumps/handles_0.nft
@@ -0,0 +1,5 @@
+table ip test {
+ chain test {
+ tcp dport ssh counter packets 0 bytes 0 accept
+ }
+}
diff --git a/tests/shell/testcases/rule_management/0001addposition_0 b/tests/shell/testcases/rule_management/0001addposition_0
index e66bfff3..ee90d923 100755
--- a/tests/shell/testcases/rule_management/0001addposition_0
+++ b/tests/shell/testcases/rule_management/0001addposition_0
@@ -9,19 +9,3 @@ $NFT add chain t c
$NFT add rule t c accept # should have handle 2
$NFT add rule t c accept # should have handle 3
$NFT add rule t c position 2 drop
-
-EXPECTED="table ip t {
- chain c {
- accept
- drop
- accept
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/rule_management/0002insertposition_0 b/tests/shell/testcases/rule_management/0002insertposition_0
index cf8a568d..e9f886fb 100755
--- a/tests/shell/testcases/rule_management/0002insertposition_0
+++ b/tests/shell/testcases/rule_management/0002insertposition_0
@@ -9,19 +9,3 @@ $NFT add chain t c
$NFT add rule t c accept # should have handle 2
$NFT add rule t c accept # should have handle 3
$NFT insert rule t c position 2 drop
-
-EXPECTED="table ip t {
- chain c {
- drop
- accept
- accept
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0
index 6691c166..329ccc20 100755
--- a/tests/shell/testcases/rule_management/0003insert_0
+++ b/tests/shell/testcases/rule_management/0003insert_0
@@ -9,19 +9,3 @@ $NFT add chain t c
$NFT insert rule t c accept
$NFT insert rule t c drop
$NFT insert rule t c masquerade
-
-EXPECTED="table ip t {
- chain c {
- masquerade
- drop
- accept
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/rule_management/0004replace_0 b/tests/shell/testcases/rule_management/0004replace_0
index 6a4b9495..c3329af5 100755
--- a/tests/shell/testcases/rule_management/0004replace_0
+++ b/tests/shell/testcases/rule_management/0004replace_0
@@ -8,17 +8,3 @@ $NFT add table t
$NFT add chain t c
$NFT add rule t c accept # should have handle 2
$NFT replace rule t c handle 2 drop
-
-EXPECTED="table ip t {
- chain c {
- drop
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/rule_management/0007delete_0 b/tests/shell/testcases/rule_management/0007delete_0
index 126fe5dd..11376cc3 100755
--- a/tests/shell/testcases/rule_management/0007delete_0
+++ b/tests/shell/testcases/rule_management/0007delete_0
@@ -9,17 +9,3 @@ $NFT add chain t c
$NFT add rule t c accept # should have handle 2
$NFT add rule t c drop # should have handle 3
$NFT delete rule t c handle 2
-
-EXPECTED="table ip t {
- chain c {
- drop
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
new file mode 100644
index 00000000..e282e13b
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ chain c {
+ accept
+ drop
+ accept
+ }
+}
diff --git a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
new file mode 100644
index 00000000..527d79d6
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ chain c {
+ drop
+ accept
+ accept
+ }
+}
diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
new file mode 100644
index 00000000..9421f4ae
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ chain c {
+ masquerade
+ drop
+ accept
+ }
+}
diff --git a/tests/shell/testcases/rule_management/dumps/0004replace_0.nft b/tests/shell/testcases/rule_management/dumps/0004replace_0.nft
new file mode 100644
index 00000000..e20952ef
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0004replace_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+ chain c {
+ drop
+ }
+}
diff --git a/tests/shell/testcases/rule_management/dumps/0007delete_0.nft b/tests/shell/testcases/rule_management/dumps/0007delete_0.nft
new file mode 100644
index 00000000..e20952ef
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0007delete_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+ chain c {
+ drop
+ }
+}
diff --git a/tests/shell/testcases/sets/0012add_delete_many_elements_0 b/tests/shell/testcases/sets/0012add_delete_many_elements_0
index 7a5f8c69..7e7beebd 100755
--- a/tests/shell/testcases/sets/0012add_delete_many_elements_0
+++ b/tests/shell/testcases/sets/0012add_delete_many_elements_0
@@ -31,16 +31,3 @@ delete element x y $(generate)" > $tmpfile
set -e
$NFT -f $tmpfile
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/sets/0013add_delete_many_elements_0 b/tests/shell/testcases/sets/0013add_delete_many_elements_0
index 265a5540..5774317b 100755
--- a/tests/shell/testcases/sets/0013add_delete_many_elements_0
+++ b/tests/shell/testcases/sets/0013add_delete_many_elements_0
@@ -32,17 +32,3 @@ add element x y $(generate)" > $tmpfile
$NFT -f $tmpfile
echo "delete element x y $(generate)" > $tmpfile
$NFT -f $tmpfile
-
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0
index 763d9ae1..4779f264 100755
--- a/tests/shell/testcases/sets/0021nesting_0
+++ b/tests/shell/testcases/sets/0021nesting_0
@@ -30,17 +30,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- chain y {
- ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0
index 8b7ab982..92f4a4ad 100755
--- a/tests/shell/testcases/sets/0029named_ifname_dtype_0
+++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0
@@ -25,11 +25,3 @@ EXPECTED="table inet t {
set -e
echo "$EXPECTED" > $tmpfile
$NFT -f $tmpfile
-
-GET="$($NFT list ruleset)"
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/sets/dumps/0001named_interval_0.nft b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
new file mode 100644
index 00000000..3049aa84
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
@@ -0,0 +1,34 @@
+table inet t {
+ set s1 {
+ type ipv4_addr
+ flags interval
+ elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
+ }
+
+ set s2 {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/64,
+ fe11::-fe22:: }
+ }
+
+ set s3 {
+ type inet_proto
+ flags interval
+ elements = { 10-20, 50-60 }
+ }
+
+ set s4 {
+ type inet_service
+ flags interval
+ elements = { 0-1024, 8080-8082, 10000-40000 }
+ }
+
+ chain c {
+ ip saddr @s1 accept
+ ip6 daddr @s2 accept
+ ip protocol @s3 accept
+ ip6 nexthdr @s3 accept
+ tcp dport @s4 accept
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
new file mode 100644
index 00000000..452ee23e
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.0.0/24, 192.168.1.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
new file mode 100644
index 00000000..70c32a85
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
new file mode 100644
index 00000000..940030a1
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/64 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
new file mode 100644
index 00000000..4224d9da
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/48 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0006create_set_0.nft b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
new file mode 100644
index 00000000..70c32a85
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0007create_element_0.nft b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
new file mode 100644
index 00000000..169be117
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
new file mode 100644
index 00000000..5e7a7680
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ flags interval
+ elements = { 1.1.1.1 comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
new file mode 100644
index 00000000..ab0fe80d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+ map sourcemap {
+ type ipv4_addr : verdict
+ elements = { 100.123.10.2 : jump c }
+ }
+
+ chain postrouting {
+ ip saddr vmap @sourcemap accept
+ }
+
+ chain c {
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
new file mode 100644
index 00000000..455ebe3e
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ flags timeout
+ elements = { 1.1.1.1 comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0010comments_0.nft b/tests/shell/testcases/sets/dumps/0010comments_0.nft
new file mode 100644
index 00000000..6e42ec4b
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0010comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ elements = { ::1 comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
new file mode 100644
index 00000000..f6eddbf8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
@@ -0,0 +1,11 @@
+table ip t {
+ chain c {
+ }
+}
+table inet filter {
+ set blacklist_v4 {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.0.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0016element_leak_0.nft b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
new file mode 100644
index 00000000..9d2b0afe
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ size 2
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
new file mode 100644
index 00000000..9d2b0afe
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ size 2
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
new file mode 100644
index 00000000..8cd37076
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ size 2
+ elements = { 1.1.1.1, 1.1.1.2 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft
new file mode 100644
index 00000000..d5330848
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+ set s {
+ type inet_service
+ elements = { ssh comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0021nesting_0.nft b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
new file mode 100644
index 00000000..6fd2a441
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ chain y {
+ ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
new file mode 100644
index 00000000..3dd97602
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ }
+
+ map m {
+ type ipv4_addr : inet_service
+ }
+
+ chain c {
+ tcp dport http meter f { ip saddr limit rate 10/second}
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
new file mode 100644
index 00000000..985768ba
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
@@ -0,0 +1,2 @@
+table ip t {
+}
diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
new file mode 100644
index 00000000..929c5d93
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
@@ -0,0 +1,28 @@
+table inet x {
+ counter user123 {
+ packets 12 bytes 1433
+ }
+
+ quota user123 {
+ over 2000 bytes
+ }
+
+ quota user124 {
+ over 2000 bytes
+ }
+
+ set y {
+ type ipv4_addr
+ }
+
+ map test {
+ type ipv4_addr : quota
+ elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
+ }
+
+ chain y {
+ type filter hook input priority 0; policy accept;
+ counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
+ quota name ip saddr map @test drop
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
new file mode 100644
index 00000000..c823ae9d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ chain c {
+ type filter hook output priority 0; policy accept;
+ ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 }
+ tcp dport { ssh, telnet } counter packets 0 bytes 0
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
new file mode 100644
index 00000000..0d1f1254
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
@@ -0,0 +1,10 @@
+table ip filter {
+ limit http-traffic {
+ rate 1/second
+ }
+
+ chain input {
+ type filter hook input priority 0; policy accept;
+ limit name tcp dport map { http : "http-traffic", https : "http-traffic" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
new file mode 100644
index 00000000..c49eefae
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ flags interval
+ elements = { ::ffff:0.0.0.0/96 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
new file mode 100644
index 00000000..2c82e57d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
@@ -0,0 +1,11 @@
+table inet t {
+ set s {
+ type ifname
+ elements = { "eth0" }
+ }
+
+ chain c {
+ iifname @s accept
+ oifname @s accept
+ }
+}
diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0
index 0bde1018..83f9fd0d 100755
--- a/tests/shell/testcases/transactions/0001table_0
+++ b/tests/shell/testcases/transactions/0001table_0
@@ -21,16 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
-}
-table ip y {
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0
index c5f319e4..dbd2f4ab 100755
--- a/tests/shell/testcases/transactions/0002table_0
+++ b/tests/shell/testcases/transactions/0002table_0
@@ -21,15 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- flags dormant
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0
index f17285e5..004ce513 100755
--- a/tests/shell/testcases/transactions/0003table_0
+++ b/tests/shell/testcases/transactions/0003table_0
@@ -20,13 +20,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED=""
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0
index f4c1fbd1..d1918680 100755
--- a/tests/shell/testcases/transactions/0010chain_0
+++ b/tests/shell/testcases/transactions/0010chain_0
@@ -22,16 +22,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip w {
- chain y {
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0
index 71afa6ed..aac33d56 100755
--- a/tests/shell/testcases/transactions/0011chain_0
+++ b/tests/shell/testcases/transactions/0011chain_0
@@ -22,17 +22,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- chain y {
- type filter hook input priority 0; policy drop;
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0
index 757bc750..c3bfe130 100755
--- a/tests/shell/testcases/transactions/0012chain_0
+++ b/tests/shell/testcases/transactions/0012chain_0
@@ -26,17 +26,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip w {
- chain y {
- type filter hook output priority 0; policy accept;
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0
index 2c75bd4f..67c31c8a 100755
--- a/tests/shell/testcases/transactions/0013chain_0
+++ b/tests/shell/testcases/transactions/0013chain_0
@@ -27,17 +27,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip w {
- chain y {
- type filter hook output priority 0; policy accept;
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0
index 1ad43625..e38634d3 100755
--- a/tests/shell/testcases/transactions/0020rule_0
+++ b/tests/shell/testcases/transactions/0020rule_0
@@ -21,13 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED=""
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0
index 2467124f..284a9e71 100755
--- a/tests/shell/testcases/transactions/0021rule_0
+++ b/tests/shell/testcases/transactions/0021rule_0
@@ -24,17 +24,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- chain y {
- ip saddr 2.2.2.2 counter packets 0 bytes 0
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0
index 1fefb944..ad08b7e5 100755
--- a/tests/shell/testcases/transactions/0030set_0
+++ b/tests/shell/testcases/transactions/0030set_0
@@ -21,14 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0
index 87848b4b..6c5757cc 100755
--- a/tests/shell/testcases/transactions/0031set_0
+++ b/tests/shell/testcases/transactions/0031set_0
@@ -21,17 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0
index d4d7e7ed..1b41cf09 100755
--- a/tests/shell/testcases/transactions/0032set_0
+++ b/tests/shell/testcases/transactions/0032set_0
@@ -22,17 +22,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip w {
- set y {
- type ipv4_addr
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0
index b73b6fc8..19543b3c 100755
--- a/tests/shell/testcases/transactions/0033set_0
+++ b/tests/shell/testcases/transactions/0033set_0
@@ -20,14 +20,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0
index 25e65007..4cddb94d 100755
--- a/tests/shell/testcases/transactions/0034set_0
+++ b/tests/shell/testcases/transactions/0034set_0
@@ -21,17 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0
index 0788e2fe..9b20746b 100755
--- a/tests/shell/testcases/transactions/0035set_0
+++ b/tests/shell/testcases/transactions/0035set_0
@@ -23,18 +23,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- elements = { 3.3.3.3 }
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0
index 3e48c801..75b1d453 100755
--- a/tests/shell/testcases/transactions/0037set_0
+++ b/tests/shell/testcases/transactions/0037set_0
@@ -21,18 +21,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- flags interval
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0
index 76550755..3120e916 100755
--- a/tests/shell/testcases/transactions/0038set_0
+++ b/tests/shell/testcases/transactions/0038set_0
@@ -23,19 +23,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- flags interval
- elements = { 192.168.4.0/24 }
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0
index 76550755..3120e916 100755
--- a/tests/shell/testcases/transactions/0039set_0
+++ b/tests/shell/testcases/transactions/0039set_0
@@ -23,19 +23,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- flags interval
- elements = { 192.168.4.0/24 }
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0
index 241703d9..0ffc4416 100755
--- a/tests/shell/testcases/transactions/0040set_0
+++ b/tests/shell/testcases/transactions/0040set_0
@@ -51,26 +51,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-
-GET="$($NFT list ruleset)"
-
-EXPECTED="table ip filter {
- map client_to_any {
- type ipv4_addr : verdict
- }
-
- chain FORWARD {
- type filter hook forward priority 0; policy accept;
- goto client_to_any
- }
-
- chain client_to_any {
- ip saddr vmap @client_to_any
- }
-}"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/transactions/dumps/0001table_0.nft b/tests/shell/testcases/transactions/dumps/0001table_0.nft
new file mode 100644
index 00000000..e4e5f9b1
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0001table_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+}
+table ip y {
+}
diff --git a/tests/shell/testcases/transactions/dumps/0002table_0.nft b/tests/shell/testcases/transactions/dumps/0002table_0.nft
new file mode 100644
index 00000000..6eb70726
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0002table_0.nft
@@ -0,0 +1,3 @@
+table ip x {
+ flags dormant
+}
diff --git a/tests/shell/testcases/transactions/dumps/0010chain_0.nft b/tests/shell/testcases/transactions/dumps/0010chain_0.nft
new file mode 100644
index 00000000..aa4a521f
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0010chain_0.nft
@@ -0,0 +1,4 @@
+table ip w {
+ chain y {
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0011chain_0.nft b/tests/shell/testcases/transactions/dumps/0011chain_0.nft
new file mode 100644
index 00000000..02cdb238
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0011chain_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ chain y {
+ type filter hook input priority 0; policy drop;
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0012chain_0.nft b/tests/shell/testcases/transactions/dumps/0012chain_0.nft
new file mode 100644
index 00000000..1fddecbb
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0012chain_0.nft
@@ -0,0 +1,5 @@
+table ip w {
+ chain y {
+ type filter hook output priority 0; policy accept;
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0013chain_0.nft b/tests/shell/testcases/transactions/dumps/0013chain_0.nft
new file mode 100644
index 00000000..1fddecbb
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0013chain_0.nft
@@ -0,0 +1,5 @@
+table ip w {
+ chain y {
+ type filter hook output priority 0; policy accept;
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0021rule_0.nft b/tests/shell/testcases/transactions/dumps/0021rule_0.nft
new file mode 100644
index 00000000..a6c41309
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0021rule_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ chain y {
+ ip saddr 2.2.2.2 counter packets 0 bytes 0
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0030set_0.nft b/tests/shell/testcases/transactions/dumps/0030set_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0030set_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/transactions/dumps/0031set_0.nft b/tests/shell/testcases/transactions/dumps/0031set_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0031set_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0032set_0.nft b/tests/shell/testcases/transactions/dumps/0032set_0.nft
new file mode 100644
index 00000000..7d11892a
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0032set_0.nft
@@ -0,0 +1,5 @@
+table ip w {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0033set_0.nft b/tests/shell/testcases/transactions/dumps/0033set_0.nft
new file mode 100644
index 00000000..5d4d2caf
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0033set_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}
diff --git a/tests/shell/testcases/transactions/dumps/0034set_0.nft b/tests/shell/testcases/transactions/dumps/0034set_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0034set_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0035set_0.nft b/tests/shell/testcases/transactions/dumps/0035set_0.nft
new file mode 100644
index 00000000..e1114947
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0035set_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ elements = { 3.3.3.3 }
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0037set_0.nft b/tests/shell/testcases/transactions/dumps/0037set_0.nft
new file mode 100644
index 00000000..ca69cee2
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0037set_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ flags interval
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0038set_0.nft b/tests/shell/testcases/transactions/dumps/0038set_0.nft
new file mode 100644
index 00000000..651a11bf
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0038set_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.4.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0039set_0.nft b/tests/shell/testcases/transactions/dumps/0039set_0.nft
new file mode 100644
index 00000000..651a11bf
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0039set_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.4.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0040set_0.nft b/tests/shell/testcases/transactions/dumps/0040set_0.nft
new file mode 100644
index 00000000..fe864058
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0040set_0.nft
@@ -0,0 +1,14 @@
+table ip filter {
+ map client_to_any {
+ type ipv4_addr : verdict
+ }
+
+ chain FORWARD {
+ type filter hook forward priority 0; policy accept;
+ goto client_to_any
+ }
+
+ chain client_to_any {
+ ip saddr vmap @client_to_any
+ }
+}