summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases
diff options
context:
space:
mode:
authorArturo Borrero <arturo.borrero.glez@gmail.com>2016-04-25 12:20:57 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-04-27 12:31:58 +0200
commit7e20026fc7192c9a3fa764840d193c7f638cf274 (patch)
tree87186d81216d83246eef31243a0df35b08db5e5e /tests/shell/testcases
parent8d6628ce724e1d01f03b788f60455cce2a4f77aa (diff)
tests: shell: add testcases for named sets with intervals
Let's add some testcases for named sets with intervals and ranges. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rwxr-xr-xtests/shell/testcases/sets/0001named_interval_047
-rwxr-xr-xtests/shell/testcases/sets/0002named_interval_automerging_012
-rwxr-xr-xtests/shell/testcases/sets/0003named_interval_missing_flag_012
-rwxr-xr-xtests/shell/testcases/sets/0004named_interval_shadow_013
-rwxr-xr-xtests/shell/testcases/sets/0005named_interval_shadow_013
5 files changed, 97 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0001named_interval_0 b/tests/shell/testcases/sets/0001named_interval_0
new file mode 100755
index 00000000..8d08b755
--- /dev/null
+++ b/tests/shell/testcases/sets/0001named_interval_0
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# This is the most basic testscase:
+# * creating a valid interval set
+# * referencing it from a valid rule
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+echo "
+table inet t {
+ set s1 {
+ type ipv4_addr
+ flags interval
+ elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
+ }
+ set s2 {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/64, fe11::-fe22::}
+ }
+ set s3 {
+ type inet_proto
+ flags interval
+ elements = { 10-20, 50-60}
+ }
+ set s4 {
+ type inet_service
+ flags interval
+ elements = {8080-8082, 0-1024, 10000-40000}
+ }
+ chain c {
+ ip saddr @s1 accept
+ ip6 daddr @s2 accept
+ ip protocol @s3 accept
+ ip6 nexthdr @s3 accept
+ tcp dport @s4 accept
+ }
+}" > $tmpfile
+
+set -e
+$NFT -f $tmpfile
diff --git a/tests/shell/testcases/sets/0002named_interval_automerging_0 b/tests/shell/testcases/sets/0002named_interval_automerging_0
new file mode 100755
index 00000000..b07e0b09
--- /dev/null
+++ b/tests/shell/testcases/sets/0002named_interval_automerging_0
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# This testscase checks the automerging of adjacent intervals
+
+set -e
+
+$NFT add table t
+$NFT add set t s { type ipv4_addr \; flags interval \; }
+$NFT add element t s { 192.168.0.0/24, 192.168.1.0/24 }
+$NFT list ruleset | grep "192.168.0.0/23" >/dev/null && exit 0
+echo "E: automerging of adjavect intervals failed in named set" >&2
+exit 1
diff --git a/tests/shell/testcases/sets/0003named_interval_missing_flag_0 b/tests/shell/testcases/sets/0003named_interval_missing_flag_0
new file mode 100755
index 00000000..e0b7f74c
--- /dev/null
+++ b/tests/shell/testcases/sets/0003named_interval_missing_flag_0
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# This testscase checks the nft checking of flags in named intervals
+
+set -e
+$NFT add table t
+$NFT add set t s { type ipv4_addr \; }
+if $NFT add element t s { 192.168.0.0/24, 192.168.1.0/24 } 2>/dev/null ; then
+ echo "E: accepted interval in named set without proper flags" >&2
+ exit 1
+fi
+exit 0
diff --git a/tests/shell/testcases/sets/0004named_interval_shadow_0 b/tests/shell/testcases/sets/0004named_interval_shadow_0
new file mode 100755
index 00000000..827423d5
--- /dev/null
+++ b/tests/shell/testcases/sets/0004named_interval_shadow_0
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# This testscase checks the nft checking of shadowed elements
+
+set -e
+$NFT add table inet t
+$NFT add set inet t s { type ipv6_addr \; flags interval \; }
+$NFT add element inet t s { fe00::/64 }
+if $NFT add element inet t s { fe00::/48 } 2>/dev/null ; then
+ echo "E: accepted shadowed element in named set" >&2
+ exit 1
+fi
+exit 0
diff --git a/tests/shell/testcases/sets/0005named_interval_shadow_0 b/tests/shell/testcases/sets/0005named_interval_shadow_0
new file mode 100755
index 00000000..14fcbdca
--- /dev/null
+++ b/tests/shell/testcases/sets/0005named_interval_shadow_0
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# This testscase checks the nft checking of shadowed elements
+
+set -e
+$NFT add table inet t
+$NFT add set inet t s { type ipv6_addr \; flags interval \; }
+$NFT add element inet t s { fe00::/48 }
+if $NFT add element inet t s { fe00::/64 } 2>/dev/null ; then
+ echo "E: accepted shadowed element in named set" >&2
+ exit 1
+fi
+exit 0