diff options
125 files changed, 711 insertions, 565 deletions
diff --git a/tests/shell/README b/tests/shell/README index 3ffe642c..e6d83bce 100644 --- a/tests/shell/README +++ b/tests/shell/README @@ -1,5 +1,5 @@ This test-suite is intended to perform tests of higher level than -the other reggresion test-suite. +the other regression test-suite. It can run arbitrary executables which can perform any test apart of testing the nft syntax or netlink code (which is what the regression tests does). @@ -15,6 +15,9 @@ test-files can be spread in any sub-directories. You can turn on a verbose execution by calling: % ./run-tests.sh -v +And generate missing dump files with: + % ./run-tests.sh -g <TESTFILE> + Before each call to the test-files, `nft flush ruleset' will be called. Also, test-files will receive the environment variable $NFT which contains the path to the nftables binary being tested. diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index 3eee99df..d2f3e96b 100755 --- a/tests/shell/run-tests.sh +++ b/tests/shell/run-tests.sh @@ -4,6 +4,8 @@ TESTDIR="./$(dirname $0)/" RETURNCODE_SEPARATOR="_" SRC_NFT="$(dirname $0)/../../src/nft" +POSITIVE_RET=0 +DIFF=$(which diff) msg_error() { echo "E: $1 ..." >&2 @@ -43,6 +45,16 @@ if [ ! -x "$MODPROBE" ] ; then msg_error "no modprobe binary found" fi +if [ "$1" == "-v" ] ; then + VERBOSE=y + shift +fi + +if [ "$1" == "-g" ] ; then + DUMPGEN=y + shift +fi + if [ -x "$1" ] ; then if grep ^.*${RETURNCODE_SEPARATOR}[0-9]\\+$ <<< $1 >/dev/null ; then SINGLE=$1 @@ -50,10 +62,6 @@ if [ -x "$1" ] ; then fi fi -if [ "$1" == "-v" ] ; then - VERBOSE=y -fi - kernel_cleanup() { $NFT flush ruleset $MODPROBE -raq \ @@ -97,9 +105,33 @@ do echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line if [ "$rc_got" == "$rc_spec" ] ; then - msg_info "[OK] $testfile" - [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output" - ((ok++)) + # check nft dump only for positive tests + rc_spec="${POSITIVE_RET}" + dumppath="$(dirname ${testfile})/dumps" + dumpfile="${dumppath}/$(basename ${testfile}).nft" + if [ "$rc_got" == "${POSITIVE_RET}" ] && [ -f ${dumpfile} ]; then + test_output=$(${DIFF} ${dumpfile} <(nft list ruleset) 2>&1) + rc_spec=$? + fi + + if [ "$rc_spec" == "${POSITIVE_RET}" ]; then + msg_info "[OK] $testfile" + [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output" + ((ok++)) + + if [ "$DUMPGEN" == "y" ] && [ "$rc_got" == "${POSITIVE_RET}" ] && [ ! -f "${dumpfile}" ]; then + mkdir -p "${dumppath}" + nft list ruleset > "${dumpfile}" + fi + else + ((failed++)) + if [ "$VERBOSE" == "y" ] ; then + msg_warn "[DUMP FAIL] $testfile: dump diff detected" + [ ! -z "$test_output" ] && echo "$test_output" + else + msg_warn "[DUMP FAIL] $testfile" + fi + fi else ((failed++)) if [ "$VERBOSE" == "y" ] ; then diff --git a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft new file mode 100644 index 00000000..f6dd6541 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft @@ -0,0 +1,12 @@ +table inet test { + set test { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain test { + ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept + ip saddr @test counter packets 0 bytes 0 accept + ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept + } +} diff --git a/tests/shell/testcases/cache/dumps/0002_interval_0.nft b/tests/shell/testcases/cache/dumps/0002_interval_0.nft new file mode 100644 index 00000000..6a081320 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0002_interval_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv4_addr + flags interval + elements = { 192.168.0.0/24 } + } +} diff --git a/tests/shell/testcases/chains/0016delete_handle_0 b/tests/shell/testcases/chains/0016delete_handle_0 index cf11da8a..677fba37 100755 --- a/tests/shell/testcases/chains/0016delete_handle_0 +++ b/tests/shell/testcases/chains/0016delete_handle_0 @@ -11,26 +11,3 @@ $NFT add chain ip6 test-ip6 y # should have handle 2 $NFT add chain ip6 test-ip6 z # should have handle 3 $NFT delete chain test-ip handle 2 $NFT delete chain ip6 test-ip6 handle 3 - -EXPECTED="table ip test-ip { - chain x { - } - - chain z { - } -} -table ip6 test-ip6 { - chain x { - } - - chain y { - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/chains/dumps/0001jumps_0.nft b/tests/shell/testcases/chains/dumps/0001jumps_0.nft new file mode 100644 index 00000000..7054cde4 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0001jumps_0.nft @@ -0,0 +1,64 @@ +table ip t { + chain c1 { + jump c2 + } + + chain c2 { + jump c3 + } + + chain c3 { + jump c4 + } + + chain c4 { + jump c5 + } + + chain c5 { + jump c6 + } + + chain c6 { + jump c7 + } + + chain c7 { + jump c8 + } + + chain c8 { + jump c9 + } + + chain c9 { + jump c10 + } + + chain c10 { + jump c11 + } + + chain c11 { + jump c12 + } + + chain c12 { + jump c13 + } + + chain c13 { + jump c14 + } + + chain c14 { + jump c15 + } + + chain c15 { + jump c16 + } + + chain c16 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0006masquerade_0.nft b/tests/shell/testcases/chains/dumps/0006masquerade_0.nft new file mode 100644 index 00000000..e4b9872b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0006masquerade_0.nft @@ -0,0 +1,6 @@ +table ip t { + chain c1 { + type nat hook postrouting priority 0; policy accept; + masquerade + } +} diff --git a/tests/shell/testcases/chains/dumps/0013rename_0.nft b/tests/shell/testcases/chains/dumps/0013rename_0.nft new file mode 100644 index 00000000..e4e0171c --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0013rename_0.nft @@ -0,0 +1,4 @@ +table ip t { + chain c2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft b/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft new file mode 100644 index 00000000..de6ee9c0 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft @@ -0,0 +1,20 @@ +table ip test-ip { + chain x { + } + + chain y { + } + + chain z { + } +} +table ip6 test-ip6 { + chain x { + } + + chain y { + } + + chain z { + } +} diff --git a/tests/shell/testcases/flowtable/0001flowtable_0 b/tests/shell/testcases/flowtable/0001flowtable_0 index 307f06f6..6d08e254 100755 --- a/tests/shell/testcases/flowtable/0001flowtable_0 +++ b/tests/shell/testcases/flowtable/0001flowtable_0 @@ -23,11 +23,3 @@ EXPECTED='table inet t { echo "$EXPECTED" > $tmpfile set -e $NFT -f $tmpfile - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft new file mode 100755 index 00000000..5188b207 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft @@ -0,0 +1,10 @@ +table inet t { + flowtable f { + hook ingress priority 10 + devices = { eth0, wlan0 } + } + + chain c { + flow offload @f + } +} diff --git a/tests/shell/testcases/import/vm_json_import_0 b/tests/shell/testcases/import/vm_json_import_0 index dc367f64..e5ecbcc4 100755 --- a/tests/shell/testcases/import/vm_json_import_0 +++ b/tests/shell/testcases/import/vm_json_import_0 @@ -61,11 +61,3 @@ $NFT -f $tmpfile $NFT export vm json > $tmpfile $NFT flush ruleset cat $tmpfile | $NFT import vm json - -RESULT="$($NFT list ruleset)" - - -if [ "$RULESET" != "$RESULT" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$RESULT") -fi diff --git a/tests/shell/testcases/include/dumps/0001absolute_0.nft b/tests/shell/testcases/include/dumps/0001absolute_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/include/dumps/0001absolute_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0002relative_0.nft b/tests/shell/testcases/include/dumps/0002relative_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/include/dumps/0002relative_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0003includepath_0.nft b/tests/shell/testcases/include/dumps/0003includepath_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/include/dumps/0003includepath_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0006glob_single_0.nft b/tests/shell/testcases/include/dumps/0006glob_single_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/include/dumps/0006glob_single_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0007glob_double_0.nft b/tests/shell/testcases/include/dumps/0007glob_double_0.nft new file mode 100644 index 00000000..f9cb080f --- /dev/null +++ b/tests/shell/testcases/include/dumps/0007glob_double_0.nft @@ -0,0 +1,4 @@ +table ip y { +} +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft new file mode 100644 index 00000000..8e818d2d --- /dev/null +++ b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} diff --git a/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft new file mode 100644 index 00000000..8e818d2d --- /dev/null +++ b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} diff --git a/tests/shell/testcases/listing/0001ruleset_0 b/tests/shell/testcases/listing/0001ruleset_0 index 1a3a73b1..19cb3b04 100755 --- a/tests/shell/testcases/listing/0001ruleset_0 +++ b/tests/shell/testcases/listing/0001ruleset_0 @@ -2,17 +2,6 @@ # list ruleset shows a table -EXPECTED="table ip test { -}" - set -e $NFT add table test -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/listing/0002ruleset_0 b/tests/shell/testcases/listing/0002ruleset_0 index 45121fb7..b4a535c4 100755 --- a/tests/shell/testcases/listing/0002ruleset_0 +++ b/tests/shell/testcases/listing/0002ruleset_0 @@ -5,12 +5,3 @@ EXPECTED="" set -e - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/listing/dumps/0001ruleset_0.nft b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft new file mode 100644 index 00000000..1c9f40c5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft @@ -0,0 +1,2 @@ +table ip test { +} diff --git a/tests/shell/testcases/maps/0005interval_map_add_many_elements_0 b/tests/shell/testcases/maps/0005interval_map_add_many_elements_0 index 55f90555..0714963d 100755 --- a/tests/shell/testcases/maps/0005interval_map_add_many_elements_0 +++ b/tests/shell/testcases/maps/0005interval_map_add_many_elements_0 @@ -56,18 +56,3 @@ n=$HOWMANY echo "add element x y { 10.${n}.${n}.0/24 : 10.0.${n}.${n} }" > $tmpfile $NFT -f $tmpfile - -EXPECTED="table ip x { - map y { - type ipv4_addr : ipv4_addr - flags interval - elements = { "$(generate_test)" } - } -}" -GET=$($NFT list ruleset) -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/maps/0006interval_map_overlap_0 b/tests/shell/testcases/maps/0006interval_map_overlap_0 index 8597639e..682ac65b 100755 --- a/tests/shell/testcases/maps/0006interval_map_overlap_0 +++ b/tests/shell/testcases/maps/0006interval_map_overlap_0 @@ -25,17 +25,3 @@ echo "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile $NFT -f $tmpfile -EXPECTED="table ip x { - map y { - type ipv4_addr : ipv4_addr - flags interval - elements = { 10.0.1.0/24 : 10.0.0.1, 10.0.2.0/24 : 10.0.0.2 } - } -}" -GET=$($NFT list ruleset) -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/maps/0007named_ifname_dtype_0 b/tests/shell/testcases/maps/0007named_ifname_dtype_0 index dcbcf2f0..5e51a605 100755 --- a/tests/shell/testcases/maps/0007named_ifname_dtype_0 +++ b/tests/shell/testcases/maps/0007named_ifname_dtype_0 @@ -26,10 +26,3 @@ set -e echo "$EXPECTED" > $tmpfile $NFT -f $tmpfile -GET="$($NFT list ruleset)" -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft b/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft new file mode 100644 index 00000000..ab992c4a --- /dev/null +++ b/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft @@ -0,0 +1,8 @@ +table ip x { + map y { + type ipv4_addr : ipv4_addr + flags interval + elements = { 10.1.1.0/24 : 10.0.1.1, 10.1.2.0/24 : 10.0.1.2, + 10.2.1.0/24 : 10.0.2.1, 10.2.2.0/24 : 10.0.2.2 } + } +} diff --git a/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft b/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft new file mode 100644 index 00000000..1f5343f4 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft @@ -0,0 +1,7 @@ +table ip x { + map y { + type ipv4_addr : ipv4_addr + flags interval + elements = { 10.0.1.0/24 : 10.0.0.1, 10.0.2.0/24 : 10.0.0.2 } + } +} diff --git a/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft b/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft new file mode 100644 index 00000000..878e7c06 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft @@ -0,0 +1,11 @@ +table inet t { + map m1 { + type ifname : ipv4_addr + elements = { "eth0" : 1.1.1.1 } + } + + chain c { + ip daddr set iifname map @m1 + ip daddr set oifname map @m1 + } +} diff --git a/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft b/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft new file mode 100644 index 00000000..5009560c --- /dev/null +++ b/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft @@ -0,0 +1,5 @@ +table ip nat { + chain postrouting { + snat to ip saddr map { 1.1.1.1 : 2.2.2.2 } + } +} diff --git a/tests/shell/testcases/maps/dumps/map_with_flags_0.nft b/tests/shell/testcases/maps/dumps/map_with_flags_0.nft new file mode 100644 index 00000000..c96b1ed2 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/map_with_flags_0.nft @@ -0,0 +1,6 @@ +table ip x { + map y { + type ipv4_addr : ipv4_addr + flags timeout + } +} diff --git a/tests/shell/testcases/maps/dumps/named_snat_map_0.nft b/tests/shell/testcases/maps/dumps/named_snat_map_0.nft new file mode 100644 index 00000000..a7c57518 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/named_snat_map_0.nft @@ -0,0 +1,10 @@ +table ip nat { + map m { + type ipv4_addr : ipv4_addr + elements = { 1.1.1.1 : 2.2.2.2 } + } + + chain postrouting { + snat to ip saddr map @m + } +} diff --git a/tests/shell/testcases/maps/map_with_flags_0 b/tests/shell/testcases/maps/map_with_flags_0 index 8774eb51..68bd80d2 100755 --- a/tests/shell/testcases/maps/map_with_flags_0 +++ b/tests/shell/testcases/maps/map_with_flags_0 @@ -4,18 +4,3 @@ set -e $NFT add table x $NFT add map x y { type ipv4_addr : ipv4_addr\; flags timeout\; } - -EXPECTED="table ip x { - map y { - type ipv4_addr : ipv4_addr - flags timeout - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0 index ddeb5423..19690544 100755 --- a/tests/shell/testcases/nft-f/0002rollback_rule_0 +++ b/tests/shell/testcases/nft-f/0002rollback_rule_0 @@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0 index 6c43df9d..f53fd238 100755 --- a/tests/shell/testcases/nft-f/0003rollback_jump_0 +++ b/tests/shell/testcases/nft-f/0003rollback_jump_0 @@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0 index 1dea85ec..7674106f 100755 --- a/tests/shell/testcases/nft-f/0004rollback_set_0 +++ b/tests/shell/testcases/nft-f/0004rollback_set_0 @@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0 index 777cc717..ba1fcc59 100755 --- a/tests/shell/testcases/nft-f/0005rollback_map_0 +++ b/tests/shell/testcases/nft-f/0005rollback_map_0 @@ -51,13 +51,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0 index dd03545b..b244d14e 100755 --- a/tests/shell/testcases/nft-f/0008split_tables_0 +++ b/tests/shell/testcases/nft-f/0008split_tables_0 @@ -29,22 +29,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table inet filter { - chain ssh { - type filter hook input priority 0; policy accept; - tcp dport ssh accept - } - - chain input { - type filter hook input priority 1; policy accept; - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft new file mode 100644 index 00000000..1211411f --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft @@ -0,0 +1,10 @@ +table inet filter { + chain ssh { + type filter hook input priority 0; policy accept; + tcp dport ssh accept + } + + chain input { + type filter hook input priority 1; policy accept; + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft new file mode 100644 index 00000000..a793751b --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft @@ -0,0 +1,7 @@ +table inet forward { + set concat-set-variable { + type ipv4_addr . inet_service + elements = { 10.10.10.10 . smtp, + 10.10.10.10 . imap2 } + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft new file mode 100644 index 00000000..1f3d05e8 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft @@ -0,0 +1,6 @@ +table inet filter { + set whitelist_v4 { + type ipv4_addr + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft new file mode 100644 index 00000000..e9eef4b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft @@ -0,0 +1,16 @@ +table inet t { + chain c { + iifname "whatever" oifname "whatever" iif "lo" oif "lo" + iifname { "whatever" } iif { "lo" } mark 0x0000007b + ct state established,related,new + ct state != established | related | new + ip saddr 10.0.0.0 ip saddr 10.0.0.0 ip daddr 10.0.0.2 + ip6 daddr fe0::1 ip6 saddr fe0::2 + ip saddr vmap { 10.0.0.0 : drop, 10.0.0.2 : accept } + ip6 daddr vmap { fe0::1 : drop, fe0::2 : accept } + ip6 saddr . ip6 nexthdr { fe0::1 . udp, fe0::2 . tcp } + ip daddr . iif vmap { 10.0.0.0 . "lo" : accept } + tcp dport 100-222 + udp dport vmap { 100-222 : accept } + } +} diff --git a/tests/shell/testcases/optionals/dumps/comments_0.nft b/tests/shell/testcases/optionals/dumps/comments_0.nft new file mode 100644 index 00000000..416a07e0 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_0.nft @@ -0,0 +1,5 @@ +table ip test { + chain test { + tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment" + } +} diff --git a/tests/shell/testcases/optionals/dumps/comments_handles_0.nft b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft new file mode 100644 index 00000000..416a07e0 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft @@ -0,0 +1,5 @@ +table ip test { + chain test { + tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment" + } +} diff --git a/tests/shell/testcases/optionals/dumps/handles_0.nft b/tests/shell/testcases/optionals/dumps/handles_0.nft new file mode 100644 index 00000000..eb0af811 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/handles_0.nft @@ -0,0 +1,5 @@ +table ip test { + chain test { + tcp dport ssh counter packets 0 bytes 0 accept + } +} diff --git a/tests/shell/testcases/rule_management/0001addposition_0 b/tests/shell/testcases/rule_management/0001addposition_0 index e66bfff3..ee90d923 100755 --- a/tests/shell/testcases/rule_management/0001addposition_0 +++ b/tests/shell/testcases/rule_management/0001addposition_0 @@ -9,19 +9,3 @@ $NFT add chain t c $NFT add rule t c accept # should have handle 2 $NFT add rule t c accept # should have handle 3 $NFT add rule t c position 2 drop - -EXPECTED="table ip t { - chain c { - accept - drop - accept - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/rule_management/0002insertposition_0 b/tests/shell/testcases/rule_management/0002insertposition_0 index cf8a568d..e9f886fb 100755 --- a/tests/shell/testcases/rule_management/0002insertposition_0 +++ b/tests/shell/testcases/rule_management/0002insertposition_0 @@ -9,19 +9,3 @@ $NFT add chain t c $NFT add rule t c accept # should have handle 2 $NFT add rule t c accept # should have handle 3 $NFT insert rule t c position 2 drop - -EXPECTED="table ip t { - chain c { - drop - accept - accept - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0 index 6691c166..329ccc20 100755 --- a/tests/shell/testcases/rule_management/0003insert_0 +++ b/tests/shell/testcases/rule_management/0003insert_0 @@ -9,19 +9,3 @@ $NFT add chain t c $NFT insert rule t c accept $NFT insert rule t c drop $NFT insert rule t c masquerade - -EXPECTED="table ip t { - chain c { - masquerade - drop - accept - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/rule_management/0004replace_0 b/tests/shell/testcases/rule_management/0004replace_0 index 6a4b9495..c3329af5 100755 --- a/tests/shell/testcases/rule_management/0004replace_0 +++ b/tests/shell/testcases/rule_management/0004replace_0 @@ -8,17 +8,3 @@ $NFT add table t $NFT add chain t c $NFT add rule t c accept # should have handle 2 $NFT replace rule t c handle 2 drop - -EXPECTED="table ip t { - chain c { - drop - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/rule_management/0007delete_0 b/tests/shell/testcases/rule_management/0007delete_0 index 126fe5dd..11376cc3 100755 --- a/tests/shell/testcases/rule_management/0007delete_0 +++ b/tests/shell/testcases/rule_management/0007delete_0 @@ -9,17 +9,3 @@ $NFT add chain t c $NFT add rule t c accept # should have handle 2 $NFT add rule t c drop # should have handle 3 $NFT delete rule t c handle 2 - -EXPECTED="table ip t { - chain c { - drop - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft new file mode 100644 index 00000000..e282e13b --- /dev/null +++ b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft @@ -0,0 +1,7 @@ +table ip t { + chain c { + accept + drop + accept + } +} diff --git a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft new file mode 100644 index 00000000..527d79d6 --- /dev/null +++ b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft @@ -0,0 +1,7 @@ +table ip t { + chain c { + drop + accept + accept + } +} diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft new file mode 100644 index 00000000..9421f4ae --- /dev/null +++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft @@ -0,0 +1,7 @@ +table ip t { + chain c { + masquerade + drop + accept + } +} diff --git a/tests/shell/testcases/rule_management/dumps/0004replace_0.nft b/tests/shell/testcases/rule_management/dumps/0004replace_0.nft new file mode 100644 index 00000000..e20952ef --- /dev/null +++ b/tests/shell/testcases/rule_management/dumps/0004replace_0.nft @@ -0,0 +1,5 @@ +table ip t { + chain c { + drop + } +} diff --git a/tests/shell/testcases/rule_management/dumps/0007delete_0.nft b/tests/shell/testcases/rule_management/dumps/0007delete_0.nft new file mode 100644 index 00000000..e20952ef --- /dev/null +++ b/tests/shell/testcases/rule_management/dumps/0007delete_0.nft @@ -0,0 +1,5 @@ +table ip t { + chain c { + drop + } +} diff --git a/tests/shell/testcases/sets/0012add_delete_many_elements_0 b/tests/shell/testcases/sets/0012add_delete_many_elements_0 index 7a5f8c69..7e7beebd 100755 --- a/tests/shell/testcases/sets/0012add_delete_many_elements_0 +++ b/tests/shell/testcases/sets/0012add_delete_many_elements_0 @@ -31,16 +31,3 @@ delete element x y $(generate)" > $tmpfile set -e $NFT -f $tmpfile - -EXPECTED="table ip x { - set y { - type ipv4_addr - } -}" -GET=$($NFT list ruleset) -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/sets/0013add_delete_many_elements_0 b/tests/shell/testcases/sets/0013add_delete_many_elements_0 index 265a5540..5774317b 100755 --- a/tests/shell/testcases/sets/0013add_delete_many_elements_0 +++ b/tests/shell/testcases/sets/0013add_delete_many_elements_0 @@ -32,17 +32,3 @@ add element x y $(generate)" > $tmpfile $NFT -f $tmpfile echo "delete element x y $(generate)" > $tmpfile $NFT -f $tmpfile - - -EXPECTED="table ip x { - set y { - type ipv4_addr - } -}" -GET=$($NFT list ruleset) -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0 index 763d9ae1..4779f264 100755 --- a/tests/shell/testcases/sets/0021nesting_0 +++ b/tests/shell/testcases/sets/0021nesting_0 @@ -30,17 +30,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - chain y { - ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 } - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0 index 8b7ab982..92f4a4ad 100755 --- a/tests/shell/testcases/sets/0029named_ifname_dtype_0 +++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0 @@ -25,11 +25,3 @@ EXPECTED="table inet t { set -e echo "$EXPECTED" > $tmpfile $NFT -f $tmpfile - -GET="$($NFT list ruleset)" -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi - diff --git a/tests/shell/testcases/sets/dumps/0001named_interval_0.nft b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft new file mode 100644 index 00000000..3049aa84 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft @@ -0,0 +1,34 @@ +table inet t { + set s1 { + type ipv4_addr + flags interval + elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 } + } + + set s2 { + type ipv6_addr + flags interval + elements = { fe00::/64, + fe11::-fe22:: } + } + + set s3 { + type inet_proto + flags interval + elements = { 10-20, 50-60 } + } + + set s4 { + type inet_service + flags interval + elements = { 0-1024, 8080-8082, 10000-40000 } + } + + chain c { + ip saddr @s1 accept + ip6 daddr @s2 accept + ip protocol @s3 accept + ip6 nexthdr @s3 accept + tcp dport @s4 accept + } +} diff --git a/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft new file mode 100644 index 00000000..452ee23e --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft @@ -0,0 +1,7 @@ +table ip t { + set s { + type ipv4_addr + flags interval + elements = { 192.168.0.0/24, 192.168.1.0/24 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft new file mode 100644 index 00000000..70c32a85 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft @@ -0,0 +1,5 @@ +table ip t { + set s { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft new file mode 100644 index 00000000..940030a1 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv6_addr + flags interval + elements = { fe00::/64 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft new file mode 100644 index 00000000..4224d9da --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv6_addr + flags interval + elements = { fe00::/48 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0006create_set_0.nft b/tests/shell/testcases/sets/dumps/0006create_set_0.nft new file mode 100644 index 00000000..70c32a85 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0006create_set_0.nft @@ -0,0 +1,5 @@ +table ip t { + set s { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0007create_element_0.nft b/tests/shell/testcases/sets/dumps/0007create_element_0.nft new file mode 100644 index 00000000..169be117 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0007create_element_0.nft @@ -0,0 +1,6 @@ +table ip t { + set s { + type ipv4_addr + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft new file mode 100644 index 00000000..5e7a7680 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft @@ -0,0 +1,7 @@ +table ip t { + set s { + type ipv4_addr + flags interval + elements = { 1.1.1.1 comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft new file mode 100644 index 00000000..ab0fe80d --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft @@ -0,0 +1,13 @@ +table ip t { + map sourcemap { + type ipv4_addr : verdict + elements = { 100.123.10.2 : jump c } + } + + chain postrouting { + ip saddr vmap @sourcemap accept + } + + chain c { + } +} diff --git a/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft new file mode 100644 index 00000000..455ebe3e --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft @@ -0,0 +1,7 @@ +table ip t { + set s { + type ipv4_addr + flags timeout + elements = { 1.1.1.1 comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0010comments_0.nft b/tests/shell/testcases/sets/dumps/0010comments_0.nft new file mode 100644 index 00000000..6e42ec4b --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0010comments_0.nft @@ -0,0 +1,6 @@ +table inet t { + set s { + type ipv6_addr + elements = { ::1 comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft new file mode 100644 index 00000000..e3d4aee6 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft @@ -0,0 +1,5 @@ +table ip x { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft new file mode 100644 index 00000000..e3d4aee6 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft @@ -0,0 +1,5 @@ +table ip x { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft new file mode 100644 index 00000000..f6eddbf8 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft @@ -0,0 +1,11 @@ +table ip t { + chain c { + } +} +table inet filter { + set blacklist_v4 { + type ipv4_addr + flags interval + elements = { 192.168.0.0/24 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0016element_leak_0.nft b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft new file mode 100644 index 00000000..9d2b0afe --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft @@ -0,0 +1,7 @@ +table ip x { + set s { + type ipv4_addr + size 2 + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft new file mode 100644 index 00000000..9d2b0afe --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft @@ -0,0 +1,7 @@ +table ip x { + set s { + type ipv4_addr + size 2 + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft new file mode 100644 index 00000000..8cd37076 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft @@ -0,0 +1,7 @@ +table ip x { + set s { + type ipv4_addr + size 2 + elements = { 1.1.1.1, 1.1.1.2 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft new file mode 100644 index 00000000..d5330848 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft @@ -0,0 +1,6 @@ +table inet t { + set s { + type inet_service + elements = { ssh comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0021nesting_0.nft b/tests/shell/testcases/sets/dumps/0021nesting_0.nft new file mode 100644 index 00000000..6fd2a441 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0021nesting_0.nft @@ -0,0 +1,5 @@ +table ip x { + chain y { + ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft new file mode 100644 index 00000000..3dd97602 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft @@ -0,0 +1,13 @@ +table ip t { + set s { + type ipv4_addr + } + + map m { + type ipv4_addr : inet_service + } + + chain c { + tcp dport http meter f { ip saddr limit rate 10/second} + } +} diff --git a/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft @@ -0,0 +1,2 @@ +table ip t { +} diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft new file mode 100644 index 00000000..929c5d93 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft @@ -0,0 +1,28 @@ +table inet x { + counter user123 { + packets 12 bytes 1433 + } + + quota user123 { + over 2000 bytes + } + + quota user124 { + over 2000 bytes + } + + set y { + type ipv4_addr + } + + map test { + type ipv4_addr : quota + elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" } + } + + chain y { + type filter hook input priority 0; policy accept; + counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" } + quota name ip saddr map @test drop + } +} diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft new file mode 100644 index 00000000..c823ae9d --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft @@ -0,0 +1,7 @@ +table ip t { + chain c { + type filter hook output priority 0; policy accept; + ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } + tcp dport { ssh, telnet } counter packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft new file mode 100644 index 00000000..0d1f1254 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft @@ -0,0 +1,10 @@ +table ip filter { + limit http-traffic { + rate 1/second + } + + chain input { + type filter hook input priority 0; policy accept; + limit name tcp dport map { http : "http-traffic", https : "http-traffic" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft new file mode 100644 index 00000000..c49eefae --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv6_addr + flags interval + elements = { ::ffff:0.0.0.0/96 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft new file mode 100644 index 00000000..2c82e57d --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft @@ -0,0 +1,11 @@ +table inet t { + set s { + type ifname + elements = { "eth0" } + } + + chain c { + iifname @s accept + oifname @s accept + } +} diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0 index 0bde1018..83f9fd0d 100755 --- a/tests/shell/testcases/transactions/0001table_0 +++ b/tests/shell/testcases/transactions/0001table_0 @@ -21,16 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { -} -table ip y { -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0 index c5f319e4..dbd2f4ab 100755 --- a/tests/shell/testcases/transactions/0002table_0 +++ b/tests/shell/testcases/transactions/0002table_0 @@ -21,15 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - flags dormant -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0 index f17285e5..004ce513 100755 --- a/tests/shell/testcases/transactions/0003table_0 +++ b/tests/shell/testcases/transactions/0003table_0 @@ -20,13 +20,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0 index f4c1fbd1..d1918680 100755 --- a/tests/shell/testcases/transactions/0010chain_0 +++ b/tests/shell/testcases/transactions/0010chain_0 @@ -22,16 +22,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip w { - chain y { - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0 index 71afa6ed..aac33d56 100755 --- a/tests/shell/testcases/transactions/0011chain_0 +++ b/tests/shell/testcases/transactions/0011chain_0 @@ -22,17 +22,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - chain y { - type filter hook input priority 0; policy drop; - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0 index 757bc750..c3bfe130 100755 --- a/tests/shell/testcases/transactions/0012chain_0 +++ b/tests/shell/testcases/transactions/0012chain_0 @@ -26,17 +26,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip w { - chain y { - type filter hook output priority 0; policy accept; - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0 index 2c75bd4f..67c31c8a 100755 --- a/tests/shell/testcases/transactions/0013chain_0 +++ b/tests/shell/testcases/transactions/0013chain_0 @@ -27,17 +27,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip w { - chain y { - type filter hook output priority 0; policy accept; - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0 index 1ad43625..e38634d3 100755 --- a/tests/shell/testcases/transactions/0020rule_0 +++ b/tests/shell/testcases/transactions/0020rule_0 @@ -21,13 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0 index 2467124f..284a9e71 100755 --- a/tests/shell/testcases/transactions/0021rule_0 +++ b/tests/shell/testcases/transactions/0021rule_0 @@ -24,17 +24,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - chain y { - ip saddr 2.2.2.2 counter packets 0 bytes 0 - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0 index 1fefb944..ad08b7e5 100755 --- a/tests/shell/testcases/transactions/0030set_0 +++ b/tests/shell/testcases/transactions/0030set_0 @@ -21,14 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0 index 87848b4b..6c5757cc 100755 --- a/tests/shell/testcases/transactions/0031set_0 +++ b/tests/shell/testcases/transactions/0031set_0 @@ -21,17 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - set y { - type ipv4_addr - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0 index d4d7e7ed..1b41cf09 100755 --- a/tests/shell/testcases/transactions/0032set_0 +++ b/tests/shell/testcases/transactions/0032set_0 @@ -22,17 +22,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip w { - set y { - type ipv4_addr - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0 index b73b6fc8..19543b3c 100755 --- a/tests/shell/testcases/transactions/0033set_0 +++ b/tests/shell/testcases/transactions/0033set_0 @@ -20,14 +20,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0 index 25e65007..4cddb94d 100755 --- a/tests/shell/testcases/transactions/0034set_0 +++ b/tests/shell/testcases/transactions/0034set_0 @@ -21,17 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - set y { - type ipv4_addr - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0 index 0788e2fe..9b20746b 100755 --- a/tests/shell/testcases/transactions/0035set_0 +++ b/tests/shell/testcases/transactions/0035set_0 @@ -23,18 +23,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - set y { - type ipv4_addr - elements = { 3.3.3.3 } - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0 index 3e48c801..75b1d453 100755 --- a/tests/shell/testcases/transactions/0037set_0 +++ b/tests/shell/testcases/transactions/0037set_0 @@ -21,18 +21,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - set y { - type ipv4_addr - flags interval - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0 index 76550755..3120e916 100755 --- a/tests/shell/testcases/transactions/0038set_0 +++ b/tests/shell/testcases/transactions/0038set_0 @@ -23,19 +23,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - set y { - type ipv4_addr - flags interval - elements = { 192.168.4.0/24 } - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0 index 76550755..3120e916 100755 --- a/tests/shell/testcases/transactions/0039set_0 +++ b/tests/shell/testcases/transactions/0039set_0 @@ -23,19 +23,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table ip x { - set y { - type ipv4_addr - flags interval - elements = { 192.168.4.0/24 } - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0 index 241703d9..0ffc4416 100755 --- a/tests/shell/testcases/transactions/0040set_0 +++ b/tests/shell/testcases/transactions/0040set_0 @@ -51,26 +51,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -GET="$($NFT list ruleset)" - -EXPECTED="table ip filter { - map client_to_any { - type ipv4_addr : verdict - } - - chain FORWARD { - type filter hook forward priority 0; policy accept; - goto client_to_any - } - - chain client_to_any { - ip saddr vmap @client_to_any - } -}" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/transactions/dumps/0001table_0.nft b/tests/shell/testcases/transactions/dumps/0001table_0.nft new file mode 100644 index 00000000..e4e5f9b1 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0001table_0.nft @@ -0,0 +1,4 @@ +table ip x { +} +table ip y { +} diff --git a/tests/shell/testcases/transactions/dumps/0002table_0.nft b/tests/shell/testcases/transactions/dumps/0002table_0.nft new file mode 100644 index 00000000..6eb70726 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0002table_0.nft @@ -0,0 +1,3 @@ +table ip x { + flags dormant +} diff --git a/tests/shell/testcases/transactions/dumps/0010chain_0.nft b/tests/shell/testcases/transactions/dumps/0010chain_0.nft new file mode 100644 index 00000000..aa4a521f --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0010chain_0.nft @@ -0,0 +1,4 @@ +table ip w { + chain y { + } +} diff --git a/tests/shell/testcases/transactions/dumps/0011chain_0.nft b/tests/shell/testcases/transactions/dumps/0011chain_0.nft new file mode 100644 index 00000000..02cdb238 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0011chain_0.nft @@ -0,0 +1,5 @@ +table ip x { + chain y { + type filter hook input priority 0; policy drop; + } +} diff --git a/tests/shell/testcases/transactions/dumps/0012chain_0.nft b/tests/shell/testcases/transactions/dumps/0012chain_0.nft new file mode 100644 index 00000000..1fddecbb --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0012chain_0.nft @@ -0,0 +1,5 @@ +table ip w { + chain y { + type filter hook output priority 0; policy accept; + } +} diff --git a/tests/shell/testcases/transactions/dumps/0013chain_0.nft b/tests/shell/testcases/transactions/dumps/0013chain_0.nft new file mode 100644 index 00000000..1fddecbb --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0013chain_0.nft @@ -0,0 +1,5 @@ +table ip w { + chain y { + type filter hook output priority 0; policy accept; + } +} diff --git a/tests/shell/testcases/transactions/dumps/0021rule_0.nft b/tests/shell/testcases/transactions/dumps/0021rule_0.nft new file mode 100644 index 00000000..a6c41309 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0021rule_0.nft @@ -0,0 +1,5 @@ +table ip x { + chain y { + ip saddr 2.2.2.2 counter packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/transactions/dumps/0030set_0.nft b/tests/shell/testcases/transactions/dumps/0030set_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0030set_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/transactions/dumps/0031set_0.nft b/tests/shell/testcases/transactions/dumps/0031set_0.nft new file mode 100644 index 00000000..e3d4aee6 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0031set_0.nft @@ -0,0 +1,5 @@ +table ip x { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/transactions/dumps/0032set_0.nft b/tests/shell/testcases/transactions/dumps/0032set_0.nft new file mode 100644 index 00000000..7d11892a --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0032set_0.nft @@ -0,0 +1,5 @@ +table ip w { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/transactions/dumps/0033set_0.nft b/tests/shell/testcases/transactions/dumps/0033set_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0033set_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/transactions/dumps/0034set_0.nft b/tests/shell/testcases/transactions/dumps/0034set_0.nft new file mode 100644 index 00000000..e3d4aee6 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0034set_0.nft @@ -0,0 +1,5 @@ +table ip x { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/transactions/dumps/0035set_0.nft b/tests/shell/testcases/transactions/dumps/0035set_0.nft new file mode 100644 index 00000000..e1114947 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0035set_0.nft @@ -0,0 +1,6 @@ +table ip x { + set y { + type ipv4_addr + elements = { 3.3.3.3 } + } +} diff --git a/tests/shell/testcases/transactions/dumps/0037set_0.nft b/tests/shell/testcases/transactions/dumps/0037set_0.nft new file mode 100644 index 00000000..ca69cee2 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0037set_0.nft @@ -0,0 +1,6 @@ +table ip x { + set y { + type ipv4_addr + flags interval + } +} diff --git a/tests/shell/testcases/transactions/dumps/0038set_0.nft b/tests/shell/testcases/transactions/dumps/0038set_0.nft new file mode 100644 index 00000000..651a11bf --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0038set_0.nft @@ -0,0 +1,7 @@ +table ip x { + set y { + type ipv4_addr + flags interval + elements = { 192.168.4.0/24 } + } +} diff --git a/tests/shell/testcases/transactions/dumps/0039set_0.nft b/tests/shell/testcases/transactions/dumps/0039set_0.nft new file mode 100644 index 00000000..651a11bf --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0039set_0.nft @@ -0,0 +1,7 @@ +table ip x { + set y { + type ipv4_addr + flags interval + elements = { 192.168.4.0/24 } + } +} diff --git a/tests/shell/testcases/transactions/dumps/0040set_0.nft b/tests/shell/testcases/transactions/dumps/0040set_0.nft new file mode 100644 index 00000000..fe864058 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/0040set_0.nft @@ -0,0 +1,14 @@ +table ip filter { + map client_to_any { + type ipv4_addr : verdict + } + + chain FORWARD { + type filter hook forward priority 0; policy accept; + goto client_to_any + } + + chain client_to_any { + ip saddr vmap @client_to_any + } +} |