summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--tests/py/inet/sets.t18
-rw-r--r--tests/py/inet/sets.t.payload.bridge15
-rw-r--r--tests/py/inet/sets.t.payload.inet17
-rw-r--r--tests/py/inet/sets.t.payload.netdev16
-rw-r--r--tests/py/ip/sets.t16
-rw-r--r--tests/py/ip6/sets.t6
-rwxr-xr-xtests/py/nft-test.py25
7 files changed, 94 insertions, 19 deletions
diff --git a/tests/py/inet/sets.t b/tests/py/inet/sets.t
new file mode 100644
index 00000000..8f1cbff7
--- /dev/null
+++ b/tests/py/inet/sets.t
@@ -0,0 +1,18 @@
+:input;type filter hook input priority 0
+:ingress;type filter hook ingress device lo priority 0
+
+*inet;test-inet;input
+*bridge;test-inet;input
+*netdev;test-netdev;ingress
+
+!set1 type ipv4_addr timeout 60s;ok
+?set1 192.168.3.4 timeout 30s, 10.2.1.1;ok
+
+!set2 type ipv6_addr timeout 23d23h59m59s;ok
+?set2 dead::beef timeout 1s;ok
+
+ip saddr @set1 drop;ok
+ip saddr != @set2 drop;fail
+
+ip6 daddr != @set2 accept;ok
+ip6 daddr @set1 drop;fail
diff --git a/tests/py/inet/sets.t.payload.bridge b/tests/py/inet/sets.t.payload.bridge
new file mode 100644
index 00000000..6f21f827
--- /dev/null
+++ b/tests/py/inet/sets.t.payload.bridge
@@ -0,0 +1,15 @@
+# ip saddr @set1 drop
+bridge test-inet input
+ [ payload load 2b @ link header + 12 => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ lookup reg 1 set set1 ]
+ [ immediate reg 0 drop ]
+
+# ip6 daddr != @set2 accept
+bridge test-inet input
+ [ payload load 2b @ link header + 12 => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ lookup reg 1 set set2 0x1 ]
+ [ immediate reg 0 accept ]
diff --git a/tests/py/inet/sets.t.payload.inet b/tests/py/inet/sets.t.payload.inet
new file mode 100644
index 00000000..1584fc07
--- /dev/null
+++ b/tests/py/inet/sets.t.payload.inet
@@ -0,0 +1,17 @@
+# ip saddr @set1 drop
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ lookup reg 1 set set1 ]
+ [ immediate reg 0 drop ]
+
+# ip6 daddr != @set2 accept
+inet test-inet input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ lookup reg 1 set set2 0x1 ]
+ [ immediate reg 0 accept ]
+
+
diff --git a/tests/py/inet/sets.t.payload.netdev b/tests/py/inet/sets.t.payload.netdev
new file mode 100644
index 00000000..9c94e384
--- /dev/null
+++ b/tests/py/inet/sets.t.payload.netdev
@@ -0,0 +1,16 @@
+# ip saddr @set1 drop
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ lookup reg 1 set set1 ]
+ [ immediate reg 0 drop ]
+
+# ip6 daddr != @set2 accept
+netdev test-netdev ingress
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ lookup reg 1 set set2 0x1 ]
+ [ immediate reg 0 accept ]
+
diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t
index 658579aa..7b7e0722 100644
--- a/tests/py/ip/sets.t
+++ b/tests/py/ip/sets.t
@@ -14,19 +14,19 @@
?set1 192.168.3.4;ok
?set1 192.168.3.4;ok
-?set1 192.168.3.5 192.168.3.6;ok
-?set1 192.168.3.5 192.168.3.6;ok
-?set1 192.168.3.8 192.168.3.9;ok
-?set1 192.168.3.10 192.168.3.11;ok
+?set1 192.168.3.5, 192.168.3.6;ok
+?set1 192.168.3.5, 192.168.3.6;ok
+?set1 192.168.3.8, 192.168.3.9;ok
+?set1 192.168.3.10, 192.168.3.11;ok
?set1 1234:1234:1234:1234:1234:1234:1234:1234;fail
?set2 192.168.3.4;fail
!set2 type ipv4_addr;ok
?set2 192.168.3.4;ok
-?set2 192.168.3.5 192.168.3.6;ok
-?set2 192.168.3.5 192.168.3.6;ok
-?set2 192.168.3.8 192.168.3.9;ok
-?set2 192.168.3.10 192.168.3.11;ok
+?set2 192.168.3.5, 192.168.3.6;ok
+?set2 192.168.3.5, 192.168.3.6;ok
+?set2 192.168.3.8, 192.168.3.9;ok
+?set2 192.168.3.10, 192.168.3.11;ok
ip saddr @set1 drop;ok
ip saddr != @set1 drop;ok
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
index d5bcf74d..5adec53f 100644
--- a/tests/py/ip6/sets.t
+++ b/tests/py/ip6/sets.t
@@ -15,8 +15,8 @@
?set2 1234:1234::1234:1234:1234:1234:1234;ok
?set2 1234:1234::1234:1234:1234:1234:1234;ok
?set2 1234::1234:1234:1234;ok
-?set2 1234:1234:1234:1234:1234::1234:1234 1234:1234::123;ok
-?set2 192.168.3.8 192.168.3.9;fail
+?set2 1234:1234:1234:1234:1234::1234:1234, 1234:1234::123;ok
+?set2 192.168.3.8, 192.168.3.9;fail
?set2 1234:1234::1234:1234:1234:1234;ok
?set2 1234:1234::1234:1234:1234:1234;ok
?set2 1234:1234:1234::1234;ok
@@ -34,7 +34,7 @@ ip6 saddr != @set33 drop;fail
?set3 1324:1234:1234:1236::/64;ok
!set4 type ipv6_addr flags interval;ok
-?set4 1234:1234:1234:1234::/64 4321:1234:1234:1234::/64;ok
+?set4 1234:1234:1234:1234::/64,4321:1234:1234:1234::/64;ok
?set4 4321:1234:1234:1234:1234:1234::/96;fail
!set5 type ipv6_addr . ipv6_addr;ok
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index d4b22817..c00782d3 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -77,11 +77,12 @@ class Table:
class Set:
"""Class that represents a set"""
- def __init__(self, family, table, name, type, flags):
+ def __init__(self, family, table, name, type, timeout, flags):
self.family = family
self.table = table
self.name = name
self.type = type
+ self.timeout = timeout
self.flags = flags
def __eq__(self, other):
@@ -321,7 +322,7 @@ def set_add(s, test_result, filename, lineno):
if flags != "":
flags = "flags %s; " % flags
- cmd = "add set %s %s { type %s; %s}" % (table, s.name, s.type, flags)
+ cmd = "add set %s %s { type %s;%s %s}" % (table, s.name, s.type, s.timeout, flags)
ret = execute_cmd(cmd, filename, lineno)
if (ret == 0 and test_result == "fail") or \
@@ -850,22 +851,28 @@ def chain_process(chain_line, lineno):
def set_process(set_line, filename, lineno):
test_result = set_line[1]
+ timeout=""
tokens = set_line[0].split(" ")
set_name = tokens[0]
set_type = tokens[2]
+ set_flags = ""
i = 3
while len(tokens) > i and tokens[i] == ".":
set_type += " . " + tokens[i+1]
i += 2
+ if len(tokens) == i+2 and tokens[i] == "timeout":
+ timeout = "timeout " + tokens[i+1] + ";"
+ i += 2
+
if len(tokens) == i+2 and tokens[i] == "flags":
set_flags = tokens[i+1]
- else:
- set_flags = ""
+ elif len(tokens) != i:
+ print_error(set_name + " bad flag: " + tokens[i], filename, lineno)
- s = Set("", "", set_name, set_type, set_flags)
+ s = Set("", "", set_name, set_type, timeout, set_flags)
ret = set_add(s, test_result, filename, lineno)
if ret == 0:
@@ -876,9 +883,11 @@ def set_process(set_line, filename, lineno):
def set_element_process(element_line, filename, lineno):
rule_state = element_line[1]
- set_name = element_line[0].split(" ")[0]
- set_element = element_line[0].split(" ")
- set_element.remove(set_name)
+ element_line = element_line[0]
+ space = element_line.find(" ")
+ set_name = element_line[:space]
+ set_element = element_line[space:].split(",")
+
return set_add_elements(set_element, set_name, rule_state, filename, lineno)