diff options
Diffstat (limited to 'tests/shell/testcases/json')
16 files changed, 468 insertions, 7 deletions
diff --git a/tests/shell/testcases/json/0001set_statements_0 b/tests/shell/testcases/json/0001set_statements_0 index 1c72d35b..fc4941f4 100755 --- a/tests/shell/testcases/json/0001set_statements_0 +++ b/tests/shell/testcases/json/0001set_statements_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) + set -e $NFT flush ruleset diff --git a/tests/shell/testcases/json/0002table_map_0 b/tests/shell/testcases/json/0002table_map_0 index 4b54527b..a1e9f263 100755 --- a/tests/shell/testcases/json/0002table_map_0 +++ b/tests/shell/testcases/json/0002table_map_0 @@ -1,5 +1,8 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_set_expr) + set -e $NFT flush ruleset diff --git a/tests/shell/testcases/json/0003json_schema_version_0 b/tests/shell/testcases/json/0003json_schema_version_0 index 0ccf94c8..43f387a1 100755 --- a/tests/shell/testcases/json/0003json_schema_version_0 +++ b/tests/shell/testcases/json/0003json_schema_version_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) + set -e $NFT flush ruleset diff --git a/tests/shell/testcases/json/0004json_schema_version_1 b/tests/shell/testcases/json/0004json_schema_version_1 index bc451ae7..0f8d586f 100755 --- a/tests/shell/testcases/json/0004json_schema_version_1 +++ b/tests/shell/testcases/json/0004json_schema_version_1 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) + set -e $NFT flush ruleset diff --git a/tests/shell/testcases/json/0005secmark_objref_0 b/tests/shell/testcases/json/0005secmark_objref_0 index ae967435..5c44f093 100755 --- a/tests/shell/testcases/json/0005secmark_objref_0 +++ b/tests/shell/testcases/json/0005secmark_objref_0 @@ -1,5 +1,8 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_secmark) + set -e $NFT flush ruleset diff --git a/tests/shell/testcases/json/0006obj_comment_0 b/tests/shell/testcases/json/0006obj_comment_0 index 76d8fe16..7ce859d2 100755 --- a/tests/shell/testcases/json/0006obj_comment_0 +++ b/tests/shell/testcases/json/0006obj_comment_0 @@ -1,5 +1,8 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_json) +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_comment) + set -e $NFT flush ruleset diff --git a/tests/shell/testcases/json/dumps/0001set_statements_0.json-nft b/tests/shell/testcases/json/dumps/0001set_statements_0.json-nft new file mode 100644 index 00000000..91db43e2 --- /dev/null +++ b/tests/shell/testcases/json/dumps/0001set_statements_0.json-nft @@ -0,0 +1,100 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "testt", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "testt", + "name": "testc", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "set": { + "family": "ip", + "name": "ssh_meter", + "table": "testt", + "type": "ipv4_addr", + "handle": 0, + "size": 65535, + "flags": [ + "dynamic" + ] + } + }, + { + "rule": { + "family": "ip", + "table": "testt", + "chain": "testc", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + }, + { + "set": { + "op": "add", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@ssh_meter", + "stmt": [ + { + "limit": { + "rate": 10, + "burst": 5, + "per": "second" + } + } + ] + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/0001set_statements_0.nft b/tests/shell/testcases/json/dumps/0001set_statements_0.nft index ee4a8670..d80a4321 100644 --- a/tests/shell/testcases/json/dumps/0001set_statements_0.nft +++ b/tests/shell/testcases/json/dumps/0001set_statements_0.nft @@ -7,6 +7,6 @@ table ip testt { chain testc { type filter hook input priority filter; policy accept; - tcp dport 22 ct state new add @ssh_meter { ip saddr limit rate 10/second } accept + tcp dport 22 ct state new add @ssh_meter { ip saddr limit rate 10/second burst 5 packets } accept } } diff --git a/tests/shell/testcases/json/dumps/0002table_map_0.json-nft b/tests/shell/testcases/json/dumps/0002table_map_0.json-nft new file mode 100644 index 00000000..78e3c8ad --- /dev/null +++ b/tests/shell/testcases/json/dumps/0002table_map_0.json-nft @@ -0,0 +1,33 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "map": { + "family": "ip", + "name": "m", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "map": "mark", + "stmt": [ + { + "counter": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/0003json_schema_version_0.json-nft b/tests/shell/testcases/json/dumps/0003json_schema_version_0.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/json/dumps/0003json_schema_version_0.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/0004json_schema_version_1.json-nft b/tests/shell/testcases/json/dumps/0004json_schema_version_1.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/json/dumps/0004json_schema_version_1.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/0005secmark_objref_0.json-nft b/tests/shell/testcases/json/dumps/0005secmark_objref_0.json-nft new file mode 100644 index 00000000..3783c6b7 --- /dev/null +++ b/tests/shell/testcases/json/dumps/0005secmark_objref_0.json-nft @@ -0,0 +1,233 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "y", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -225, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "z", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 225, + "policy": "accept" + } + }, + { + "secmark": { + "family": "inet", + "name": "ssh_server", + "table": "x", + "handle": 0, + "context": "system_u:object_r:ssh_server_packet_t:s0" + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 2222 + } + }, + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + }, + { + "secmark": "ssh_server" + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + }, + { + "mangle": { + "key": { + "ct": { + "key": "secmark" + } + }, + "value": { + "meta": { + "key": "secmark" + } + } + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "related" + ] + } + }, + { + "mangle": { + "key": { + "meta": { + "key": "secmark" + } + }, + "value": { + "ct": { + "key": "secmark" + } + } + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "z", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + }, + { + "mangle": { + "key": { + "ct": { + "key": "secmark" + } + }, + "value": { + "meta": { + "key": "secmark" + } + } + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "x", + "chain": "z", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "related" + ] + } + }, + { + "mangle": { + "key": { + "meta": { + "key": "secmark" + } + }, + "value": { + "ct": { + "key": "secmark" + } + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/0006obj_comment_0.json-nft b/tests/shell/testcases/json/dumps/0006obj_comment_0.json-nft new file mode 100644 index 00000000..208e13ad --- /dev/null +++ b/tests/shell/testcases/json/dumps/0006obj_comment_0.json-nft @@ -0,0 +1,29 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "t", + "handle": 0 + } + }, + { + "counter": { + "family": "inet", + "name": "mycounter", + "table": "t", + "handle": 0, + "comment": "my comment in counter", + "packets": 0, + "bytes": 0 + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/netdev.json-nft b/tests/shell/testcases/json/dumps/netdev.json-nft new file mode 100644 index 00000000..e0d2bfb4 --- /dev/null +++ b/tests/shell/testcases/json/dumps/netdev.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "test_table", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/json/dumps/netdev.nft b/tests/shell/testcases/json/dumps/netdev.nft new file mode 100644 index 00000000..3c568ed3 --- /dev/null +++ b/tests/shell/testcases/json/dumps/netdev.nft @@ -0,0 +1,2 @@ +table netdev test_table { +} diff --git a/tests/shell/testcases/json/netdev b/tests/shell/testcases/json/netdev index a16a4f5e..8c16cf42 100755 --- a/tests/shell/testcases/json/netdev +++ b/tests/shell/testcases/json/netdev @@ -1,12 +1,14 @@ #!/bin/bash -ip link add d0 type dummy || { - echo "Skipping, no dummy interface available" - exit 0 +set -e + +iface_cleanup() { + ip link del d0 &>/dev/null || : } -trap "ip link del d0" EXIT +trap 'iface_cleanup' EXIT +iface_cleanup -set -e +ip link add d0 type dummy $NFT flush ruleset $NFT add table inet test @@ -16,4 +18,11 @@ $NFT flush ruleset RULESET='{"nftables":[{"flush":{"ruleset":null}},{"add":{"table":{"family":"netdev","name":"test_table"}}},{"add":{"chain":{"family":"netdev","table":"test_table","name":"test_chain","type":"filter","hook":"ingress","prio":0,"dev":"d0","policy":"accept"}}}]}' -$NFT -j -f - <<< $RULESET +if [ "$NFT_TEST_HAVE_json" != n ]; then + $NFT -j -f - <<< $RULESET +fi + +if [ "$NFT_TEST_HAVE_json" = n ]; then + echo "Test partially skipped due to missing JSON support." + exit 77 +fi |