diff options
Diffstat (limited to 'tests/shell/testcases/listing/dumps')
44 files changed, 1559 insertions, 0 deletions
diff --git a/tests/shell/testcases/listing/dumps/0001ruleset_0.json-nft b/tests/shell/testcases/listing/dumps/0001ruleset_0.json-nft new file mode 100644 index 00000000..1bb0e1b8 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0001ruleset_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0002ruleset_0.json-nft b/tests/shell/testcases/listing/dumps/0002ruleset_0.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0002ruleset_0.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0002ruleset_0.nft b/tests/shell/testcases/listing/dumps/0002ruleset_0.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0002ruleset_0.nft diff --git a/tests/shell/testcases/listing/dumps/0003table_0.json-nft b/tests/shell/testcases/listing/dumps/0003table_0.json-nft new file mode 100644 index 00000000..1bb0e1b8 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0003table_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0003table_0.nft b/tests/shell/testcases/listing/dumps/0003table_0.nft new file mode 100644 index 00000000..1c9f40c5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0003table_0.nft @@ -0,0 +1,2 @@ +table ip test { +} diff --git a/tests/shell/testcases/listing/dumps/0004table_0.json-nft b/tests/shell/testcases/listing/dumps/0004table_0.json-nft new file mode 100644 index 00000000..85e9b287 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0004table_0.json-nft @@ -0,0 +1,25 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "ip", + "name": "test2", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0004table_0.nft b/tests/shell/testcases/listing/dumps/0004table_0.nft new file mode 100644 index 00000000..56d035d1 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0004table_0.nft @@ -0,0 +1,4 @@ +table ip test { +} +table ip test2 { +} diff --git a/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.json-nft b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.json-nft new file mode 100644 index 00000000..ffd657e5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.json-nft @@ -0,0 +1,46 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "bridge", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.nft b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.nft new file mode 100644 index 00000000..c37261b3 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.nft @@ -0,0 +1,10 @@ +table ip test { +} +table ip6 test { +} +table inet test { +} +table arp test { +} +table bridge test { +} diff --git a/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.json-nft b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.json-nft new file mode 100644 index 00000000..ffd657e5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.json-nft @@ -0,0 +1,46 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "bridge", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.nft b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.nft new file mode 100644 index 00000000..c37261b3 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.nft @@ -0,0 +1,10 @@ +table ip test { +} +table ip6 test { +} +table inet test { +} +table arp test { +} +table bridge test { +} diff --git a/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.json-nft b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.json-nft new file mode 100644 index 00000000..ffd657e5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.json-nft @@ -0,0 +1,46 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "bridge", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.nft b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.nft new file mode 100644 index 00000000..c37261b3 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.nft @@ -0,0 +1,10 @@ +table ip test { +} +table ip6 test { +} +table inet test { +} +table arp test { +} +table bridge test { +} diff --git a/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.json-nft b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.json-nft new file mode 100644 index 00000000..ffd657e5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.json-nft @@ -0,0 +1,46 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "bridge", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.nft b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.nft new file mode 100644 index 00000000..c37261b3 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.nft @@ -0,0 +1,10 @@ +table ip test { +} +table ip6 test { +} +table inet test { +} +table arp test { +} +table bridge test { +} diff --git a/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.json-nft b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.json-nft new file mode 100644 index 00000000..ffd657e5 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.json-nft @@ -0,0 +1,46 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test", + "handle": 0 + } + }, + { + "table": { + "family": "bridge", + "name": "test", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.nft b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.nft new file mode 100644 index 00000000..c37261b3 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.nft @@ -0,0 +1,10 @@ +table ip test { +} +table ip6 test { +} +table inet test { +} +table arp test { +} +table bridge test { +} diff --git a/tests/shell/testcases/listing/dumps/0010sets_0.json-nft b/tests/shell/testcases/listing/dumps/0010sets_0.json-nft new file mode 100644 index 00000000..efca892e --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0010sets_0.json-nft @@ -0,0 +1,124 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "nat", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "ssh", + "table": "nat", + "type": "ipv4_addr", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "set": { + "family": "ip6", + "name": "testset", + "table": "test", + "type": "ipv6_addr", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test_arp", + "handle": 0 + } + }, + { + "set": { + "family": "arp", + "name": "test_set_arp00", + "table": "test_arp", + "type": "inet_service", + "handle": 0 + } + }, + { + "set": { + "family": "arp", + "name": "test_set_arp01", + "table": "test_arp", + "type": "inet_service", + "handle": 0, + "flags": [ + "constant" + ] + } + }, + { + "table": { + "family": "bridge", + "name": "test_bridge", + "handle": 0 + } + }, + { + "set": { + "family": "bridge", + "name": "test_set_bridge", + "table": "test_bridge", + "type": "inet_service", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "set0", + "table": "filter", + "type": "inet_service", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "set1", + "table": "filter", + "type": "inet_service", + "handle": 0, + "flags": [ + "constant" + ] + } + }, + { + "set": { + "family": "inet", + "name": "set2", + "table": "filter", + "type": "icmpv6_type", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0010sets_0.nft b/tests/shell/testcases/listing/dumps/0010sets_0.nft new file mode 100644 index 00000000..7303c403 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0010sets_0.nft @@ -0,0 +1,39 @@ +table ip nat { + set ssh { + type ipv4_addr + } +} +table ip6 test { + set testset { + type ipv6_addr + } +} +table arp test_arp { + set test_set_arp00 { + type inet_service + } + + set test_set_arp01 { + type inet_service + flags constant + } +} +table bridge test_bridge { + set test_set_bridge { + type inet_service + } +} +table inet filter { + set set0 { + type inet_service + } + + set set1 { + type inet_service + flags constant + } + + set set2 { + type icmpv6_type + } +} diff --git a/tests/shell/testcases/listing/dumps/0011sets_0.json-nft b/tests/shell/testcases/listing/dumps/0011sets_0.json-nft new file mode 100644 index 00000000..a742fa45 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0011sets_0.json-nft @@ -0,0 +1,220 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "nat", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "nat", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "nat", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 123, + 321 + ] + } + } + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "test", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "ip6", + "table": "test", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "udp", + "field": "sport" + } + }, + "right": { + "set": [ + 123, + 321 + ] + } + } + } + ] + } + }, + { + "table": { + "family": "arp", + "name": "test_arp", + "handle": 0 + } + }, + { + "chain": { + "family": "arp", + "table": "test_arp", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "arp", + "table": "test_arp", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "mark" + } + }, + "right": { + "set": [ + 123, + 321 + ] + } + } + } + ] + } + }, + { + "table": { + "family": "bridge", + "name": "test_bridge", + "handle": 0 + } + }, + { + "chain": { + "family": "bridge", + "table": "test_bridge", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "bridge", + "table": "test_bridge", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": { + "set": [ + "1.1.1.1", + "2.2.2.2" + ] + } + } + } + ] + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 80, + 443 + ] + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0011sets_0.nft b/tests/shell/testcases/listing/dumps/0011sets_0.nft new file mode 100644 index 00000000..4d0aeaf3 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0011sets_0.nft @@ -0,0 +1,25 @@ +table ip nat { + chain test { + tcp dport { 123, 321 } + } +} +table ip6 test { + chain test { + udp sport { 123, 321 } + } +} +table arp test_arp { + chain test { + meta mark { 0x0000007b, 0x00000141 } + } +} +table bridge test_bridge { + chain test { + ip daddr { 1.1.1.1, 2.2.2.2 } + } +} +table inet filter { + chain test { + tcp dport { 80, 443 } + } +} diff --git a/tests/shell/testcases/listing/dumps/0012sets_0.json-nft b/tests/shell/testcases/listing/dumps/0012sets_0.json-nft new file mode 100644 index 00000000..efca892e --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0012sets_0.json-nft @@ -0,0 +1,124 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "nat", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "ssh", + "table": "nat", + "type": "ipv4_addr", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test", + "handle": 0 + } + }, + { + "set": { + "family": "ip6", + "name": "testset", + "table": "test", + "type": "ipv6_addr", + "handle": 0 + } + }, + { + "table": { + "family": "arp", + "name": "test_arp", + "handle": 0 + } + }, + { + "set": { + "family": "arp", + "name": "test_set_arp00", + "table": "test_arp", + "type": "inet_service", + "handle": 0 + } + }, + { + "set": { + "family": "arp", + "name": "test_set_arp01", + "table": "test_arp", + "type": "inet_service", + "handle": 0, + "flags": [ + "constant" + ] + } + }, + { + "table": { + "family": "bridge", + "name": "test_bridge", + "handle": 0 + } + }, + { + "set": { + "family": "bridge", + "name": "test_set_bridge", + "table": "test_bridge", + "type": "inet_service", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "set0", + "table": "filter", + "type": "inet_service", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "set1", + "table": "filter", + "type": "inet_service", + "handle": 0, + "flags": [ + "constant" + ] + } + }, + { + "set": { + "family": "inet", + "name": "set2", + "table": "filter", + "type": "icmpv6_type", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0012sets_0.nft b/tests/shell/testcases/listing/dumps/0012sets_0.nft new file mode 100644 index 00000000..7303c403 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0012sets_0.nft @@ -0,0 +1,39 @@ +table ip nat { + set ssh { + type ipv4_addr + } +} +table ip6 test { + set testset { + type ipv6_addr + } +} +table arp test_arp { + set test_set_arp00 { + type inet_service + } + + set test_set_arp01 { + type inet_service + flags constant + } +} +table bridge test_bridge { + set test_set_bridge { + type inet_service + } +} +table inet filter { + set set0 { + type inet_service + } + + set set1 { + type inet_service + flags constant + } + + set set2 { + type icmpv6_type + } +} diff --git a/tests/shell/testcases/listing/dumps/0013objects_0.json-nft b/tests/shell/testcases/listing/dumps/0013objects_0.json-nft new file mode 100644 index 00000000..830aad85 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0013objects_0.json-nft @@ -0,0 +1,75 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test", + "name": "input", + "handle": 0 + } + }, + { + "quota": { + "family": "ip", + "name": "https-quota", + "table": "test", + "handle": 0, + "bytes": 26214400, + "used": 0, + "inv": false + } + }, + { + "ct helper": { + "family": "ip", + "name": "cthelp", + "table": "test", + "handle": 0, + "type": "sip", + "protocol": "tcp", + "l3proto": "ip" + } + }, + { + "ct timeout": { + "family": "ip", + "name": "cttime", + "table": "test", + "handle": 0, + "protocol": "udp", + "l3proto": "ip", + "policy": { + "unreplied": 15, + "replied": 12 + } + } + }, + { + "ct expectation": { + "family": "ip", + "name": "ctexpect", + "table": "test", + "handle": 0, + "protocol": "tcp", + "dport": 5432, + "timeout": 3600000, + "size": 12, + "l3proto": "ip" + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0013objects_0.nft b/tests/shell/testcases/listing/dumps/0013objects_0.nft new file mode 100644 index 00000000..427db268 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0013objects_0.nft @@ -0,0 +1,27 @@ +table ip test { + quota https-quota { + 25 mbytes + } + + ct helper cthelp { + type "sip" protocol tcp + l3proto ip + } + + ct timeout cttime { + protocol udp + l3proto ip + policy = { unreplied : 15s, replied : 12s } + } + + ct expectation ctexpect { + protocol tcp + dport 5432 + timeout 1h + size 12 + l3proto ip + } + + chain input { + } +} diff --git a/tests/shell/testcases/listing/dumps/0014objects_0.json-nft b/tests/shell/testcases/listing/dumps/0014objects_0.json-nft new file mode 100644 index 00000000..83f72d40 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0014objects_0.json-nft @@ -0,0 +1,47 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "quota": { + "family": "ip", + "name": "https-quota", + "table": "test", + "handle": 0, + "bytes": 26214400, + "used": 0, + "inv": false + } + }, + { + "ct helper": { + "family": "ip", + "name": "cthelp", + "table": "test", + "handle": 0, + "type": "sip", + "protocol": "tcp", + "l3proto": "ip" + } + }, + { + "table": { + "family": "ip", + "name": "test-ip", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0014objects_0.nft b/tests/shell/testcases/listing/dumps/0014objects_0.nft new file mode 100644 index 00000000..9281a1a0 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0014objects_0.nft @@ -0,0 +1,12 @@ +table ip test { + quota https-quota { + 25 mbytes + } + + ct helper cthelp { + type "sip" protocol tcp + l3proto ip + } +} +table ip test-ip { +} diff --git a/tests/shell/testcases/listing/dumps/0015dynamic_0.json-nft b/tests/shell/testcases/listing/dumps/0015dynamic_0.json-nft new file mode 100644 index 00000000..a94a1b04 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0015dynamic_0.json-nft @@ -0,0 +1,38 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "test_set", + "table": "filter", + "type": [ + "ipv4_addr", + "inet_service", + "ipv4_addr", + "inet_service", + "inet_proto" + ], + "handle": 0, + "size": 100000, + "flags": [ + "timeout", + "dynamic" + ] + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0015dynamic_0.nft b/tests/shell/testcases/listing/dumps/0015dynamic_0.nft new file mode 100644 index 00000000..0f4244bf --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0015dynamic_0.nft @@ -0,0 +1,7 @@ +table ip filter { + set test_set { + type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto + size 100000 + flags dynamic,timeout + } +} diff --git a/tests/shell/testcases/listing/dumps/0016anonymous_0.json-nft b/tests/shell/testcases/listing/dumps/0016anonymous_0.json-nft new file mode 100644 index 00000000..e47ccb8e --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0016anonymous_0.json-nft @@ -0,0 +1,85 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "1.1.1.1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "key": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "data": { + "set": [ + [ + "1.1.1.1", + 2 + ] + ] + } + } + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0016anonymous_0.nft b/tests/shell/testcases/listing/dumps/0016anonymous_0.nft new file mode 100644 index 00000000..cb089337 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0016anonymous_0.nft @@ -0,0 +1,6 @@ +table ip x { + chain y { + ip saddr 1.1.1.1 + meta mark set ip saddr map { 1.1.1.1 : 0x00000002 } + } +} diff --git a/tests/shell/testcases/listing/dumps/0017objects_0.json-nft b/tests/shell/testcases/listing/dumps/0017objects_0.json-nft new file mode 100644 index 00000000..d735f7a1 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0017objects_0.json-nft @@ -0,0 +1,28 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "map": { + "family": "inet", + "name": "countermap", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "map": "counter" + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0017objects_0.nft b/tests/shell/testcases/listing/dumps/0017objects_0.nft new file mode 100644 index 00000000..e60e3afa --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0017objects_0.nft @@ -0,0 +1,5 @@ +table inet filter { + map countermap { + type ipv4_addr : counter + } +} diff --git a/tests/shell/testcases/listing/dumps/0018data_0.json-nft b/tests/shell/testcases/listing/dumps/0018data_0.json-nft new file mode 100644 index 00000000..211dcd30 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0018data_0.json-nft @@ -0,0 +1,28 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "map": { + "family": "inet", + "name": "ipmap", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "map": "ipv4_addr" + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0018data_0.nft b/tests/shell/testcases/listing/dumps/0018data_0.nft new file mode 100644 index 00000000..5d318550 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0018data_0.nft @@ -0,0 +1,5 @@ +table inet filter { + map ipmap { + type ipv4_addr : ipv4_addr + } +} diff --git a/tests/shell/testcases/listing/dumps/0019set_0.json-nft b/tests/shell/testcases/listing/dumps/0019set_0.json-nft new file mode 100644 index 00000000..3bb7cb8a --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0019set_0.json-nft @@ -0,0 +1,27 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "ipset", + "table": "filter", + "type": "ipv4_addr", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0019set_0.nft b/tests/shell/testcases/listing/dumps/0019set_0.nft new file mode 100644 index 00000000..915922ca --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0019set_0.nft @@ -0,0 +1,5 @@ +table inet filter { + set ipset { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/listing/dumps/0020flowtable_0.json-nft b/tests/shell/testcases/listing/dumps/0020flowtable_0.json-nft new file mode 100644 index 00000000..d511739a --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0020flowtable_0.json-nft @@ -0,0 +1,67 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "flowtable": { + "family": "inet", + "name": "f", + "table": "filter", + "handle": 0, + "hook": "ingress", + "prio": 0, + "dev": "lo" + } + }, + { + "flowtable": { + "family": "inet", + "name": "f2", + "table": "filter", + "handle": 0, + "hook": "ingress", + "prio": 0 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "flowtable": { + "family": "ip", + "name": "f", + "table": "filter", + "handle": 0, + "hook": "ingress", + "prio": 0, + "dev": "lo" + } + }, + { + "flowtable": { + "family": "ip", + "name": "f2", + "table": "filter", + "handle": 0, + "hook": "ingress", + "prio": 0 + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0020flowtable_0.nft b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft new file mode 100644 index 00000000..4a64e531 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft @@ -0,0 +1,20 @@ +table inet filter { + flowtable f { + hook ingress priority filter + devices = { lo } + } + + flowtable f2 { + hook ingress priority filter + } +} +table ip filter { + flowtable f { + hook ingress priority filter + devices = { lo } + } + + flowtable f2 { + hook ingress priority filter + } +} diff --git a/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.json-nft b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.json-nft new file mode 100644 index 00000000..d1131bb4 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.json-nft @@ -0,0 +1,39 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test", + "name": "c", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "s", + "table": "test", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "192.168.3.4", + "192.168.3.5" + ] + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.nft b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.nft new file mode 100644 index 00000000..13c8ac63 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.nft @@ -0,0 +1,9 @@ +table ip test { + set s { + type ipv4_addr + elements = { 192.168.3.4, 192.168.3.5 } + } + + chain c { + } +} diff --git a/tests/shell/testcases/listing/dumps/0022terse_0.json-nft b/tests/shell/testcases/listing/dumps/0022terse_0.json-nft new file mode 100644 index 00000000..bd6383da --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0022terse_0.json-nft @@ -0,0 +1,88 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + }, + { + "set": { + "family": "inet", + "name": "example", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "flags": [ + "interval" + ], + "elem": [ + "10.10.10.10", + "10.10.11.11" + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": { + "set": [ + "10.10.10.100", + "10.10.10.111" + ] + } + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@example" + } + }, + { + "drop": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/listing/dumps/0022terse_0.nft b/tests/shell/testcases/listing/dumps/0022terse_0.nft new file mode 100644 index 00000000..40665cb7 --- /dev/null +++ b/tests/shell/testcases/listing/dumps/0022terse_0.nft @@ -0,0 +1,12 @@ +table inet filter { + set example { + type ipv4_addr + flags interval + elements = { 10.10.10.10, 10.10.11.11 } + } + + chain input { + type filter hook prerouting priority filter; policy accept; + ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop + } +} diff --git a/tests/shell/testcases/listing/dumps/meta_time.nodump b/tests/shell/testcases/listing/dumps/meta_time.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/listing/dumps/meta_time.nodump |