diff options
Diffstat (limited to 'tests/shell/testcases/sets/dumps')
26 files changed, 235 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/dumps/0001named_interval_0.nft b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft new file mode 100644 index 00000000..3049aa84 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft @@ -0,0 +1,34 @@ +table inet t { + set s1 { + type ipv4_addr + flags interval + elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 } + } + + set s2 { + type ipv6_addr + flags interval + elements = { fe00::/64, + fe11::-fe22:: } + } + + set s3 { + type inet_proto + flags interval + elements = { 10-20, 50-60 } + } + + set s4 { + type inet_service + flags interval + elements = { 0-1024, 8080-8082, 10000-40000 } + } + + chain c { + ip saddr @s1 accept + ip6 daddr @s2 accept + ip protocol @s3 accept + ip6 nexthdr @s3 accept + tcp dport @s4 accept + } +} diff --git a/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft new file mode 100644 index 00000000..452ee23e --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft @@ -0,0 +1,7 @@ +table ip t { + set s { + type ipv4_addr + flags interval + elements = { 192.168.0.0/24, 192.168.1.0/24 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft new file mode 100644 index 00000000..70c32a85 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft @@ -0,0 +1,5 @@ +table ip t { + set s { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft new file mode 100644 index 00000000..940030a1 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv6_addr + flags interval + elements = { fe00::/64 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft new file mode 100644 index 00000000..4224d9da --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv6_addr + flags interval + elements = { fe00::/48 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0006create_set_0.nft b/tests/shell/testcases/sets/dumps/0006create_set_0.nft new file mode 100644 index 00000000..70c32a85 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0006create_set_0.nft @@ -0,0 +1,5 @@ +table ip t { + set s { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0007create_element_0.nft b/tests/shell/testcases/sets/dumps/0007create_element_0.nft new file mode 100644 index 00000000..169be117 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0007create_element_0.nft @@ -0,0 +1,6 @@ +table ip t { + set s { + type ipv4_addr + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft new file mode 100644 index 00000000..5e7a7680 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft @@ -0,0 +1,7 @@ +table ip t { + set s { + type ipv4_addr + flags interval + elements = { 1.1.1.1 comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft new file mode 100644 index 00000000..ab0fe80d --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft @@ -0,0 +1,13 @@ +table ip t { + map sourcemap { + type ipv4_addr : verdict + elements = { 100.123.10.2 : jump c } + } + + chain postrouting { + ip saddr vmap @sourcemap accept + } + + chain c { + } +} diff --git a/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft new file mode 100644 index 00000000..455ebe3e --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft @@ -0,0 +1,7 @@ +table ip t { + set s { + type ipv4_addr + flags timeout + elements = { 1.1.1.1 comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0010comments_0.nft b/tests/shell/testcases/sets/dumps/0010comments_0.nft new file mode 100644 index 00000000..6e42ec4b --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0010comments_0.nft @@ -0,0 +1,6 @@ +table inet t { + set s { + type ipv6_addr + elements = { ::1 comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft new file mode 100644 index 00000000..e3d4aee6 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft @@ -0,0 +1,5 @@ +table ip x { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft new file mode 100644 index 00000000..e3d4aee6 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft @@ -0,0 +1,5 @@ +table ip x { + set y { + type ipv4_addr + } +} diff --git a/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft new file mode 100644 index 00000000..f6eddbf8 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft @@ -0,0 +1,11 @@ +table ip t { + chain c { + } +} +table inet filter { + set blacklist_v4 { + type ipv4_addr + flags interval + elements = { 192.168.0.0/24 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0016element_leak_0.nft b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft new file mode 100644 index 00000000..9d2b0afe --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft @@ -0,0 +1,7 @@ +table ip x { + set s { + type ipv4_addr + size 2 + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft new file mode 100644 index 00000000..9d2b0afe --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft @@ -0,0 +1,7 @@ +table ip x { + set s { + type ipv4_addr + size 2 + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft new file mode 100644 index 00000000..8cd37076 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft @@ -0,0 +1,7 @@ +table ip x { + set s { + type ipv4_addr + size 2 + elements = { 1.1.1.1, 1.1.1.2 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft new file mode 100644 index 00000000..d5330848 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft @@ -0,0 +1,6 @@ +table inet t { + set s { + type inet_service + elements = { ssh comment "test" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0021nesting_0.nft b/tests/shell/testcases/sets/dumps/0021nesting_0.nft new file mode 100644 index 00000000..6fd2a441 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0021nesting_0.nft @@ -0,0 +1,5 @@ +table ip x { + chain y { + ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft new file mode 100644 index 00000000..3dd97602 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft @@ -0,0 +1,13 @@ +table ip t { + set s { + type ipv4_addr + } + + map m { + type ipv4_addr : inet_service + } + + chain c { + tcp dport http meter f { ip saddr limit rate 10/second} + } +} diff --git a/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft @@ -0,0 +1,2 @@ +table ip t { +} diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft new file mode 100644 index 00000000..929c5d93 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft @@ -0,0 +1,28 @@ +table inet x { + counter user123 { + packets 12 bytes 1433 + } + + quota user123 { + over 2000 bytes + } + + quota user124 { + over 2000 bytes + } + + set y { + type ipv4_addr + } + + map test { + type ipv4_addr : quota + elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" } + } + + chain y { + type filter hook input priority 0; policy accept; + counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" } + quota name ip saddr map @test drop + } +} diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft new file mode 100644 index 00000000..c823ae9d --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft @@ -0,0 +1,7 @@ +table ip t { + chain c { + type filter hook output priority 0; policy accept; + ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } + tcp dport { ssh, telnet } counter packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft new file mode 100644 index 00000000..0d1f1254 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft @@ -0,0 +1,10 @@ +table ip filter { + limit http-traffic { + rate 1/second + } + + chain input { + type filter hook input priority 0; policy accept; + limit name tcp dport map { http : "http-traffic", https : "http-traffic" } + } +} diff --git a/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft new file mode 100644 index 00000000..c49eefae --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft @@ -0,0 +1,7 @@ +table inet t { + set s { + type ipv6_addr + flags interval + elements = { ::ffff:0.0.0.0/96 } + } +} diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft new file mode 100644 index 00000000..2c82e57d --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft @@ -0,0 +1,11 @@ +table inet t { + set s { + type ifname + elements = { "eth0" } + } + + chain c { + iifname @s accept + oifname @s accept + } +} |