From e760d200a4b9cd31928b68a1f2f882157344351e Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 10 Apr 2018 19:00:24 +0200
Subject: tests/py: Use libnftables instead of calling nft binary

This adds a simple nftables Python class in py/nftables.py which gives
access to libnftables API via ctypes module.

nft-test.py is extended to make use of the above class instead of
calling nft binary. Since command line formatting had to be touched
anyway, this patch also streamlines things a bit by introducing
__str__ methods to classes Table and Chain and making extensive use of
format strings instead of onerously adding all string parts together.

Since the called commands don't see a shell anymore, all shell meta
character escaping done in testcases is removed.

The visible effects of this change are:

* Four new warnings in ip/flowtable.t due to changing objref IDs (will
  be addressed later in a patch to libnftnl).

* Reported command line in warning and error messages changed slightly
  for obvious reasons.

* Reduction of a full test run's runtime by a factor of four. Status
  diff after running with 'time':

  < 83 test files, 77 files passed, 1724 unit tests, 0 error, 33 warning
  < 87.23user 696.13system 15:11.82elapsed 85%CPU (0avgtext+0avgdata 9604maxresident)k
  < 8inputs+36800outputs (0major+35171235minor)pagefaults 0swaps

  > 83 test files, 77 files passed, 1724 unit tests, 4 error, 33 warning
  > 6.80user 30.18system 3:45.86elapsed 16%CPU (0avgtext+0avgdata 14064maxresident)k
  > 0inputs+35808outputs (0major+2874minor)pagefaults 0swaps

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/any/ct.t          | 14 +++++++-------
 tests/py/any/ct.t.payload  | 12 ++++++------
 tests/py/any/log.t         |  2 +-
 tests/py/any/log.t.payload |  2 +-
 tests/py/any/meta.t        |  4 ++--
 5 files changed, 17 insertions(+), 17 deletions(-)

(limited to 'tests/py/any')

diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 6334dd76..ce6d51a4 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -75,19 +75,19 @@ ct expiration != {33-55};ok;ct expiration != { 33s-55s}
 
 ct helper "ftp";ok
 ct helper "12345678901234567";fail
-ct helper '""';fail
+ct helper "";fail
 
 ct state . ct mark { new . 0x12345678};ok
 ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok
 ct direction . ct mark { original . 0x12345678};ok
 ct state . ct mark vmap { new . 0x12345678 : drop};ok
 
-ct original bytes \> 100000;ok;ct original bytes > 100000
-ct reply packets \< 100;ok;ct reply packets < 100
-ct bytes \> 100000;ok;ct bytes > 100000
+ct original bytes > 100000;ok
+ct reply packets < 100;ok
+ct bytes > 100000;ok
 
-ct avgpkt \> 200;ok;ct avgpkt > 200
-ct original avgpkt \< 500;ok;ct original avgpkt < 500
+ct avgpkt > 200;ok
+ct original avgpkt < 500;ok
 
 # bogus direction
 ct both bytes gt 1;fail
@@ -107,7 +107,7 @@ ct mark original;fail
 
 ct event set new;ok
 ct event set new or related or destroy or foobar;fail
-ct event set 'new | related | destroy | label';ok;ct event set new,related,destroy,label
+ct event set new | related | destroy | label;ok;ct event set new,related,destroy,label
 ct event set new,related,destroy,label;ok
 ct event set new,destroy;ok
 ct event set 1;ok;ct event set new
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index 7ebf3f8d..9f288e79 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -343,31 +343,31 @@ ip test-ip4 output
   [ lookup reg 1 set __map%d dreg 1 ]
   [ ct set mark with reg 1 ]
 
-# ct original bytes \> 100000
+# ct original bytes > 100000
 ip test-ip4 output
   [ ct load bytes => reg 1 , dir original ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xa0860100 ]
 
-# ct reply packets \< 100
+# ct reply packets < 100
 ip test-ip4 output
   [ ct load packets => reg 1 , dir reply ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp lt reg 1 0x00000000 0x64000000 ]
 
-# ct bytes \> 100000
+# ct bytes > 100000
 ip test-ip4 output
   [ ct load bytes => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xa0860100 ]
 
-# ct avgpkt \> 200
+# ct avgpkt > 200
 ip test-ip4 output
   [ ct load avgpkt => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xc8000000 ]
 
-# ct original avgpkt \< 500
+# ct original avgpkt < 500
 ip test-ip4 output
   [ ct load avgpkt => reg 1 , dir original ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
@@ -396,7 +396,7 @@ ip test-ip4 output
   [ immediate reg 1 0x00000001 ]
   [ ct set event with reg 1 ]
 
-# ct event set 'new | related | destroy | label'
+# ct event set new | related | destroy | label
 ip test-ip4 output
   [ immediate reg 1 0x00000407 ]
   [ ct set event with reg 1 ]
diff --git a/tests/py/any/log.t b/tests/py/any/log.t
index 37982022..d1b4ab62 100644
--- a/tests/py/any/log.t
+++ b/tests/py/any/log.t
@@ -24,7 +24,7 @@ log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2
 # The correct rule is log group 2 queue-threshold 2
 log group 2 queue-threshold 2;ok
 log group 2 snaplen 33;ok
-log group 2 prefix \"nft-test: \";ok;log prefix "nft-test: " group 2
+log group 2 prefix "nft-test: ";ok;log prefix "nft-test: " group 2
 
 log flags all;ok
 log level debug flags ip options flags skuid;ok
diff --git a/tests/py/any/log.t.payload b/tests/py/any/log.t.payload
index 385b8bba..ffb914d2 100644
--- a/tests/py/any/log.t.payload
+++ b/tests/py/any/log.t.payload
@@ -46,7 +46,7 @@ ip test-ip4 output
 ip test-ip4 output
   [ log group 2 snaplen 33 qthreshold 0 ]
 
-# log group 2 prefix \"nft-test: \"
+# log group 2 prefix "nft-test: "
 ip test-ip4 output
   [ log prefix nft-test:  group 2 snaplen 0 qthreshold 0 ]
 
diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t
index 9df038e5..b3bb0504 100644
--- a/tests/py/any/meta.t
+++ b/tests/py/any/meta.t
@@ -70,7 +70,7 @@ meta iifname {"dummy0", "lo"};ok;iifname {"dummy0", "lo"}
 meta iifname != {"dummy0", "lo"};ok;iifname != {"dummy0", "lo"}
 meta iifname "dummy*";ok;iifname "dummy*"
 meta iifname "dummy\*";ok;iifname "dummy\*"
-meta iifname '""';fail
+meta iifname "";fail
 
 meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
 meta iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
@@ -89,7 +89,7 @@ meta oifname != "dummy0";ok;oifname != "dummy0"
 meta oifname { "dummy0", "lo"};ok;oifname { "dummy0", "lo"}
 meta oifname "dummy*";ok;oifname "dummy*"
 meta oifname "dummy\*";ok;oifname "dummy\*"
-meta oifname '""';fail
+meta oifname "";fail
 
 meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
 meta oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
-- 
cgit v1.2.3