From e760d200a4b9cd31928b68a1f2f882157344351e Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 10 Apr 2018 19:00:24 +0200 Subject: tests/py: Use libnftables instead of calling nft binary This adds a simple nftables Python class in py/nftables.py which gives access to libnftables API via ctypes module. nft-test.py is extended to make use of the above class instead of calling nft binary. Since command line formatting had to be touched anyway, this patch also streamlines things a bit by introducing __str__ methods to classes Table and Chain and making extensive use of format strings instead of onerously adding all string parts together. Since the called commands don't see a shell anymore, all shell meta character escaping done in testcases is removed. The visible effects of this change are: * Four new warnings in ip/flowtable.t due to changing objref IDs (will be addressed later in a patch to libnftnl). * Reported command line in warning and error messages changed slightly for obvious reasons. * Reduction of a full test run's runtime by a factor of four. Status diff after running with 'time': < 83 test files, 77 files passed, 1724 unit tests, 0 error, 33 warning < 87.23user 696.13system 15:11.82elapsed 85%CPU (0avgtext+0avgdata 9604maxresident)k < 8inputs+36800outputs (0major+35171235minor)pagefaults 0swaps > 83 test files, 77 files passed, 1724 unit tests, 4 error, 33 warning > 6.80user 30.18system 3:45.86elapsed 16%CPU (0avgtext+0avgdata 14064maxresident)k > 0inputs+35808outputs (0major+2874minor)pagefaults 0swaps Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- tests/py/inet/tcp.t.payload | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/py/inet/tcp.t.payload') diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index bf2ffaaf..512b42e9 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -421,7 +421,7 @@ inet test-inet input [ payload load 1b @ transport header + 13 => reg 1 ] [ cmp neq reg 1 0x00000080 ] -# tcp 'flags & (syn|fin) == (syn|fin)' +# tcp flags & (syn|fin) == (syn|fin) inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] -- cgit v1.2.3