From 624b034b83a66ec2263314db9dc62ac06b1ae7e7 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 8 Feb 2024 14:30:17 +0100 Subject: tests: shell: Pretty-print all *.json-nft dumps The problem with single line output as produced by 'nft -j list ruleset' is its incompatibility to unified diff format as any change in this single line will produce a diff which contains the old and new lines in total. This is not just unreadable but will blow up patches which may exceed mailinglists' mail size limits. Convert them all at once by feeding their contents to tests/shell/helpers/json-pretty.sh. Signed-off-by: Phil Sutter --- .../nft-f/dumps/0001define_slash_0.json-nft | 12 +- .../nft-f/dumps/0002rollback_rule_0.json-nft | 135 +++++- .../nft-f/dumps/0003rollback_jump_0.json-nft | 135 +++++- .../nft-f/dumps/0004rollback_set_0.json-nft | 135 +++++- .../nft-f/dumps/0005rollback_map_0.json-nft | 135 +++++- .../nft-f/dumps/0006action_object_0.json-nft | 12 +- .../0007action_object_set_segfault_1.json-nft | 12 +- .../nft-f/dumps/0008split_tables_0.json-nft | 68 ++- .../testcases/nft-f/dumps/0009variable_0.json-nft | 45 +- .../testcases/nft-f/dumps/0010variable_0.json-nft | 31 +- .../testcases/nft-f/dumps/0013defines_1.json-nft | 12 +- .../testcases/nft-f/dumps/0014defines_1.json-nft | 12 +- .../testcases/nft-f/dumps/0015defines_1.json-nft | 12 +- .../testcases/nft-f/dumps/0016redefines_1.json-nft | 81 +++- .../nft-f/dumps/0018ct_expectation_obj_0.json-nft | 53 ++- .../nft-f/dumps/0018jump_variable_0.json-nft | 50 ++- .../nft-f/dumps/0019jump_variable_1.json-nft | 12 +- .../nft-f/dumps/0020jump_variable_1.json-nft | 12 +- .../nft-f/dumps/0021list_ruleset_0.json-nft | 31 +- .../testcases/nft-f/dumps/0022variables_0.json-nft | 116 ++++- .../testcases/nft-f/dumps/0023check_1.json-nft | 31 +- .../nft-f/dumps/0025empty_dynset_0.json-nft | 112 ++++- .../testcases/nft-f/dumps/0026listing_0.json-nft | 57 ++- .../nft-f/dumps/0027split_chains_0.json-nft | 54 ++- .../nft-f/dumps/0028variable_cmdline_0.json-nft | 35 +- .../nft-f/dumps/0029split_file_0.json-nft | 62 ++- .../nft-f/dumps/0030variable_reuse_0.json-nft | 45 +- .../nft-f/dumps/0031vmap_string_0.json-nft | 12 +- .../testcases/nft-f/dumps/0032pknock_0.json-nft | 485 ++++++++++++++++++++- 29 files changed, 1975 insertions(+), 29 deletions(-) (limited to 'tests/shell/testcases/nft-f/dumps') diff --git a/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft b/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft index 85368b46..8d500578 100644 --- a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft @@ -1 +1,134 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 0}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"jump": {"target": "other"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "t", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1" + ] + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "other", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 22222, + 33333 + ] + } + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@t" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "jump": { + "target": "other" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft index 85368b46..8d500578 100644 --- a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft @@ -1 +1,134 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 0}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"jump": {"target": "other"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "t", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1" + ] + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "other", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 22222, + 33333 + ] + } + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@t" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "jump": { + "target": "other" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft index 85368b46..8d500578 100644 --- a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft @@ -1 +1,134 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 0}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"jump": {"target": "other"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "t", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1" + ] + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "other", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 22222, + 33333 + ] + } + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@t" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "jump": { + "target": "other" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft index 85368b46..8d500578 100644 --- a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft @@ -1 +1,134 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 0}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 0}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"jump": {"target": "other"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "t", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1" + ] + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "other", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "new" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 22222, + 33333 + ] + } + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@t" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "jump": { + "target": "other" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft b/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft b/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft index 29a0c08a..05ebed5a 100644 --- a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft @@ -1 +1,67 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 0}}, {"chain": {"family": "inet", "table": "filter", "name": "ssh", "handle": 0, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"chain": {"family": "inet", "table": "filter", "name": "input", "handle": 0, "type": "filter", "hook": "input", "prio": 1, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "ssh", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"accept": null}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "ssh", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 1, + "policy": "accept" + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "ssh", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft index 685d8818..41236dbe 100644 --- a/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft @@ -1 +1,44 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "forward", "handle": 0}}, {"set": {"family": "inet", "name": "concat-set-variable", "table": "forward", "type": ["ipv4_addr", "inet_service"], "handle": 0, "elem": [{"concat": ["10.10.10.10", 25]}, {"concat": ["10.10.10.10", 143]}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "forward", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "concat-set-variable", + "table": "forward", + "type": [ + "ipv4_addr", + "inet_service" + ], + "handle": 0, + "elem": [ + { + "concat": [ + "10.10.10.10", + 25 + ] + }, + { + "concat": [ + "10.10.10.10", + 143 + ] + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft index 87de4026..4b4ec4fb 100644 --- a/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 0}}, {"set": {"family": "inet", "name": "whitelist_v4", "table": "filter", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1"]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "whitelist_v4", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1" + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft index f183d66d..40cdb000 100644 --- a/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft @@ -1 +1,80 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": {"set": ["1.1.1.1", "2.2.2.2"]}}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": {"set": ["3.3.3.3", "4.4.4.4"]}}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": { + "set": [ + "1.1.1.1", + "2.2.2.2" + ] + } + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": { + "set": [ + "3.3.3.3", + "4.4.4.4" + ] + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft b/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft index 1babf28b..5e2b07f0 100644 --- a/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft @@ -1 +1,52 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}, {"ct expectation": {"family": "ip", "name": "ctexpect", "table": "filter", "handle": 0, "protocol": "tcp", "dport": 9876, "timeout": 60000, "size": 12, "l3proto": "ip"}}, {"chain": {"family": "ip", "table": "filter", "name": "c", "handle": 0}}, {"rule": {"family": "ip", "table": "filter", "chain": "c", "handle": 0, "expr": [{"ct expectation": "ctexpect"}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "ct expectation": { + "family": "ip", + "name": "ctexpect", + "table": "filter", + "handle": 0, + "protocol": "tcp", + "dport": 9876, + "timeout": 60000, + "size": 12, + "l3proto": "ip" + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "c", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "c", + "handle": 0, + "expr": [ + { + "ct expectation": "ctexpect" + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft b/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft index 6b7d6c91..f62b48a3 100644 --- a/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft @@ -1 +1,49 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "foo", "handle": 0}}, {"chain": {"family": "ip", "table": "foo", "name": "bar", "handle": 0}}, {"chain": {"family": "ip", "table": "foo", "name": "ber", "handle": 0}}, {"rule": {"family": "ip", "table": "foo", "chain": "bar", "handle": 0, "expr": [{"jump": {"target": "ber"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "foo", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "foo", + "name": "bar", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "foo", + "name": "ber", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "foo", + "chain": "bar", + "handle": 0, + "expr": [ + { + "jump": { + "target": "ber" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft b/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft b/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft b/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft index b072c7ef..f41b1b04 100644 --- a/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 0}}, {"chain": {"family": "ip", "table": "filter", "name": "prerouting", "handle": 0, "type": "filter", "hook": "prerouting", "prio": -50, "policy": "accept"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -50, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft b/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft index 3e0f5489..b971454f 100644 --- a/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft @@ -1 +1,115 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "ip", "table": "x", "name": "z", "handle": 0, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "ip", "table": "x", "chain": "z", "handle": 0, "expr": [{"set": {"op": "add", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "set": "@y"}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "z", "handle": 0, "expr": [{"set": {"op": "update", "elem": {"elem": {"val": {"payload": {"protocol": "ip", "field": "saddr"}}, "timeout": 30}}, "set": "@y"}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "z", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@y"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "size": 65535, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "z", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "z", + "handle": 0, + "expr": [ + { + "set": { + "op": "add", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@y" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "z", + "handle": 0, + "expr": [ + { + "set": { + "op": "update", + "elem": { + "elem": { + "val": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "timeout": 30 + } + }, + "set": "@y" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "z", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@y" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft b/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft index fe8603c7..ddb2a057 100644 --- a/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft @@ -1 +1,30 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "foo", "handle": 0}}, {"chain": {"family": "ip", "table": "foo", "name": "bar", "handle": 0, "type": "filter", "hook": "prerouting", "prio": 0, "policy": "accept"}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "foo", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "foo", + "name": "bar", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft index 0272e203..0cde23b0 100644 --- a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft @@ -1 +1,111 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "foo", "handle": 0}}, {"set": {"family": "ip", "name": "inflows", "table": "foo", "type": ["ipv4_addr", "inet_service", "ifname", "ipv4_addr", "inet_service"], "handle": 0, "flags": ["dynamic"], "elem": [{"elem": {"val": {"concat": ["10.1.0.3", 39466, "veth1", "10.3.0.99", 5201]}, "counter": {"packets": 0, "bytes": 0}}}]}}, {"set": {"family": "ip", "name": "inflows6", "table": "foo", "type": ["ipv6_addr", "inet_service", "ifname", "ipv6_addr", "inet_service"], "handle": 0, "flags": ["dynamic"]}}, {"set": {"family": "ip", "name": "inflows_ratelimit", "table": "foo", "type": ["ipv4_addr", "inet_service", "ifname", "ipv4_addr", "inet_service"], "handle": 0, "flags": ["dynamic"], "elem": [{"elem": {"val": {"concat": ["10.1.0.3", 39466, "veth1", "10.3.0.99", 5201]}, "limit": {"rate": 1, "burst": 5, "per": "second"}}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "foo", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "inflows", + "table": "foo", + "type": [ + "ipv4_addr", + "inet_service", + "ifname", + "ipv4_addr", + "inet_service" + ], + "handle": 0, + "flags": [ + "dynamic" + ], + "elem": [ + { + "elem": { + "val": { + "concat": [ + "10.1.0.3", + 39466, + "veth1", + "10.3.0.99", + 5201 + ] + }, + "counter": { + "packets": 0, + "bytes": 0 + } + } + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "inflows6", + "table": "foo", + "type": [ + "ipv6_addr", + "inet_service", + "ifname", + "ipv6_addr", + "inet_service" + ], + "handle": 0, + "flags": [ + "dynamic" + ] + } + }, + { + "set": { + "family": "ip", + "name": "inflows_ratelimit", + "table": "foo", + "type": [ + "ipv4_addr", + "inet_service", + "ifname", + "ipv4_addr", + "inet_service" + ], + "handle": 0, + "flags": [ + "dynamic" + ], + "elem": [ + { + "elem": { + "val": { + "concat": [ + "10.1.0.3", + 39466, + "veth1", + "10.3.0.99", + 5201 + ] + }, + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft b/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft index bda56fa5..8acdcdf4 100644 --- a/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft @@ -1 +1,56 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "A", "handle": 0}}, {"chain": {"family": "ip", "table": "A", "name": "B", "handle": 0}}, {"rule": {"family": "ip", "table": "A", "chain": "B", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [1, 2]}}}, {"accept": null}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "A", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "A", + "name": "B", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "A", + "chain": "B", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": { + "set": [ + 1, + 2 + ] + } + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft b/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft index 006e0ff2..bda8bfc9 100644 --- a/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft @@ -1 +1,53 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 0}}, {"chain": {"family": "inet", "table": "filter", "name": "x", "handle": 0}}, {"chain": {"family": "inet", "table": "filter", "name": "input", "handle": 0, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "input", "handle": 0, "expr": [{"jump": {"target": "x"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "jump": { + "target": "x" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft b/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft index 3e9ac8d4..69d826df 100644 --- a/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft @@ -1 +1,34 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 0}}, {"set": {"family": "inet", "name": "whitelist_v4", "table": "filter", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4", "5.5.5.5"]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "whitelist_v4", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1", + "2.2.2.2", + "3.3.3.3", + "4.4.4.4", + "5.5.5.5" + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft b/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft index 9bd6ca14..c2aa400a 100644 --- a/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft @@ -1 +1,61 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 0}}, {"set": {"family": "inet", "name": "whitelist_v4", "table": "filter", "type": "ipv4_addr", "handle": 0}}, {"chain": {"family": "inet", "table": "filter", "name": "prerouting", "handle": 0, "type": "filter", "hook": "prerouting", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "prerouting", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": "@whitelist_v4"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "whitelist_v4", + "table": "filter", + "type": "ipv4_addr", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "prerouting", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "@whitelist_v4" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft b/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft index 6352e757..e0704b7d 100644 --- a/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft @@ -1 +1,44 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1", "2.2.2.2"]}}, {"set": {"family": "ip", "name": "z", "table": "x", "type": "ipv4_addr", "handle": 0, "elem": ["1.1.1.1", "3.3.3.3"]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1", + "2.2.2.2" + ] + } + }, + { + "set": { + "family": "ip", + "name": "z", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + "1.1.1.1", + "3.3.3.3" + ] + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft b/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft index 0048e6b1..546cc597 100644 --- a/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft @@ -1 +1,11 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft b/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft index 46cc7cd7..57d57bb9 100644 --- a/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft +++ b/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft @@ -1 +1,484 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "portknock", "handle": 0}}, {"set": {"family": "inet", "name": "clients_ipv4", "table": "portknock", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"set": {"family": "inet", "name": "candidates_ipv4", "table": "portknock", "type": ["ipv4_addr", "inet_service"], "handle": 0, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "inet", "table": "portknock", "name": "input", "handle": 0, "type": "filter", "hook": "input", "prio": -10, "policy": "accept"}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10001}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10002]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10002}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10003]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10003}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10004]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10004}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10005]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10005}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"payload": {"protocol": "ip", "field": "saddr"}}, "timeout": 600}}, "set": "@clients_ipv4"}}, {"log": {"prefix": "Successful portknock: "}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@clients_ipv4"}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": ["established", "related"]}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"reject": {"type": "tcp reset"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "portknock", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "clients_ipv4", + "table": "portknock", + "type": "ipv4_addr", + "handle": 0, + "size": 65535, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "set": { + "family": "inet", + "name": "candidates_ipv4", + "table": "portknock", + "type": [ + "ipv4_addr", + "inet_service" + ], + "handle": 0, + "size": 65535, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "chain": { + "family": "inet", + "table": "portknock", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -10, + "policy": "accept" + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 10001 + } + }, + { + "set": { + "op": "add", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + 10002 + ] + }, + "timeout": 1 + } + }, + "set": "@candidates_ipv4" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 10002 + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": "@candidates_ipv4" + } + }, + { + "set": { + "op": "add", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + 10003 + ] + }, + "timeout": 1 + } + }, + "set": "@candidates_ipv4" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 10003 + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": "@candidates_ipv4" + } + }, + { + "set": { + "op": "add", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + 10004 + ] + }, + "timeout": 1 + } + }, + "set": "@candidates_ipv4" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 10004 + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": "@candidates_ipv4" + } + }, + { + "set": { + "op": "add", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + 10005 + ] + }, + "timeout": 1 + } + }, + "set": "@candidates_ipv4" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 10005 + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": "@candidates_ipv4" + } + }, + { + "set": { + "op": "add", + "elem": { + "elem": { + "val": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "timeout": 600 + } + }, + "set": "@clients_ipv4" + } + }, + { + "log": { + "prefix": "Successful portknock: " + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "@clients_ipv4" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": [ + "established", + "related" + ] + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "portknock", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "reject": { + "type": "tcp reset" + } + } + ] + } + } + ] +} -- cgit v1.2.3