From a4dab4ecde114e0b3a6537a5cc7accd60dd25f17 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 9 May 2018 16:03:43 +0200 Subject: tests/shell: Extend rule_management/0001addposition_0 Combine it with 0002insertposition_0 due to the many similarities, extend it to test 'handle' and 'index' parameters as well and rename the testcase accordingly. Also add a new 0002addinsertlocation_1 which tests that wrong argument to all of the location parameters fails. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- .../rule_management/0001addinsertposition_0 | 89 ++++++++++++++++++++++ .../testcases/rule_management/0001addposition_0 | 11 --- .../rule_management/0002addinsertlocation_1 | 23 ++++++ .../testcases/rule_management/0002insertposition_0 | 11 --- .../rule_management/dumps/0001addposition_0.nft | 7 -- .../rule_management/dumps/0002insertposition_0.nft | 7 -- 6 files changed, 112 insertions(+), 36 deletions(-) create mode 100755 tests/shell/testcases/rule_management/0001addinsertposition_0 delete mode 100755 tests/shell/testcases/rule_management/0001addposition_0 create mode 100755 tests/shell/testcases/rule_management/0002addinsertlocation_1 delete mode 100755 tests/shell/testcases/rule_management/0002insertposition_0 delete mode 100644 tests/shell/testcases/rule_management/dumps/0001addposition_0.nft delete mode 100644 tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft (limited to 'tests/shell') diff --git a/tests/shell/testcases/rule_management/0001addinsertposition_0 b/tests/shell/testcases/rule_management/0001addinsertposition_0 new file mode 100755 index 00000000..bb3fda51 --- /dev/null +++ b/tests/shell/testcases/rule_management/0001addinsertposition_0 @@ -0,0 +1,89 @@ +#!/bin/bash + +# tests for Netfilter bug #965 and the related fix +# (regarding rule management with a given position/handle spec) + +set -e + +RULESET="flush ruleset +table ip t { + chain c { + accept + accept + } +}" + +EXPECTED="table ip t { + chain c { + accept + drop + accept + } +}" + +for arg in "position 2" "handle 2" "index 0"; do + $NFT -f - <<< "$RULESET" + $NFT add rule t c $arg drop || { + $NFT list ruleset + exit 1 + } + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done + +for arg in "position 3" "handle 3" "index 1"; do + $NFT -f - <<< "$RULESET" + $NFT insert rule t c $arg drop + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done + +EXPECTED="table ip t { + chain c { + accept + accept + drop + } +}" + +for arg in "position 3" "handle 3" "index 1"; do + $NFT -f - <<< "$RULESET" + $NFT add rule t c $arg drop + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done + +EXPECTED="table ip t { + chain c { + drop + accept + accept + } +}" + +for arg in "position 2" "handle 2" "index 0"; do + $NFT -f - <<< "$RULESET" + $NFT insert rule t c $arg drop + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done diff --git a/tests/shell/testcases/rule_management/0001addposition_0 b/tests/shell/testcases/rule_management/0001addposition_0 deleted file mode 100755 index ee90d923..00000000 --- a/tests/shell/testcases/rule_management/0001addposition_0 +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# tests for Netfilter bug #965 and the related fix -# (regarding rule management with a given position/handle spec) - -set -e -$NFT add table t -$NFT add chain t c -$NFT add rule t c accept # should have handle 2 -$NFT add rule t c accept # should have handle 3 -$NFT add rule t c position 2 drop diff --git a/tests/shell/testcases/rule_management/0002addinsertlocation_1 b/tests/shell/testcases/rule_management/0002addinsertlocation_1 new file mode 100755 index 00000000..b48d3d66 --- /dev/null +++ b/tests/shell/testcases/rule_management/0002addinsertlocation_1 @@ -0,0 +1,23 @@ +#!/bin/bash + +# test rule adding with invalid position/handle/index value + +RULESET="flush ruleset +table ip t { + chain c { + accept + accept + } +}" + +$NFT -f - <<< "$RULESET" + +for cmd in add insert; do + for keyword in position handle index; do + $NFT $cmd rule t c $keyword 5 drop 2>/dev/null || continue + + echo "E: invalid $keyword value allowed in $cmd command" >&2 + exit 0 + done +done +exit 1 diff --git a/tests/shell/testcases/rule_management/0002insertposition_0 b/tests/shell/testcases/rule_management/0002insertposition_0 deleted file mode 100755 index e9f886fb..00000000 --- a/tests/shell/testcases/rule_management/0002insertposition_0 +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# tests for Netfilter bug #965 and the related fix -# (regarding rule management with a given position/handle spec) - -set -e -$NFT add table t -$NFT add chain t c -$NFT add rule t c accept # should have handle 2 -$NFT add rule t c accept # should have handle 3 -$NFT insert rule t c position 2 drop diff --git a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft deleted file mode 100644 index e282e13b..00000000 --- a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft +++ /dev/null @@ -1,7 +0,0 @@ -table ip t { - chain c { - accept - drop - accept - } -} diff --git a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft deleted file mode 100644 index 527d79d6..00000000 --- a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft +++ /dev/null @@ -1,7 +0,0 @@ -table ip t { - chain c { - drop - accept - accept - } -} -- cgit v1.2.3