diff options
author | Florian Westphal <fw@strlen.de> | 2012-11-06 17:06:39 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2013-05-06 21:34:15 +0200 |
commit | 6510a98f4139f112a0c76c71ff889ef93eac41fb (patch) | |
tree | 01e2ee90772ff378629bd889d51a509a26d3098e /qa | |
parent | 013a5284c901a6ce80320f499685b89d15eeed9e (diff) |
api: add connlabel api and attribute
adds new labelmap api to create a name <-> bit mapping
from a text file (default: /etc/xtables/connlabel.conf).
nfct_labelmap_new(filename) is used to create the map,
nfct_labelmap_destroy() releases the resources allocated for the map.
Two functions are added to make map lookups:
nfct_labelmap_get_name(map, bit) returns the name of a bit,
nfct_labelmap_get_bit returns the bit associated with a name.
The connlabel attribute is represented by a nfct_bitmask object, the
nfct_bitmask api can be used to test/set/get individual bits
("labels").
The exisiting nfct_attr_get/set interfaces can be used to read or
replace the existing labels associated with a conntrack with a new set.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'qa')
-rw-r--r-- | qa/Makefile.am | 5 | ||||
-rw-r--r-- | qa/qa-connlabel.conf | 11 | ||||
-rw-r--r-- | qa/test_api.c | 28 | ||||
-rw-r--r-- | qa/test_connlabel.c | 70 |
4 files changed, 108 insertions, 6 deletions
diff --git a/qa/Makefile.am b/qa/Makefile.am index b4daf92..abe063f 100644 --- a/qa/Makefile.am +++ b/qa/Makefile.am @@ -1,10 +1,13 @@ include $(top_srcdir)/Make_global.am -check_PROGRAMS = test_api test_filter ct_stress ct_events_reliable +check_PROGRAMS = test_api test_filter test_connlabel ct_stress ct_events_reliable test_api_SOURCES = test_api.c test_api_LDADD = ../src/libnetfilter_conntrack.la +test_connlabel_SOURCES = test_connlabel.c +test_connlabel_LDADD = ../src/libnetfilter_conntrack.la + test_filter_SOURCES = test_filter.c test_filter_LDADD = ../src/libnetfilter_conntrack.la diff --git a/qa/qa-connlabel.conf b/qa/qa-connlabel.conf new file mode 100644 index 0000000..38c3115 --- /dev/null +++ b/qa/qa-connlabel.conf @@ -0,0 +1,11 @@ +0 zero +# duplicate names should be skipped +1 zero +1 test label 1 +1 zero +# .. so this should have added bit 1 as "test label 1" +2 test label 2 +# duplicate bit, should be skipped, too +2 duplicate +5 unused label +42 T diff --git a/qa/test_api.c b/qa/test_api.c index 911b160..399afdc 100644 --- a/qa/test_api.c +++ b/qa/test_api.c @@ -37,6 +37,8 @@ static void test_nfct_bitmask(void) struct nfct_bitmask *a, *b; unsigned short int maxb, i; + printf("== test nfct_bitmask_* API ==\n"); + maxb = rand() & 0xffff; a = nfct_bitmask_new(maxb); @@ -77,6 +79,7 @@ static void test_nfct_bitmask(void) } nfct_bitmask_destroy(b); + printf("OK\n"); } @@ -88,6 +91,7 @@ int main(void) char data[256]; const char *val; int status; + struct nfct_bitmask *b; srand(time(NULL)); @@ -117,8 +121,15 @@ int main(void) eval_sigterm(status); } - for (i=0; i<ATTR_MAX; i++) - nfct_set_attr(ct, i, data); + for (i=0; i<ATTR_MAX; i++) { + if (i != ATTR_CONNLABELS) { + nfct_set_attr(ct, i, data); + continue; + } + b = nfct_bitmask_new(rand() & 0xffff); + assert(b); + nfct_set_attr(ct, i, b); + } printf("== test get API ==\n"); ret = fork(); @@ -150,11 +161,19 @@ int main(void) case ATTR_HELPER_INFO: nfct_set_attr_l(ct, i, data, sizeof(data)); break; + case ATTR_CONNLABELS: + /* already set above */ + break; default: data[0] = (uint8_t) i; nfct_set_attr(ct, i, data); } val = nfct_get_attr(ct, i); + switch (i) { + case ATTR_CONNLABELS: + assert((void *) val == b); + continue; + } if (val[0] != data[0]) { printf("ERROR: set/get operations don't match " @@ -333,10 +352,9 @@ int main(void) nfexp_destroy(exp); nfexp_destroy(tmp_exp); - printf("== test nfct_bitmask_* API ==\n"); - test_nfct_bitmask(); - printf("OK\n"); + test_nfct_bitmask(); + return EXIT_SUCCESS; } diff --git a/qa/test_connlabel.c b/qa/test_connlabel.c new file mode 100644 index 0000000..27cbca2 --- /dev/null +++ b/qa/test_connlabel.c @@ -0,0 +1,70 @@ +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <time.h> + +#include <libmnl/libmnl.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static void print_label(struct nfct_labelmap *map) +{ + int b = nfct_labelmap_get_bit(map, "test label 1"); + assert(b == 1); + + b = nfct_labelmap_get_bit(map, "zero"); + assert(b == 0); + + b = nfct_labelmap_get_bit(map, "test label 2"); + assert(b == 2); + + b = nfct_labelmap_get_bit(map, "duplicate"); + assert(b < 0); + + b = nfct_labelmap_get_bit(map, "invalid label"); + assert(b < 0); + + b = nfct_labelmap_get_bit(map, "T"); + assert(b == 42); +} + +static void print_bits(struct nfct_labelmap *map) +{ + unsigned int i = 0; + + for (;;) { + const char *name = nfct_labelmap_get_name(map, i); + if (!name) + break; + if (name[0]) + printf("%s, %d\n", name, i); + i++; + } +} + +int main(void) +{ + struct nfct_labelmap *l; + + l = nfct_labelmap_new("/"); + assert(l == NULL); + + l = nfct_labelmap_new(NULL); + if (l) { + print_bits(l); + print_label(l); + nfct_labelmap_destroy(l); + } else { + puts("no default config found"); + } + + l = nfct_labelmap_new("qa-connlabel.conf"); + if (!l) + l = nfct_labelmap_new("qa/qa-connlabel.conf"); + assert(l); + print_bits(l); + print_label(l); + nfct_labelmap_destroy(l); + + + return 0; +} |