summaryrefslogtreecommitdiffstats
path: root/qa
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2012-11-06 17:06:39 +0100
committerFlorian Westphal <fw@strlen.de>2013-05-06 21:34:15 +0200
commit6510a98f4139f112a0c76c71ff889ef93eac41fb (patch)
tree01e2ee90772ff378629bd889d51a509a26d3098e /qa
parent013a5284c901a6ce80320f499685b89d15eeed9e (diff)
api: add connlabel api and attribute
adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'qa')
-rw-r--r--qa/Makefile.am5
-rw-r--r--qa/qa-connlabel.conf11
-rw-r--r--qa/test_api.c28
-rw-r--r--qa/test_connlabel.c70
4 files changed, 108 insertions, 6 deletions
diff --git a/qa/Makefile.am b/qa/Makefile.am
index b4daf92..abe063f 100644
--- a/qa/Makefile.am
+++ b/qa/Makefile.am
@@ -1,10 +1,13 @@
include $(top_srcdir)/Make_global.am
-check_PROGRAMS = test_api test_filter ct_stress ct_events_reliable
+check_PROGRAMS = test_api test_filter test_connlabel ct_stress ct_events_reliable
test_api_SOURCES = test_api.c
test_api_LDADD = ../src/libnetfilter_conntrack.la
+test_connlabel_SOURCES = test_connlabel.c
+test_connlabel_LDADD = ../src/libnetfilter_conntrack.la
+
test_filter_SOURCES = test_filter.c
test_filter_LDADD = ../src/libnetfilter_conntrack.la
diff --git a/qa/qa-connlabel.conf b/qa/qa-connlabel.conf
new file mode 100644
index 0000000..38c3115
--- /dev/null
+++ b/qa/qa-connlabel.conf
@@ -0,0 +1,11 @@
+0 zero
+# duplicate names should be skipped
+1 zero
+1 test label 1
+1 zero
+# .. so this should have added bit 1 as "test label 1"
+2 test label 2
+# duplicate bit, should be skipped, too
+2 duplicate
+5 unused label
+42 T
diff --git a/qa/test_api.c b/qa/test_api.c
index 911b160..399afdc 100644
--- a/qa/test_api.c
+++ b/qa/test_api.c
@@ -37,6 +37,8 @@ static void test_nfct_bitmask(void)
struct nfct_bitmask *a, *b;
unsigned short int maxb, i;
+ printf("== test nfct_bitmask_* API ==\n");
+
maxb = rand() & 0xffff;
a = nfct_bitmask_new(maxb);
@@ -77,6 +79,7 @@ static void test_nfct_bitmask(void)
}
nfct_bitmask_destroy(b);
+ printf("OK\n");
}
@@ -88,6 +91,7 @@ int main(void)
char data[256];
const char *val;
int status;
+ struct nfct_bitmask *b;
srand(time(NULL));
@@ -117,8 +121,15 @@ int main(void)
eval_sigterm(status);
}
- for (i=0; i<ATTR_MAX; i++)
- nfct_set_attr(ct, i, data);
+ for (i=0; i<ATTR_MAX; i++) {
+ if (i != ATTR_CONNLABELS) {
+ nfct_set_attr(ct, i, data);
+ continue;
+ }
+ b = nfct_bitmask_new(rand() & 0xffff);
+ assert(b);
+ nfct_set_attr(ct, i, b);
+ }
printf("== test get API ==\n");
ret = fork();
@@ -150,11 +161,19 @@ int main(void)
case ATTR_HELPER_INFO:
nfct_set_attr_l(ct, i, data, sizeof(data));
break;
+ case ATTR_CONNLABELS:
+ /* already set above */
+ break;
default:
data[0] = (uint8_t) i;
nfct_set_attr(ct, i, data);
}
val = nfct_get_attr(ct, i);
+ switch (i) {
+ case ATTR_CONNLABELS:
+ assert((void *) val == b);
+ continue;
+ }
if (val[0] != data[0]) {
printf("ERROR: set/get operations don't match "
@@ -333,10 +352,9 @@ int main(void)
nfexp_destroy(exp);
nfexp_destroy(tmp_exp);
- printf("== test nfct_bitmask_* API ==\n");
- test_nfct_bitmask();
-
printf("OK\n");
+ test_nfct_bitmask();
+
return EXIT_SUCCESS;
}
diff --git a/qa/test_connlabel.c b/qa/test_connlabel.c
new file mode 100644
index 0000000..27cbca2
--- /dev/null
+++ b/qa/test_connlabel.c
@@ -0,0 +1,70 @@
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include <libmnl/libmnl.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static void print_label(struct nfct_labelmap *map)
+{
+ int b = nfct_labelmap_get_bit(map, "test label 1");
+ assert(b == 1);
+
+ b = nfct_labelmap_get_bit(map, "zero");
+ assert(b == 0);
+
+ b = nfct_labelmap_get_bit(map, "test label 2");
+ assert(b == 2);
+
+ b = nfct_labelmap_get_bit(map, "duplicate");
+ assert(b < 0);
+
+ b = nfct_labelmap_get_bit(map, "invalid label");
+ assert(b < 0);
+
+ b = nfct_labelmap_get_bit(map, "T");
+ assert(b == 42);
+}
+
+static void print_bits(struct nfct_labelmap *map)
+{
+ unsigned int i = 0;
+
+ for (;;) {
+ const char *name = nfct_labelmap_get_name(map, i);
+ if (!name)
+ break;
+ if (name[0])
+ printf("%s, %d\n", name, i);
+ i++;
+ }
+}
+
+int main(void)
+{
+ struct nfct_labelmap *l;
+
+ l = nfct_labelmap_new("/");
+ assert(l == NULL);
+
+ l = nfct_labelmap_new(NULL);
+ if (l) {
+ print_bits(l);
+ print_label(l);
+ nfct_labelmap_destroy(l);
+ } else {
+ puts("no default config found");
+ }
+
+ l = nfct_labelmap_new("qa-connlabel.conf");
+ if (!l)
+ l = nfct_labelmap_new("qa/qa-connlabel.conf");
+ assert(l);
+ print_bits(l);
+ print_label(l);
+ nfct_labelmap_destroy(l);
+
+
+ return 0;
+}