diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/nft-chain-xml-add.sh | 123 | ||||
-rwxr-xr-x | test/nft-rule-xml-add.sh | 125 | ||||
-rwxr-xr-x | test/nft-table-xml-add.sh | 75 |
3 files changed, 0 insertions, 323 deletions
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh deleted file mode 100755 index ed39d54..0000000 --- a/test/nft-chain-xml-add.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/bash - -# -# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# - -# This is a small testbench for adding nftables chains to kernel -# in XML format. - -BINARY="../examples/nft-chain-xml-add" -NFT=$( which nft ) -MKTEMP=$( which mktemp) -TMPFILE=$( $MKTEMP ) - -if [ ! -x "$BINARY" ] ; then - echo "E: Binary not found $BINARY" - exit 1 -fi - -if [ ! -x "$MKTEMP" ] ; then - echo "E: mktemp not found and is neccesary" - exit 1 -fi - -if [ ! -w "$TMPFILE" ] ; then - echo "E: Unable to create temp file via mktemp" - exit 1 -fi - -[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT" - -XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=\"0\"> - <properties> - <type>filter</type> - <table>filter</table> - <prio>0</prio> - <use>0</use> - <hooknum>NF_INET_LOCAL_IN</hooknum> - <policy>accept</policy> - <family>ip</family> - </properties> -</chain>" - -$NFT delete chain ip filter test1 2>/dev/null >&2 -echo $XML > $TMPFILE -if ! $BINARY "$TMPFILE" ; then - echo "E: Unable to add XML:" - echo "$XML" - exit 1 -fi - -# This is valid (as long as the table exist) -XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0\"> - <properties> - <type>filter</type> - <table>filter</table> - <prio>1</prio> - <use>0</use> - <hooknum>NF_INET_POST_ROUTING</hooknum> - <policy>accept</policy> - <family>ip6</family> - </properties> -</chain>" - -$NFT delete chain ip6 filter test2 2>/dev/null >&2 -echo $XML > $TMPFILE -if ! $BINARY "$TMPFILE" ; then - echo "E: Unable to add XML:" - echo "$XML" - rm -rf $TMPFILE 2>/dev/null - exit 1 -fi - -# This is valid (as long as the table exist) -XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"1123123123\" version=\"0\"> - <properties> - <type>filter</type> - <table>filter</table> - <prio>0</prio> - <use>0</use> - <hooknum>NF_INET_FORWARD</hooknum> - <policy>drop</policy> - <family>ip</family> - </properties> -</chain>" - -$NFT delete chain ip6 filter test3 2>/dev/null >&2 -echo $XML > $TMPFILE -if ! $BINARY "$TMPFILE" ; then - echo "E: Unable to add XML:" - echo "$XML" - rm -rf $TMPFILE 2>/dev/null - exit 1 -fi - -# This is invalid -XML="<chain name=\"XXXX\" handle=\"XXXX\" bytes=\"XXXXXXX\" packets=\"XXXXXXX\" > - <properties> - <flags>asdasd</flags> - <type>filter</type> - <table>filter</table> - <prio>asdasd</prio> - <use>asdasd</use> - <hooknum>asdasd</hooknum> - <policy>asdasd</policy> - <family>asdasd</family> - </properties> - </chain>" - -if $BINARY "$XML" 2>/dev/null; then - echo "E: Accepted invalid XML:" - echo "$XML" - rm -rf $TMPFILE 2>/dev/null - exit 1 -fi - -rm -rf $TMPFILE 2>/dev/null -echo "I: Test OK" diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh deleted file mode 100755 index 2a052b2..0000000 --- a/test/nft-rule-xml-add.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# -# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. - -# This is a small testbench for adding nftables rules to kernel -# in XML format. - -BINARY="../examples/nft-rule-xml-add" -NFT="$( which nft )" -MKTEMP="$( which mktemp )" -TMPFILE="$( $MKTEMP )" - -if [ ! -x "$BINARY" ] ; then - echo "E: Binary not found $BINARY" - exit 1 -fi - -if [ ! -x "$MKTEMP" ] ; then - echo "E: mktemp not found. Is mandatory." - exit 1 -fi - -if [ ! -w "$TMPFILE" ] ; then - echo "E: Unable to create tempfile with mktemp" - exit 1 -fi - -[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT" - -XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\"> - <rule_flags>0</rule_flags> - <compat_flags>0</compat_flags> - <compat_proto>0</compat_proto> - <expr type=\"meta\"> - <dreg>1</dreg> - <key>iif</key> - </expr> - <expr type=\"cmp\"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type=\"value\"> - <len>4</len> - <data0>0x04000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type=\"payload\"> - <dreg>1</dreg> - <base>transport</base> - <offset>12</offset> - <len>4</len> - </expr> - <expr type=\"cmp\"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type=\"value\"> - <len>4</len> - <data0>0x96d60496</data0> - </data_reg> - </cmpdata> - </expr> - <expr type=\"payload\"> - <dreg>1</dreg> - <base>link</base> - <offset>16</offset> - <len>4</len> - </expr> - <expr type=\"cmp\"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type=\"value\"> - <len>4</len> - <data0>0x96d60329</data0> - </data_reg> - </cmpdata> - </expr> - <expr type=\"payload\"> - <dreg>1</dreg> - <base>network</base> - <offset>9</offset> - <len>1</len> - </expr> - <expr type=\"cmp\"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type=\"value\"> - <len>4</len> - <data0>0x06000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type=\"match\"> - <name>state</name> - </expr> - <expr type=\"counter\"> - <pkts>123123</pkts> - <bytes>321321</bytes> - </expr> - <expr type=\"target\"> - <name>LOG</name> - </expr> -</rule>" - -$NFT add table filter 2>/dev/null >&2 -$NFT add chain filter INPUT 2>/dev/null >&2 - -echo $XML > $TMPFILE -if ! $BINARY "$TMPFILE" ; then - echo "E: Unable to add XML." - rm -rf $TMPFILE 2>/dev/null - exit 1 -fi - -rm -rf $TMPFILE 2>/dev/null -echo "I: Test OK" diff --git a/test/nft-table-xml-add.sh b/test/nft-table-xml-add.sh deleted file mode 100755 index 30b65e1..0000000 --- a/test/nft-table-xml-add.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash - -# -# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# - -# This is a small testbench for adding nftables tables to kernel -# in XML format. - -BINARY="../examples/nft-table-xml-add" -NFT="$( which nft )" -MKTEMP="$( which mktemp)" -TMPFILE="$( $MKTEMP )" - -if [ ! -x "$BINARY" ] ; then - echo "E: Binary not found $BINARY" - exit 1 -fi - -if [ ! -x "$MKTEMP" ] ; then - echo "E: mktemp not found and is neccesary" - exit 1 -fi - -if [ ! -w "$TMPFILE" ] ; then - echo "E: Unable to create temp file via mktemp" - exit 1 -fi - - -if [ ! -x "$NFT" ] ; then - echo "W: nftables main binary not found but continuing anyway $NFT" -fi - -# This is valid -XML="<table name=\"filter_test\" version=\"0\"> - <properties> - <family>ip</family> - <table_flags>0</table_flags> - </properties> -</table>" - -$NFT delete table filter_test 2>/dev/null >&2 -echo $XML > $TMPFILE -if ! $BINARY "$TMPFILE" ; then - echo "E: Unable to add XML:" - echo "$XML" - rm -rf $TMPFILE 2>/dev/null - exit 1 -fi - -# This is valid -XML="<table name=\"filter6_test\" version=\"0\"> - <properties> - <family>ip6</family> - <table_flags>0</table_flags> - </properties> -</table>" - -$NFT delete table filter6_test 2>/dev/null >&2 -echo $XML > $TMPFILE -if ! $BINARY "$TMPFILE" ; then - echo "E: Unable to add XML:" - echo "$XML" - rm -rf $TMPFILE 2>/dev/null - exit 1 -fi - -rm -rf $TMPFILE 2>/dev/null -echo "I: Test OK" |