summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* src: add range expressionPablo Neira Ayuso2016-10-133-0/+114
| | | | | | | | Add range expression available that is scheduled for linux kernel 4.9. This range expression allows us to check if a given value placed in a register is within/outside a specified interval. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove libmxml supportArturo Borrero2016-09-2370-132/+4
| | | | | | | | | | | | | | | | | | | This patch removes the libmxml integration in libnftnl, since we have JSON in place and there is no need to support two at the same time. The JSON support is much better, for example libjansson has a better parsing error reporting. Moreover, libmxml 2.10 breaks the integration with libnftnl somehow, as reported in Debian bug #83870 [0]. Also, the XML support inside libnftnl has never been in good shape, with several tiny inconsitencies. [0] https://bugs.debian.org/838370 Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: numgen: add number generation offsetLaura Garcia Liebana2016-09-221-0/+4
| | | | | | | | | | | | | | | | Add support to pass through an offset value to the counter initialization. With this feature, the sysadmin is able to apply a value to be added to the generated number. Example: meta mark set numgen inc mod 2 offset 100 This will generate marks with series 100, 101, 100, 101, ... Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: hash: Add offset to hash valueLaura Garcia Liebana2016-09-121-0/+4
| | | | | | | | | | | | | | | | Add support to pass through an offset to the hash value. With this feature, the sysadmin is able to generate a hash with a given started value. Example: meta mark set jhash ip saddr mod 2 seed 0xabcd offset 100 This option generates marks according to the source address from 100 to 101. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: queue: add missing NFTNL_EXPR_QUEUE_FLAGS compare testLiping Zhang2016-09-121-0/+3
| | | | | | | | We forgot to compare NFTNL_EXPR_QUEUE_FLAGS between two exprs, now add it. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: numgen: Rename until attribute by modulusLaura Garcia Liebana2016-09-071-4/+4
| | | | | | | | | | | The _modulus_ attribute will be reused as _until_, as it's similar to other expressions with value limits (ex. hash). Renaming is possible according to the kernel module ntf_numgen that has not been released yet. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add number generation expressionLaura Garcia Liebana2016-08-223-0/+103
| | | | | | | Support for the nft ng expression within libnftnl. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add quota expressionPablo Neira Ayuso2016-08-223-0/+97
| | | | | | This patch adds support for the new quota expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add hash expressionLaura Garcia Liebana2016-08-173-1/+108
| | | | | | | Support for the nft hash expression in libnftnl. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: masq: Fix wrong expression creationCarlos Falgueras García2016-08-131-1/+1
| | | | | | | The expression should be "masq" not "nat. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Fix tests for immediate and lookup expressionsCarlos Falgueras García2016-08-103-35/+67
| | | | | | | | | | An error at Makefile.am has caused that the tests 'nft-expr_immediate-test.c' and 'nft-expr_lookup-tests.c' have not been compiled since they were created. This patch fix that error and some errors in both tests. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Add missing tests to test-script.shCarlos Falgueras García2016-08-101-0/+3
| | | | | Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Check set user dataCarlos Falgueras García2016-07-011-0/+4
| | | | | Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: give support for inverted matchingArturo Borrero2016-06-241-0/+4
| | | | | | | | Inverted matching support was included in the kernel, let's give support here as well. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: stricter string attribute validationPablo Neira Ayuso2016-06-151-6/+3
| | | | | | In nft-expr_lookup-test.c, check for the strings instead of size. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shuffle values that are injectedPablo Neira Ayuso2016-06-1516-34/+34
| | | | | | | Shuffle value that are used to set attributes, this variability should help us catch more problems in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Free nftnl_udata_buf before exitCarlos Falgueras García2016-05-251-0/+1
| | | | | Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: expr-nat: Use different values to testShivani Bhardwaj2016-04-151-6/+6
| | | | | | | | Tests are more effective if different values are set so, use different values for every expression. Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: nft-rule-test: check for NFTNL_RULE_USERDATACarlos Falgueras García2016-04-141-0/+21
| | | | | | | Modify nft-rule-test.c to check TLV attribute inclusion in nftnl_rule. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: masq: Add support for port selectionShivani Bhardwaj2016-03-031-0/+8
| | | | | | | Complete masquerading support by allowing port range selection. Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add forward expressionPablo Neira Ayuso2016-02-012-0/+94
| | | | | | Add forward expression for the netdev family. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: add support for flagsPablo Neira Ayuso2016-01-131-0/+4
| | | | | | | This patch adds the limit flags, the first client of this is the inversion flag that allows us to match overlimit. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add dup expression supportPablo Neira Ayuso2015-09-212-0/+98
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: add per-byte limiting supportPablo Neira Ayuso2015-09-211-0/+4
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: add burst attributePablo Neira Ayuso2015-09-211-0/+4
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: get rid of _attr_ infix in new nftnl_ definitionsPablo Neira Ayuso2015-09-074-88/+88
| | | | | | | The function names are already large, trim off the _ATTR_ infix in the attribute definitions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: get rid of _ATTR_ infix in new nfntl_ definitionsPablo Neira Ayuso2015-09-074-88/+88
| | | | | | | The constant names are already large, trim off the _ATTR_ infix in the attribute definitions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rename nftnl_rule_expr to nftnl_exprPablo Neira Ayuso2015-09-0719-472/+472
| | | | | | | Use a shorter name for this, morever this can be used from sets so the _rule_ is misleading. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rename existing functions to use the nftnl_ prefixPablo Neira Ayuso2015-09-0724-850/+850
| | | | | | | | | So we can use the nft_* prefix anytime soon for our upcoming higher level library. After this patch, the nft_* symbols become an alias of the nftnl_* symbols. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add netdev family supportPablo Neira Ayuso2015-06-162-6/+7
| | | | | | | | | Add support for the new NFT_CHAIN_ATTR_DEV attribute that indicates that the basechain is attached to a net_device. This partially reworks 1dd9ba1ea23c ("table: add netdev family support"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add netdev family supportPablo Neira Ayuso2015-05-291-3/+6
| | | | | | This adds support for the new 'netdev' family tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: update JSON/XML tests with the new syntaxAlvaro Neira Ayuso2015-02-10125-124/+126
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: data_reg: use 'reg' instead of 'data_reg'Pablo Neira Ayuso2014-11-1078-78/+78
| | | | | | | | | | | | data_reg is unnecessarily long name and it always has to be wrapped by another data node. This will allow us to represent data not only as registers if needed. Get rid of 'cmpdata' and 'immediatedata' too and use 'data' instead to wrap 'reg' so these are consistent with the bitwise expression. No reason for such specific tag per expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: consolidate XML/JSON exportationPablo Neira Ayuso2014-11-106-6/+6
| | | | | | | | | | | | | | Add new buffer class to consolidate the existing code to export objects in XML/JSON and use it. We save ~700 LOC with this change. The rule and set objects are not yet consolidated. It seems this would require some specific glue code per representation type since lists are arranged differently. This also consolidates the tag names, so we make sure the same are used from XML and JSON by placing them in include/buffer.h. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: use 'nat_type' instead of 'type' in the parserPablo Neira Ayuso2014-11-102-2/+2
| | | | | | 'type' is already used from the expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add tests for nft_redir expressionArturo Borrero2014-10-305-0/+104
| | | | | | | This patch add some tests for the nft_redir expression. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: also test nat flags attributeArturo Borrero2014-10-033-2/+6
| | | | | | | The nat expression has a new attribute. Let's give some testing. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add tests for the masq expressionArturo Borrero2014-10-035-0/+96
| | | | | | | The masq expression is lacking of tests. Let's add some. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: get rid of cached copies of x_tables.h and xt_LOG.hPablo Neira Ayuso2014-08-312-26/+5
| | | | | | | | | | Keeping the full cached copy the of x_tables.h file in tree is too much for just the XT_EXTENSION_MAXNAMELEN constant. Similarly, xt_LOG.h is not actually required by the tests, we can use any whatever syntetic data to make sure the setter and getter provide the same result. So, let's get rid of these headers from the library tree. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Add json and xml test file for queueAna Rey2014-06-164-0/+5
| | | | | | | New xml and json test files. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xmlfiles: Test files without unset child elements in set elementsAna Rey2014-06-113-3/+3
| | | | | | | Test files without unset child element in set elements. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: nft-parsing-test: Display error reason when testing XMLAna Rey2014-06-111-1/+2
| | | | | | | | | | | | | | | Add the use of system errors (nft_parse_perror) in test_xml to know which node is not found. Example: parsing xmlfiles/75-ruleset.xml: FAILED (Invalid argument) Reason : Node "flags" not found [ I have mangled this patch to rename this the current 'fail' message to 'Reason' --pablo ] Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xmlfile: Remove unset child elements in the log expressionAna Rey2014-06-104-4/+4
| | | | | | | Test files without unset child element in the log expression. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: include xml and json test files via make distcheckPablo Neira Ayuso2014-04-261-1/+3
| | | | | Reported-by: Kevin Fenzi <kevin@scrye.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: include test-script.sh via make distcheckPablo Neira Ayuso2014-04-251-0/+2
| | | | | Reported-by: Kevin Fenzi <kevin@scrye.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Fix a memory leakAna Rey2014-04-141-0/+2
| | | | | | | | | | | | | | Free nft_parse_err struct when there is an error in execute_test function. It solves the following memory leak shown by valgrind. ==7845== 24 bytes in 1 blocks are still reachable in loss record 1 of 2 ==7845== at 0x4C29590: calloc (vg_replace_malloc.c:618) ==7845== by 0x401740: execute_test_file (nft-parsing-test.c:249) ==7845== by 0x400EBB: main (nft-parsing-test.c:330) Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Add support to check a json or xml testfileAna Rey2014-04-141-1/+47
| | | | | | | | | | Add new command-line argument "-f <file>" to check a json or xml testfile. ./nft-parsing-test -f <file> Check this testfile. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: New tools to update xml and json testfilesAna Rey2014-04-141-6/+36
| | | | | | | | | | | | | New tools to updata testfiles when the structure of xml or json files are changed. It adds a new command-line argument in nft-parsing-test. With nft-parsing-test -u <directory>, you can update test files in <directory> with a new structure of xml or json file. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xml, json: Delete an immediatedate label in xml and json fileAna Rey2014-04-149-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It deletes the immediatedata label in the structure of json and xml file. Example of the old structure of xmlfile: <nftables> <rule> <family>ip</family> <table>filter</table> <chain>input</chain> <handle>32</handle> <expr type="immediate"> <dreg>0</dreg> <immediatedata> <data_reg type="verdict"> <verdict>accept</verdict> </data_reg> </immediatedata> </expr> </rule> </nftables> Example of the new structure of xmlfile: <nftables> <rule> <family>ip</family> <table>filter</table> <chain>input</chain> <handle>32</handle> <expr type="immediate"> <dreg>0</dreg> <data_reg type="verdict"> <verdict>accept</verdict> </data_reg> </expr> </rule> </nftables> To generate the new testfiles, It use the option -u of nft-parsing-test script. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xml, json: Delete a cmpdata label in xml and json fileAna Rey2014-04-1469-69/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It delete the cmpdata label in the structure of json and xml file. Example of xmlfile: The old structure of xml file: [...] <expr type="cmp"> <sreg>1</sreg> <op>eq</op> <cmpdata> <data_reg type="value"> <len>4</len> <data0>0x0100a8c0</data0> </data_reg> </cmpdata> </expr> The new structure of json file: [...] <expr type="cmp"> <sreg>1</sreg> <op>eq</op> <data_reg type="value"> <len>4</len> <data0>0x0100a8c0</data0> </data_reg> </expr> [...] To generate the new testfiles, It use the option -u of nft-parsing-test script. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>