summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* tests: xml: delete commentsArturo Borrero2014-01-1548-48/+0
| | | | | | | | | | | | | | | | When building a XML tree, only one root node can be in place. This is a "feature" added in libmxml 2.7: <<< mxmlLoad... did not error out on XML with multiple root nodes (Bug #403) >>> In libmxml 2.6 the second root node was ignored, not because it was a comment but a bug. Our files had two root nodes, being comments or not. libmxml accept comments, but inside the root node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: nft-parsing-test: use nft_ruleset_parse_file()Arturo Borrero2014-01-09112-338/+144
| | | | | | | | | | All testfiles are now enclosed in the corresponding top element, ie. * XML: <nftables>...</nftables> * JSON: {"nftables":[...]} Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: new error reporting approach for XML/JSON parsersÁlvaro Neira Ayuso2014-01-061-17/+23
| | | | | | | | | | | | | | I have added a new structure for reporting some errors in parser that we can't cover with errno. In this patch, we have three errors that we can't cover with errno: NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input NFT_PARSE_EMISSINGNODE : Missing node in our input NFT_PARSE_EBADTYPE : Wrong type value in a node Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: expr-target: fix deprecation warningArturo Borrero2013-11-301-3/+3
| | | | | | | | | This fixes the following warning: In file included from nft-expr_target-test.c:19:0: /usr/include/linux/netfilter_ipv4/ipt_LOG.h:4:2: warning: #warning "Please update iptables, this file will be removed soon!" [-Wcpp] Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: extend test-script.sh to run XML and JSON testsArturo Borrero2013-11-301-0/+2
| | | | | | | Let's test the XML/JSON parsing with test-script.sh as well. Singed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add unit tests for libnftablesAna Rey2013-11-2022-1/+2122
| | | | | | | | | | | | | | | | | | | | | These tests create an initial object 'a' whose attributes are set to arbitrary values. Then, that object is converted to a Netlink message which is parsed to obtain the object 'b'. If things go well, the original object 'a' and the transformed object 'b' should be equivalent. Thus, we make sure that object transformations through the main library APIs are correct. These tests have helped to catch the following bugs in this library: (3cf788a72 expr: fix leak in target and match expressions) (4182e574f expr: match: fix wrong flag setting in nft_rule_expr_match_parse) (0bec6bc5e expr: log: release prefix) (2b690deea expr: log: fix missing \0 when sending log prefix to kernel) (e55c7afcf expr: target: fix wrong info length in nft_rule_expr_target_parse) (8fc4d4bd2 expr: log: fix wrong attribute type in nft_rule_expr_log_parse) Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: unify parse and output typesÁlvaro Neira Ayuso2013-11-141-20/+20
| | | | | | | | | Unify parse and output types that are redundant to all existing nftables objects. Thus, all NFT_*_O_[XML|JSON|DEFAULT] are merged into NFT_OUTPUT_[JSON|XML] and NFT_PARSE_[JSON|XML]. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: json: remove rule flags in ruleset test fileÁlvaro Neira Ayuso2013-11-141-1/+1
| | | | | | | | It should have been done in (2cba099 rule: remove NFT_RULE_ATTR_FLAGS). Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: fix reference to undefined symbolArturo Borrero2013-11-081-4/+4
| | | | | | | Kill reference to undefined symbol. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: report compilation without supportArturo Borrero2013-11-031-2/+2
| | | | | | | | | Print a message when there is no support for some parser. Remove those EOPNOTSUPPs because they are unused. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: report errors building XML treeArturo Borrero2013-11-031-2/+8
| | | | | | | Report error when building XML tree. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: fix memleak in XML testingArturo Borrero2013-11-031-0/+2
| | | | | | | Ensure the tree is freed when done. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: return EXIT_FAILURE if some error was foundArturo Borrero2013-11-031-4/+11
| | | | | | | Before this patch, 0 was returned unconditionally. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xml: fix truncated ruleset testfileArturo Borrero2013-10-281-1/+1
| | | | | | | | | | | Give a new XML ruleset testfile. For some reason patchwork has truncated the file? This should have been fixed in (b7c39a7 test: xml: fix malformed ruleset testfile). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: update to fit latest limit changesArturo Borrero2013-10-272-2/+2
| | | | | | | | Update tests to fit the latest limit changes in commit [e91ea14] (expr: limit: operational limit match) Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: remove NFT_RULE_ATTR_FLAGSPablo Neira Ayuso2013-10-2795-95/+95
| | | | | | | This is a leftover from the time we had per rule flags, obsoleted by the new rule batching approach. Kill it as it is unused. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: xml: fix malformed ruleset testfileArturo Borrero2013-10-271-1/+1
| | | | | | | | | | | | | | Give a new XML ruleset testfile. For some reason, the previous was truncated. This passed silently as nft-parsing-test is not reporting some errors properly. This new file provides: * 2 tables * 3 chains * 2 sets, with and without maps * 3 rules with mixed exprs Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: remove spacesÁlvaro Neira Ayuso2013-10-1751-51/+51
| | | | | | | | | | | | Remove all the spaces from the JSON output to reduce the size of the output string, this also provides a consistent output in table, chain, rule and set. As Stephen Hemminger suggested, better to squash the output to consume as less bytes as possible. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add low-level ruleset APIArturo Borrero2013-10-013-0/+43
| | | | | | | | This patch adds a low level ruleset API for libnftables. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: use human readable netfilter hookPablo Neira Ayuso2013-09-056-6/+6
| | | | | | | | | Since (108d9f6 src: Wrap netfilter hooks around human readable strings) in nft, we have to use human readable netfilter hooks. This patch also adapts the XML and JSON tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: xml: fix parsing of optional attributesArturo Borrero2013-09-043-3/+3
| | | | | | | This patch fixes the parsing of custom chains in XML. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: set: add json parsing supportÁlvaro Neira Ayuso2013-08-283-0/+13
| | | | | | | Test the functions for parsing set in JSON. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: remove unnecessary variable initializationÁlvaro Neira Ayuso2013-08-281-10/+10
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: rule: add json parsing supportÁlvaro Neira Ayuso2013-08-2043-0/+53
| | | | | | Test the functions for parsing rules in JSON. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
* tests: fix memory leaks in jansson testÁlvaro Neira Ayuso2013-08-171-2/+4
| | | | | | | Fixed a string leak and a jansson leak. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: fix wrong node name in snprintfArturo Borrero2013-08-122-2/+2
| | | | | | | | | | | | | | This patch renames all <nat_type> nodes to <type> in nat expr. A bug is fixed, since the default option in snprintf was already <type>. This follows the pattern of avoid prefixing XML nodes. Note that this is mostly reverting what was done at: 31e34c3 (nat: xml: rename node type to nat_type). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: xml: delete <use> nodeArturo Borrero2013-08-123-3/+3
| | | | | | | | Since the 'use' attribute in a chain can't be set, ignore it in the XML printing. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xml: reorder XML elements in setsArturo Borrero2013-08-122-2/+2
| | | | | | | | Some node reorganization in order to have an input file equal to what set_snprintf will output. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: remove superfluous if checking in test_jsonPablo Neira Ayuso2013-08-111-3/+0
| | | | | | It's already done a couple of lines above. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: better parsing validationÁlvaro Neira Ayuso2013-08-111-16/+168
| | | | | | | | | | | | | | | | | | | | | | | | | Before this patch, the test only verified that we could parse the file. After this, it also compares what it has parsed with the original file. Basically, the idea is that: file -> buffer -> object -> buffer' read snprintf So we also compare that buffer = buffer' which should be true since our tests should be based on the output that the library generates. This is an example output for the OK and FAILED cases: parsing and validating xmlfiles/25-rule-exthdr.xml: OK validating xmlfiles/27-rule-limit.xml: FAILED from file: it"><rate>123123</ra from snprintf: it"><rate>321321</ra Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xml: remove \t and \n from all the filesPablo Neira Ayuso2013-08-1060-1620/+60
| | | | | | | | | | | | | | | | | These XML files are intented to be used for automated tests. Thus, it's important to have exactly the same output that was generated by the library. The beautified output does not match the real output that the library provides and it just makes things harder for us to provide a more advanced automated testing. If you want to make any of those file human readable, please use: xmllint --format file.xml or open the xml file and any browser, eg. firefox. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: delete unneeded JSON prefixesÁlvaro Neira Ayuso2013-08-092-2/+2
| | | | | | | This patch adapts JSON nodes to mimic current XML node tags. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: delete unneeded XML prefixesArturo Borrero Gonzalez2013-08-0757-76/+76
| | | | | | | | | | | | | | | | | | | | This patch changes some XML nodes with prefixes, as the example below ilustrates. Before: <rule> <rule_flags/> <rule_family/> <rule> After: <rule> <flags> <family> </rule> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: use nodes instead of attributesArturo Borrero Gonzalez2013-08-0658-72/+298
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When working with XML, it's desirable to work with nodes better than attributes. Table/chain/rules had attributes in their XML representation, and this patch transform those to nodes, ie: Before: <table name="filter"> <family>ip</family> <table_flags>0</table_flags> </table> After: <table> <name>filter</name> <family>ip</family> <table_flags>0</table_flags> </table> While at it: * There was a lot of redundant code that is now collapsed with the new nft_mxml_family_parse() helper function. * I've added a small fix: additional validation for the name of the current XML object, and also replace raw strtol calls to nft_strtoi. * Also, all XML testfiles are updated to keep passing the parsing tests and mantain the repo in consisten state. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: table/chain delete propertiesArturo Borrero Gonzalez2013-08-055-35/+25
| | | | | | | | | | This patch deletes the <properties> node in chain and table XML objects. For this to work, the first tree search with MXML_DESCEND_FIRST flag is moved to the next node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: chain: add json parsing supportÁlvaro Neira Ayuso2013-07-315-0/+13
| | | | | | | Test the functions for parsing chains in JSON. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: remove the properties node in Json outputÁlvaro Neira Ayuso2013-07-312-2/+2
| | | | | | | | I have removed the properties node from table because it provides no relevant information. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove version from XML and JSON representationsPablo Neira Ayuso2013-07-2662-62/+60
| | | | | | | | | | | | | | | | | | | | | | This patch removes the version XML node and the version JSON field in all our existing objects. The current versioning approach consists of adding a version field to every object representation in XML and JSON. While listing my entire rule-set, one can notice that this approach is too bloated. Once the library enters stable stage, if we need to obsolete a XML node and a JSON field, we can follow this procedure: 1) Remove the XML node and the JSON field from the output, so fresh outputs will not contain the old ones anymore. 2) Do not remove the parsing of the old XML node and the JSON field inmediately. We have to keep supporting the parsing for a while to avoid breaking the interpretion of old XML/JSON files. We can spot a warning to warn about it, so users generate a fresh output again. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add XML parsingArturo Borrero2013-07-263-0/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sets are now parsed, following this previous snprintf pattern: <set> <set_name>string</set_name> <set_table>table</set_table> <set_xml_version>int</set_xml_version> <set_flags>uint32_t</set_flags> <key_type>uint32_t</key_type> <key_len>size_t</key_len> <data_type>uint32_t</data_type> <data_len>size_t</data_len> <set_elem> <set_elem_flags>uint32_t</set_elem_flags> <set_elem_key> <data_reg type="value"> <len></len> <dataN></dataN> </data_reg> </set_elem_key> <set_elem_data> <data_reg type="xx"> [...] </data_reg> </set_elem_data> </set_elem> </set> Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: table: test json parsing supportÁlvaro Neira Ayuso2013-07-254-1/+52
| | | | | | | Test the functions for parsing tables in JSON Support Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xml: add realistic XML tests filesArturo Borrero2013-07-2552-120/+1295
| | | | | | | | | | | | | | | | | | | | This patch refresh current XML testfiles with some realworld expressions extracted from rules. The nft instruction itself is added as a comment for future references. All XMl files are now indented with tabs instead of spaces. Also, a bunch of new realworld rules with mixed expressions are added. I used this command to get the XML formatted with tabs: $ export XMLLINT_INDENT=$'\t' $ xmllint --format file.xml The xmllint tool is included in the libxml2-utils package (at least on debian systems). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bitwise: xml: export len nodeArturo Borrero2013-07-081-0/+1
| | | | | | | Fix missing length, it was not being exported in XML. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
* tests: nft-parsing-test: restore default terminal color after testPablo Neira Ayuso2013-06-271-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: remove several wrong XML nodes in testsPablo Neira Ayuso2013-06-273-6/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: add testbench for XMLArturo Borrero Gonzalez2013-06-2723-0/+325
This patch add a testbench for XML parsing, which may be extended to test JSON as well. To use it: $ cd test/ $ make nft-parsing-test $ ./nft-parsing-test xmlfiles/ This testbench supersedes old .sh test scripts, so they are deleted. [ I have mangled this patch to rename/mangle files, to colorize the test output and not to compile XML inconditionally --pablo ] Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>