blob: ed39d54a8986a0e5fb689f0e4f44d193c7e860b9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#!/bin/bash
#
# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This is a small testbench for adding nftables chains to kernel
# in XML format.
BINARY="../examples/nft-chain-xml-add"
NFT=$( which nft )
MKTEMP=$( which mktemp)
TMPFILE=$( $MKTEMP )
if [ ! -x "$BINARY" ] ; then
echo "E: Binary not found $BINARY"
exit 1
fi
if [ ! -x "$MKTEMP" ] ; then
echo "E: mktemp not found and is neccesary"
exit 1
fi
if [ ! -w "$TMPFILE" ] ; then
echo "E: Unable to create temp file via mktemp"
exit 1
fi
[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT"
XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=\"0\">
<properties>
<type>filter</type>
<table>filter</table>
<prio>0</prio>
<use>0</use>
<hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>accept</policy>
<family>ip</family>
</properties>
</chain>"
$NFT delete chain ip filter test1 2>/dev/null >&2
echo $XML > $TMPFILE
if ! $BINARY "$TMPFILE" ; then
echo "E: Unable to add XML:"
echo "$XML"
exit 1
fi
# This is valid (as long as the table exist)
XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0\">
<properties>
<type>filter</type>
<table>filter</table>
<prio>1</prio>
<use>0</use>
<hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>accept</policy>
<family>ip6</family>
</properties>
</chain>"
$NFT delete chain ip6 filter test2 2>/dev/null >&2
echo $XML > $TMPFILE
if ! $BINARY "$TMPFILE" ; then
echo "E: Unable to add XML:"
echo "$XML"
rm -rf $TMPFILE 2>/dev/null
exit 1
fi
# This is valid (as long as the table exist)
XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"1123123123\" version=\"0\">
<properties>
<type>filter</type>
<table>filter</table>
<prio>0</prio>
<use>0</use>
<hooknum>NF_INET_FORWARD</hooknum>
<policy>drop</policy>
<family>ip</family>
</properties>
</chain>"
$NFT delete chain ip6 filter test3 2>/dev/null >&2
echo $XML > $TMPFILE
if ! $BINARY "$TMPFILE" ; then
echo "E: Unable to add XML:"
echo "$XML"
rm -rf $TMPFILE 2>/dev/null
exit 1
fi
# This is invalid
XML="<chain name=\"XXXX\" handle=\"XXXX\" bytes=\"XXXXXXX\" packets=\"XXXXXXX\" >
<properties>
<flags>asdasd</flags>
<type>filter</type>
<table>filter</table>
<prio>asdasd</prio>
<use>asdasd</use>
<hooknum>asdasd</hooknum>
<policy>asdasd</policy>
<family>asdasd</family>
</properties>
</chain>"
if $BINARY "$XML" 2>/dev/null; then
echo "E: Accepted invalid XML:"
echo "$XML"
rm -rf $TMPFILE 2>/dev/null
exit 1
fi
rm -rf $TMPFILE 2>/dev/null
echo "I: Test OK"
|
