summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2024-03-13 17:08:43 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2024-03-13 18:01:10 +0100
commitc4c740117f6fbf39dd67dd87635ea8b497718ad7 (patch)
treef9c47dd562d9179a947a1a8cd18aa264192bb60f
parentc92ec3b21979fe446fafa139c06ee99cb17ffd54 (diff)
tests: py: move meter tests to tests/shellHEADmaster
Userspace performs an translation to dynamic set which does not fit well into tests/py, move them to tests/shell. Fixes: b8f8ddfff733 ("evaluate: translate meter into dynamic set") Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--tests/py/ip/flowtable.t5
-rw-r--r--tests/py/ip/flowtable.t.json24
-rw-r--r--tests/py/ip/flowtable.t.payload7
-rw-r--r--tests/py/ip6/flowtable.t6
-rw-r--r--tests/py/ip6/flowtable.t.json62
-rw-r--r--tests/py/ip6/flowtable.t.json.output62
-rw-r--r--tests/py/ip6/flowtable.t.payload16
-rw-r--r--tests/shell/testcases/sets/dumps/meter_0.json-nft203
-rw-r--r--tests/shell/testcases/sets/dumps/meter_0.nft29
-rwxr-xr-xtests/shell/testcases/sets/meter_018
10 files changed, 250 insertions, 182 deletions
diff --git a/tests/py/ip/flowtable.t b/tests/py/ip/flowtable.t
deleted file mode 100644
index 086c6cf6..00000000
--- a/tests/py/ip/flowtable.t
+++ /dev/null
@@ -1,5 +0,0 @@
-:input;type filter hook input priority 0
-
-*ip;test-ip;input
-
-meter xyz size 8192 { ip saddr timeout 30s counter};ok
diff --git a/tests/py/ip/flowtable.t.json b/tests/py/ip/flowtable.t.json
deleted file mode 100644
index a03cc9d7..00000000
--- a/tests/py/ip/flowtable.t.json
+++ /dev/null
@@ -1,24 +0,0 @@
-# meter xyz size 8192 { ip saddr timeout 30s counter}
-[
- {
- "meter": {
- "key": {
- "elem": {
- "timeout": 30,
- "val": {
- "payload": {
- "field": "saddr",
- "protocol": "ip"
- }
- }
- }
- },
- "name": "xyz",
- "size": 8192,
- "stmt": {
- "counter": null
- }
- }
- }
-]
-
diff --git a/tests/py/ip/flowtable.t.payload b/tests/py/ip/flowtable.t.payload
deleted file mode 100644
index c0aad39e..00000000
--- a/tests/py/ip/flowtable.t.payload
+++ /dev/null
@@ -1,7 +0,0 @@
-# meter xyz size 8192 { ip saddr timeout 30s counter}
-xyz test-ip 31
-xyz test-ip 0
-ip test-ip input
- [ payload load 4b @ network header + 12 => reg 1 ]
- [ dynset update reg_key 1 set xyz timeout 30000ms expr [ counter pkts 0 bytes 0 ] ]
-
diff --git a/tests/py/ip6/flowtable.t b/tests/py/ip6/flowtable.t
deleted file mode 100644
index e58d51bb..00000000
--- a/tests/py/ip6/flowtable.t
+++ /dev/null
@@ -1,6 +0,0 @@
-:input;type filter hook input priority 0
-
-*ip6;test-ip6;input
-
-meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter };ok;meter acct_out size 4096 { iif . ip6 saddr timeout 10m counter }
-meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter };ok;meter acct_out size 12345 { ip6 saddr . iif timeout 10m counter }
diff --git a/tests/py/ip6/flowtable.t.json b/tests/py/ip6/flowtable.t.json
deleted file mode 100644
index d0b3a957..00000000
--- a/tests/py/ip6/flowtable.t.json
+++ /dev/null
@@ -1,62 +0,0 @@
-# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
-[
- {
- "meter": {
- "key": {
- "elem": {
- "timeout": 600,
- "val": {
- "concat": [
- {
- "meta": { "key": "iif" }
- },
- {
- "payload": {
- "field": "saddr",
- "protocol": "ip6"
- }
- }
- ]
- }
- }
- },
- "name": "acct_out",
- "size": 4096,
- "stmt": {
- "counter": null
- }
- }
- }
-]
-
-# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter }
-[
- {
- "meter": {
- "key": {
- "elem": {
- "timeout": 600,
- "val": {
- "concat": [
- {
- "payload": {
- "field": "saddr",
- "protocol": "ip6"
- }
- },
- {
- "meta": { "key": "iif" }
- }
- ]
- }
- }
- },
- "name": "acct_out",
- "size": 12345,
- "stmt": {
- "counter": null
- }
- }
- }
-]
-
diff --git a/tests/py/ip6/flowtable.t.json.output b/tests/py/ip6/flowtable.t.json.output
deleted file mode 100644
index d0b3a957..00000000
--- a/tests/py/ip6/flowtable.t.json.output
+++ /dev/null
@@ -1,62 +0,0 @@
-# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
-[
- {
- "meter": {
- "key": {
- "elem": {
- "timeout": 600,
- "val": {
- "concat": [
- {
- "meta": { "key": "iif" }
- },
- {
- "payload": {
- "field": "saddr",
- "protocol": "ip6"
- }
- }
- ]
- }
- }
- },
- "name": "acct_out",
- "size": 4096,
- "stmt": {
- "counter": null
- }
- }
- }
-]
-
-# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter }
-[
- {
- "meter": {
- "key": {
- "elem": {
- "timeout": 600,
- "val": {
- "concat": [
- {
- "payload": {
- "field": "saddr",
- "protocol": "ip6"
- }
- },
- {
- "meta": { "key": "iif" }
- }
- ]
- }
- }
- },
- "name": "acct_out",
- "size": 12345,
- "stmt": {
- "counter": null
- }
- }
- }
-]
-
diff --git a/tests/py/ip6/flowtable.t.payload b/tests/py/ip6/flowtable.t.payload
deleted file mode 100644
index 559475f6..00000000
--- a/tests/py/ip6/flowtable.t.payload
+++ /dev/null
@@ -1,16 +0,0 @@
-# meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
-acct_out test-ip6 31
-acct_out test-ip6 0
-ip6 test-ip6 input
- [ meta load iif => reg 1 ]
- [ payload load 16b @ network header + 8 => reg 9 ]
- [ dynset update reg_key 1 set acct_out timeout 600000ms expr [ counter pkts 0 bytes 0 ] ]
-
-# meter acct_out size 12345 { ip6 saddr . meta iif timeout 600s counter }
-acct_out test-ip6 31
-acct_out test-ip6 0
-ip6 test-ip6 input
- [ payload load 16b @ network header + 8 => reg 1 ]
- [ meta load iif => reg 2 ]
- [ dynset update reg_key 1 set acct_out timeout 600000ms expr [ counter pkts 0 bytes 0 ] ]
-
diff --git a/tests/shell/testcases/sets/dumps/meter_0.json-nft b/tests/shell/testcases/sets/dumps/meter_0.json-nft
new file mode 100644
index 00000000..71e83b19
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/meter_0.json-nft
@@ -0,0 +1,203 @@
+{
+ "nftables": [
+ {
+ "metainfo": {
+ "version": "VERSION",
+ "release_name": "RELEASE_NAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": {
+ "family": "ip6",
+ "name": "test",
+ "handle": 0
+ }
+ },
+ {
+ "set": {
+ "family": "ip6",
+ "name": "acct_out",
+ "table": "test",
+ "type": [
+ "iface_index",
+ "ipv6_addr"
+ ],
+ "handle": 0,
+ "size": 4096,
+ "flags": [
+ "timeout",
+ "dynamic"
+ ]
+ }
+ },
+ {
+ "set": {
+ "family": "ip6",
+ "name": "acct_out2",
+ "table": "test",
+ "type": [
+ "ipv6_addr",
+ "iface_index"
+ ],
+ "handle": 0,
+ "size": 12345,
+ "flags": [
+ "timeout",
+ "dynamic"
+ ]
+ }
+ },
+ {
+ "chain": {
+ "family": "ip6",
+ "table": "test",
+ "name": "test",
+ "handle": 0
+ }
+ },
+ {
+ "rule": {
+ "family": "ip6",
+ "table": "test",
+ "chain": "test",
+ "handle": 0,
+ "expr": [
+ {
+ "set": {
+ "op": "update",
+ "elem": {
+ "elem": {
+ "val": {
+ "concat": [
+ {
+ "meta": {
+ "key": "iif"
+ }
+ },
+ {
+ "payload": {
+ "protocol": "ip6",
+ "field": "saddr"
+ }
+ }
+ ]
+ },
+ "timeout": 600
+ }
+ },
+ "set": "@acct_out",
+ "stmt": [
+ {
+ "counter": null
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "rule": {
+ "family": "ip6",
+ "table": "test",
+ "chain": "test",
+ "handle": 0,
+ "expr": [
+ {
+ "set": {
+ "op": "update",
+ "elem": {
+ "elem": {
+ "val": {
+ "concat": [
+ {
+ "payload": {
+ "protocol": "ip6",
+ "field": "saddr"
+ }
+ },
+ {
+ "meta": {
+ "key": "iif"
+ }
+ }
+ ]
+ },
+ "timeout": 600
+ }
+ },
+ "set": "@acct_out2",
+ "stmt": [
+ {
+ "counter": null
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "table": {
+ "family": "ip",
+ "name": "test",
+ "handle": 0
+ }
+ },
+ {
+ "set": {
+ "family": "ip",
+ "name": "xyz",
+ "table": "test",
+ "type": "ipv4_addr",
+ "handle": 0,
+ "size": 8192,
+ "flags": [
+ "timeout",
+ "dynamic"
+ ]
+ }
+ },
+ {
+ "chain": {
+ "family": "ip",
+ "table": "test",
+ "name": "test",
+ "handle": 0
+ }
+ },
+ {
+ "rule": {
+ "family": "ip",
+ "table": "test",
+ "chain": "test",
+ "handle": 0,
+ "expr": [
+ {
+ "set": {
+ "op": "update",
+ "elem": {
+ "elem": {
+ "val": {
+ "payload": {
+ "protocol": "ip",
+ "field": "saddr"
+ }
+ },
+ "timeout": 30
+ }
+ },
+ "set": "@xyz",
+ "stmt": [
+ {
+ "counter": null
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+}
diff --git a/tests/shell/testcases/sets/dumps/meter_0.nft b/tests/shell/testcases/sets/dumps/meter_0.nft
new file mode 100644
index 00000000..3843f9a9
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/meter_0.nft
@@ -0,0 +1,29 @@
+table ip6 test {
+ set acct_out {
+ type iface_index . ipv6_addr
+ size 4096
+ flags dynamic,timeout
+ }
+
+ set acct_out2 {
+ type ipv6_addr . iface_index
+ size 12345
+ flags dynamic,timeout
+ }
+
+ chain test {
+ update @acct_out { iif . ip6 saddr timeout 10m counter }
+ update @acct_out2 { ip6 saddr . iif timeout 10m counter }
+ }
+}
+table ip test {
+ set xyz {
+ type ipv4_addr
+ size 8192
+ flags dynamic,timeout
+ }
+
+ chain test {
+ update @xyz { ip saddr timeout 30s counter }
+ }
+}
diff --git a/tests/shell/testcases/sets/meter_0 b/tests/shell/testcases/sets/meter_0
new file mode 100755
index 00000000..82e6f20a
--- /dev/null
+++ b/tests/shell/testcases/sets/meter_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip6 test {
+ chain test {
+ meter acct_out size 4096 { meta iif . ip6 saddr timeout 600s counter }
+ meter acct_out2 size 12345 { ip6 saddr . meta iif timeout 600s counter }
+ }
+}
+
+table ip test {
+ chain test {
+ meter xyz size 8192 { ip saddr timeout 30s counter}
+ }
+}"
+
+$NFT -f - <<< $RULESET