diff options
author | Florian Westphal <fw@strlen.de> | 2021-05-26 18:58:06 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-06-07 22:50:55 +0200 |
commit | 77b81cafb9a93a97a6b4a914fb6fbb45976f5c81 (patch) | |
tree | 2b14f41bd8c324168f4afae43b778847baba2a8c /tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input | |
parent | fee6bda064037b2abd0510241ac59d5358a7f684 (diff) |
tests: add test case for removal of anon sets with only a single element
Also add a few examples that should not be changed:
- anon set with 2 elements
- anon map with 1 element
- anon set with a concatenation
The latter could be done with cmp but this currently triggers
'Error: Use concatenations with sets and maps, not singleton values'
after removing the anon set.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input new file mode 100644 index 00000000..35b93832 --- /dev/null +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input @@ -0,0 +1,35 @@ +table ip test { + chain test { + # Test cases where anon set can be removed: + ip saddr { 127.0.0.1 } accept + iif { "lo" } accept + + # negation, can change to != 22. + tcp dport != { 22 } drop + + # single prefix, can remove anon set. + ip saddr { 127.0.0.0/8 } accept + + # range, can remove anon set. + ip saddr { 127.0.0.1-192.168.7.3 } accept + tcp sport { 1-1023 } drop + + # Test cases where anon set must be kept. + + # 2 elements, cannot remove the anon set. + ip daddr { 192.168.7.1, 192.168.7.5 } accept + tcp dport { 80, 443 } accept + + # single element, but concatenation which is not + # supported outside of set/map context at this time. + ip daddr . tcp dport { 192.168.0.1 . 22 } accept + + # single element, but a map. + meta mark set ip daddr map { 192.168.0.1 : 1 } + + # 2 elements. This could be converted because + # ct state cannot be both established and related + # at the same time, but this needs extra work. + ct state { established, related } accept + } +} |