diff options
author | Phil Sutter <phil@nwl.cc> | 2018-05-09 16:03:43 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-09 18:29:21 +0200 |
commit | a4dab4ecde114e0b3a6537a5cc7accd60dd25f17 (patch) | |
tree | 04948f8b4ed5ac23f346a18e6a68ea4bd8d039a5 /tests/shell/testcases/rule_management/0001addinsertposition_0 | |
parent | 816d8c7659c1d90ce6827baaa939820a3bae2ae0 (diff) |
tests/shell: Extend rule_management/0001addposition_0
Combine it with 0002insertposition_0 due to the many similarities,
extend it to test 'handle' and 'index' parameters as well and rename the
testcase accordingly.
Also add a new 0002addinsertlocation_1 which tests that wrong argument
to all of the location parameters fails.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/rule_management/0001addinsertposition_0')
-rwxr-xr-x | tests/shell/testcases/rule_management/0001addinsertposition_0 | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/tests/shell/testcases/rule_management/0001addinsertposition_0 b/tests/shell/testcases/rule_management/0001addinsertposition_0 new file mode 100755 index 00000000..bb3fda51 --- /dev/null +++ b/tests/shell/testcases/rule_management/0001addinsertposition_0 @@ -0,0 +1,89 @@ +#!/bin/bash + +# tests for Netfilter bug #965 and the related fix +# (regarding rule management with a given position/handle spec) + +set -e + +RULESET="flush ruleset +table ip t { + chain c { + accept + accept + } +}" + +EXPECTED="table ip t { + chain c { + accept + drop + accept + } +}" + +for arg in "position 2" "handle 2" "index 0"; do + $NFT -f - <<< "$RULESET" + $NFT add rule t c $arg drop || { + $NFT list ruleset + exit 1 + } + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done + +for arg in "position 3" "handle 3" "index 1"; do + $NFT -f - <<< "$RULESET" + $NFT insert rule t c $arg drop + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done + +EXPECTED="table ip t { + chain c { + accept + accept + drop + } +}" + +for arg in "position 3" "handle 3" "index 1"; do + $NFT -f - <<< "$RULESET" + $NFT add rule t c $arg drop + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done + +EXPECTED="table ip t { + chain c { + drop + accept + accept + } +}" + +for arg in "position 2" "handle 2" "index 0"; do + $NFT -f - <<< "$RULESET" + $NFT insert rule t c $arg drop + + GET="$($NFT list ruleset)" + if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 + fi +done |