summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/sets
diff options
context:
space:
mode:
authorLaura Garcia Liebana <nevola@gmail.com>2018-03-07 22:51:10 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-03-09 12:45:16 +0100
commit7d93e2c2fbc77f05fd7acb63a2acf9874c9ad58f (patch)
tree6773a61dcd261a25d525457bf8b6049787345424 /tests/shell/testcases/sets
parent1870165e0241bd06f96da43edbee0e0e82bfa09d (diff)
tests: shell: autogenerate dump verification
Complete the automated shell tests with the verification of the test file dump, only for positive tests and if the test execution was successful. It's able to generate the dump file with the -g option. Example: # ./run-tests.sh -g testcases/chains/0001jumps_0 The dump files are generated in the same path in the folder named dumps/ with .nft extension. It has been avoided the dump verification code in every test file. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/sets')
-rwxr-xr-xtests/shell/testcases/sets/0012add_delete_many_elements_013
-rwxr-xr-xtests/shell/testcases/sets/0013add_delete_many_elements_014
-rwxr-xr-xtests/shell/testcases/sets/0021nesting_014
-rwxr-xr-xtests/shell/testcases/sets/0029named_ifname_dtype_08
-rw-r--r--tests/shell/testcases/sets/dumps/0001named_interval_0.nft34
-rw-r--r--tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0006create_set_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0007create_element_0.nft6
-rw-r--r--tests/shell/testcases/sets/dumps/0008comments_interval_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft13
-rw-r--r--tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0010comments_0.nft6
-rw-r--r--tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft11
-rw-r--r--tests/shell/testcases/sets/dumps/0016element_leak_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0019set_check_size_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0020comments_0.nft6
-rw-r--r--tests/shell/testcases/sets/dumps/0021nesting_0.nft5
-rw-r--r--tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft13
-rw-r--r--tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft2
-rw-r--r--tests/shell/testcases/sets/dumps/0024named_objects_0.nft28
-rw-r--r--tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0026named_limit_0.nft10
-rw-r--r--tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft7
-rw-r--r--tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft11
30 files changed, 235 insertions, 49 deletions
diff --git a/tests/shell/testcases/sets/0012add_delete_many_elements_0 b/tests/shell/testcases/sets/0012add_delete_many_elements_0
index 7a5f8c69..7e7beebd 100755
--- a/tests/shell/testcases/sets/0012add_delete_many_elements_0
+++ b/tests/shell/testcases/sets/0012add_delete_many_elements_0
@@ -31,16 +31,3 @@ delete element x y $(generate)" > $tmpfile
set -e
$NFT -f $tmpfile
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/sets/0013add_delete_many_elements_0 b/tests/shell/testcases/sets/0013add_delete_many_elements_0
index 265a5540..5774317b 100755
--- a/tests/shell/testcases/sets/0013add_delete_many_elements_0
+++ b/tests/shell/testcases/sets/0013add_delete_many_elements_0
@@ -32,17 +32,3 @@ add element x y $(generate)" > $tmpfile
$NFT -f $tmpfile
echo "delete element x y $(generate)" > $tmpfile
$NFT -f $tmpfile
-
-
-EXPECTED="table ip x {
- set y {
- type ipv4_addr
- }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0
index 763d9ae1..4779f264 100755
--- a/tests/shell/testcases/sets/0021nesting_0
+++ b/tests/shell/testcases/sets/0021nesting_0
@@ -30,17 +30,3 @@ if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset" >&2
exit 1
fi
-
-EXPECTED="table ip x {
- chain y {
- ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
- }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0
index 8b7ab982..92f4a4ad 100755
--- a/tests/shell/testcases/sets/0029named_ifname_dtype_0
+++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0
@@ -25,11 +25,3 @@ EXPECTED="table inet t {
set -e
echo "$EXPECTED" > $tmpfile
$NFT -f $tmpfile
-
-GET="$($NFT list ruleset)"
-if [ "$EXPECTED" != "$GET" ] ; then
- DIFF="$(which diff)"
- [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
- exit 1
-fi
-
diff --git a/tests/shell/testcases/sets/dumps/0001named_interval_0.nft b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
new file mode 100644
index 00000000..3049aa84
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
@@ -0,0 +1,34 @@
+table inet t {
+ set s1 {
+ type ipv4_addr
+ flags interval
+ elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
+ }
+
+ set s2 {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/64,
+ fe11::-fe22:: }
+ }
+
+ set s3 {
+ type inet_proto
+ flags interval
+ elements = { 10-20, 50-60 }
+ }
+
+ set s4 {
+ type inet_service
+ flags interval
+ elements = { 0-1024, 8080-8082, 10000-40000 }
+ }
+
+ chain c {
+ ip saddr @s1 accept
+ ip6 daddr @s2 accept
+ ip protocol @s3 accept
+ ip6 nexthdr @s3 accept
+ tcp dport @s4 accept
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
new file mode 100644
index 00000000..452ee23e
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.0.0/24, 192.168.1.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
new file mode 100644
index 00000000..70c32a85
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
new file mode 100644
index 00000000..940030a1
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/64 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
new file mode 100644
index 00000000..4224d9da
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ flags interval
+ elements = { fe00::/48 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0006create_set_0.nft b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
new file mode 100644
index 00000000..70c32a85
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0007create_element_0.nft b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
new file mode 100644
index 00000000..169be117
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
new file mode 100644
index 00000000..5e7a7680
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ flags interval
+ elements = { 1.1.1.1 comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
new file mode 100644
index 00000000..ab0fe80d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+ map sourcemap {
+ type ipv4_addr : verdict
+ elements = { 100.123.10.2 : jump c }
+ }
+
+ chain postrouting {
+ ip saddr vmap @sourcemap accept
+ }
+
+ chain c {
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
new file mode 100644
index 00000000..455ebe3e
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ flags timeout
+ elements = { 1.1.1.1 comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0010comments_0.nft b/tests/shell/testcases/sets/dumps/0010comments_0.nft
new file mode 100644
index 00000000..6e42ec4b
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0010comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ elements = { ::1 comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
new file mode 100644
index 00000000..e3d4aee6
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
new file mode 100644
index 00000000..f6eddbf8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
@@ -0,0 +1,11 @@
+table ip t {
+ chain c {
+ }
+}
+table inet filter {
+ set blacklist_v4 {
+ type ipv4_addr
+ flags interval
+ elements = { 192.168.0.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0016element_leak_0.nft b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
new file mode 100644
index 00000000..9d2b0afe
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ size 2
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
new file mode 100644
index 00000000..9d2b0afe
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ size 2
+ elements = { 1.1.1.1 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
new file mode 100644
index 00000000..8cd37076
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ size 2
+ elements = { 1.1.1.1, 1.1.1.2 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft
new file mode 100644
index 00000000..d5330848
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+ set s {
+ type inet_service
+ elements = { ssh comment "test" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0021nesting_0.nft b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
new file mode 100644
index 00000000..6fd2a441
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+ chain y {
+ ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
new file mode 100644
index 00000000..3dd97602
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+ set s {
+ type ipv4_addr
+ }
+
+ map m {
+ type ipv4_addr : inet_service
+ }
+
+ chain c {
+ tcp dport http meter f { ip saddr limit rate 10/second}
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
new file mode 100644
index 00000000..985768ba
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
@@ -0,0 +1,2 @@
+table ip t {
+}
diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
new file mode 100644
index 00000000..929c5d93
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
@@ -0,0 +1,28 @@
+table inet x {
+ counter user123 {
+ packets 12 bytes 1433
+ }
+
+ quota user123 {
+ over 2000 bytes
+ }
+
+ quota user124 {
+ over 2000 bytes
+ }
+
+ set y {
+ type ipv4_addr
+ }
+
+ map test {
+ type ipv4_addr : quota
+ elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
+ }
+
+ chain y {
+ type filter hook input priority 0; policy accept;
+ counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
+ quota name ip saddr map @test drop
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
new file mode 100644
index 00000000..c823ae9d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+ chain c {
+ type filter hook output priority 0; policy accept;
+ ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 }
+ tcp dport { ssh, telnet } counter packets 0 bytes 0
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
new file mode 100644
index 00000000..0d1f1254
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
@@ -0,0 +1,10 @@
+table ip filter {
+ limit http-traffic {
+ rate 1/second
+ }
+
+ chain input {
+ type filter hook input priority 0; policy accept;
+ limit name tcp dport map { http : "http-traffic", https : "http-traffic" }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
new file mode 100644
index 00000000..c49eefae
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+ set s {
+ type ipv6_addr
+ flags interval
+ elements = { ::ffff:0.0.0.0/96 }
+ }
+}
diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
new file mode 100644
index 00000000..2c82e57d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
@@ -0,0 +1,11 @@
+table inet t {
+ set s {
+ type ifname
+ elements = { "eth0" }
+ }
+
+ chain c {
+ iifname @s accept
+ oifname @s accept
+ }
+}