diff options
author | Phil Sutter <phil@nwl.cc> | 2018-03-19 18:02:02 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-20 13:05:43 +0100 |
commit | 935f82e7dd4911fde6be9dae960fd1d438542a5d (patch) | |
tree | 453d7db9f6663137d704e60c52f3b31b0140bf40 /tests/shell/testcases/transactions | |
parent | 4aba100e593f28105be300dc888935fad5dc822f (diff) |
Support 'nft -f -' to read from stdin
In libnftables, detect if given filename is '-' and treat it as the
common way of requesting to read from stdin, then open /dev/stdin
instead. (Calling 'nft -f /dev/stdin' worked before as well, but this
makes it official.)
With this in place and bash's support for here strings, review all tests
in tests/shell for needless use of temp files. Note that two categories
of test cases were intentionally left unchanged:
- Tests creating potentially large rulesets to avoid running into shell
parameter length limits.
- Tests for 'include' directive for obvious reasons.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/transactions')
23 files changed, 24 insertions, 232 deletions
diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0 index 83f9fd0d..1a8ecb86 100755 --- a/tests/shell/testcases/transactions/0001table_0 +++ b/tests/shell/testcases/transactions/0001table_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x delete table x add table x add table y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0 index dbd2f4ab..290ea436 100755 --- a/tests/shell/testcases/transactions/0002table_0 +++ b/tests/shell/testcases/transactions/0002table_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x delete table x add table x add table x { flags dormant; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0 index 004ce513..c5a87d3f 100755 --- a/tests/shell/testcases/transactions/0003table_0 +++ b/tests/shell/testcases/transactions/0003table_0 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add table y flush ruleset" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0 index d1918680..39a5fe9e 100755 --- a/tests/shell/testcases/transactions/0010chain_0 +++ b/tests/shell/testcases/transactions/0010chain_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y flush ruleset add table w add chain w y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0 index aac33d56..7dca1287 100755 --- a/tests/shell/testcases/transactions/0011chain_0 +++ b/tests/shell/testcases/transactions/0011chain_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y add chain x y { type filter hook input priority 0; } add chain x y { policy drop; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0 index c3bfe130..7ebfad42 100755 --- a/tests/shell/testcases/transactions/0012chain_0 +++ b/tests/shell/testcases/transactions/0012chain_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y flush ruleset @@ -20,8 +12,7 @@ flush ruleset add table w add chain w y { type filter hook output priority 0; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0 index 67c31c8a..383e8347 100755 --- a/tests/shell/testcases/transactions/0013chain_0 +++ b/tests/shell/testcases/transactions/0013chain_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y @@ -21,8 +13,7 @@ flush ruleset add table w add chain w y { type filter hook output priority 0; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0014chain_1 b/tests/shell/testcases/transactions/0014chain_1 index 955860d0..40cea8b2 100755 --- a/tests/shell/testcases/transactions/0014chain_1 +++ b/tests/shell/testcases/transactions/0014chain_1 @@ -2,19 +2,10 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y delete chain x y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing double-removal of chain" >&2 diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0 index e38634d3..b8e4cff5 100755 --- a/tests/shell/testcases/transactions/0020rule_0 +++ b/tests/shell/testcases/transactions/0020rule_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y ip saddr 1.1.1.1 counter flush ruleset" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0 index 284a9e71..f5f6eb8b 100755 --- a/tests/shell/testcases/transactions/0021rule_0 +++ b/tests/shell/testcases/transactions/0021rule_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y ip saddr 1.1.1.1 counter @@ -18,8 +10,7 @@ add table x add chain x y add rule x y ip saddr 2.2.2.2 counter" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0022rule_1 b/tests/shell/testcases/transactions/0022rule_1 index 5b937acd..83c72af1 100755 --- a/tests/shell/testcases/transactions/0022rule_1 +++ b/tests/shell/testcases/transactions/0022rule_1 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y add rule x y jump y" -echo "$RULESET" > $tmpfile # kernel must return ENOENT -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing jump loop to unexisting chain" diff --git a/tests/shell/testcases/transactions/0023rule_1 b/tests/shell/testcases/transactions/0023rule_1 index 4c4e24cd..b43a0cce 100755 --- a/tests/shell/testcases/transactions/0023rule_1 +++ b/tests/shell/testcases/transactions/0023rule_1 @@ -2,19 +2,10 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y jump y" -echo "$RULESET" > $tmpfile # kernel must return ELOOP -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing jump to chain loop" diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0 index ad08b7e5..464bc2b3 100755 --- a/tests/shell/testcases/transactions/0030set_0 +++ b/tests/shell/testcases/transactions/0030set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } flush ruleset add table x" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0 index 6c5757cc..0bab4993 100755 --- a/tests/shell/testcases/transactions/0031set_0 +++ b/tests/shell/testcases/transactions/0031set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } delete set x y add set x y { type ipv4_addr; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0 index 1b41cf09..126f37e5 100755 --- a/tests/shell/testcases/transactions/0032set_0 +++ b/tests/shell/testcases/transactions/0032set_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } flush ruleset add table w add set w y { type ipv4_addr; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0 index 19543b3c..f7a31e8c 100755 --- a/tests/shell/testcases/transactions/0033set_0 +++ b/tests/shell/testcases/transactions/0033set_0 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } delete set x y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0 index 4cddb94d..88261032 100755 --- a/tests/shell/testcases/transactions/0034set_0 +++ b/tests/shell/testcases/transactions/0034set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0 index 9b20746b..d442b68e 100755 --- a/tests/shell/testcases/transactions/0035set_0 +++ b/tests/shell/testcases/transactions/0035set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } @@ -17,8 +9,7 @@ delete element x y { 1.1.1.1 } delete element x y { 2.2.2.2 } add element x y { 3.3.3.3 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0036set_1 b/tests/shell/testcases/transactions/0036set_1 index 46f94573..a0deb7a0 100755 --- a/tests/shell/testcases/transactions/0036set_1 +++ b/tests/shell/testcases/transactions/0036set_1 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } delete element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2> /dev/null +$NFT -f - <<< $RULESET 2> /dev/null # Kernel must return ENOENT echo "E: allowing double-removal of element" diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0 index 75b1d453..4aef63f1 100755 --- a/tests/shell/testcases/transactions/0037set_0 +++ b/tests/shell/testcases/transactions/0037set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 1.1.1.0/24 } delete element x y { 1.1.1.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0 index 3120e916..fc9f1ca4 100755 --- a/tests/shell/testcases/transactions/0038set_0 +++ b/tests/shell/testcases/transactions/0038set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 192.168.0.0/24, 192.168.2.0/24 } @@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 } delete element x y { 192.168.2.0/24 } add element x y { 192.168.4.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0 index 3120e916..fc9f1ca4 100755 --- a/tests/shell/testcases/transactions/0039set_0 +++ b/tests/shell/testcases/transactions/0039set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 192.168.0.0/24, 192.168.2.0/24 } @@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 } delete element x y { 192.168.2.0/24 } add element x y { 192.168.4.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0 index 0ffc4416..7386ecfb 100755 --- a/tests/shell/testcases/transactions/0040set_0 +++ b/tests/shell/testcases/transactions/0040set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table ip filter { map client_to_any { type ipv4_addr : verdict @@ -28,8 +20,7 @@ RULESET="table ip filter { chain CIn_1 { } }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 @@ -45,8 +36,7 @@ fi RULESET="delete element ip filter client_to_any { 1.2.3.4 : goto CIn_1 } delete chain ip filter CIn_1" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 |