diff options
author | Arturo Borrero Gonzalez <arturo@debian.org> | 2016-11-28 13:59:28 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-29 22:49:06 +0100 |
commit | ffdcd3fd52f1e87eb99061ec1316f3e8e2f8a4d2 (patch) | |
tree | a94244a385315485a948a3b19294bd55c1b6f335 /tests/shell/testcases | |
parent | a24a07169a5304220a3fe66d273d6820706fa3ff (diff) |
tests: shell: add testcase for different defines usage
This testcase add some defines in a nft -f run and then uses
them in different spots (which are not covered in previous testcases).
* defines used to define another one
* different datatypes (numbers, strings, bits, ranges)
* usage in sets, maps, contatenatios
* single rules with single statements, multiple statements
* reuse define in same rule
Perhaps this isn't testing many different code path, but I find this
interesting to have given it will probably be one of the most common
use cases of nftables.
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rwxr-xr-x | tests/shell/testcases/nft-f/0012different_defines_0 | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0 new file mode 100755 index 00000000..9c496d59 --- /dev/null +++ b/tests/shell/testcases/nft-f/0012different_defines_0 @@ -0,0 +1,44 @@ +#!/bin/bash + +# tests different spots, datatypes and usages for nft defines + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +echo " +define d_iifname = whatever +define d_oifname = \$d_iifname +define d_iif = lo +define d_oif = \$d_iif +define d_mark = 123 +define d_state = new,established,related +define d_ipv4 = 10.0.0.0 +define d_ipv4_2 = 10.0.0.2 +define d_ipv6 = fe0::1 +define d_ipv6_2 = fe0::2 +define d_ports = 100-222 + +table inet t { + chain c { + iifname \$d_iifname oifname \$d_oifname iif \$d_iif oif \$d_oif + iifname { \$d_iifname , \$d_oifname } iif { \$d_iif , \$d_oif } meta mark \$d_mark + ct state \$d_state + ct state != \$d_state + ip saddr \$d_ipv4 ip daddr \$d_ipv4_2 ip saddr \$d_ipv4 + ip6 daddr \$d_ipv6 ip6 saddr \$d_ipv6_2 + ip saddr vmap { \$d_ipv4 : drop , \$d_ipv4_2 : accept } + ip6 daddr vmap { \$d_ipv6 : drop , \$d_ipv6_2 : accept } + ip6 saddr . ip6 nexthdr { \$d_ipv6 . udp, \$d_ipv6_2 . tcp } + ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept } + tcp dport \$d_ports + udp dport vmap { \$d_ports : accept } + } +}" >> $tmpfile + +set -e +$NFT -f $tmpfile |