summaryrefslogtreecommitdiffstats
path: root/tests/shell
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2017-03-22 01:26:34 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-03-22 12:50:35 +0100
commit48475e10671d2c525f3e224f5087c63b65c68f55 (patch)
tree84d0d14b2b0a67e0650eb7a060d3d22fcaa61919 /tests/shell
parent675dc8b9cfb50025c964326014d2ec4d312f58ce (diff)
tests: Add test cases for nested anonymous sets
This makes sure nesting of anonymous sets works regardless of whether defines are used or not. As a side-effect, it also checks that overlap checking when IP address prefixes are used, works. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rwxr-xr-xtests/shell/testcases/sets/0021nesting_046
1 files changed, 46 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0
new file mode 100755
index 00000000..3bcb6147
--- /dev/null
+++ b/tests/shell/testcases/sets/0021nesting_0
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -e
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+fi
+
+#trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+RULESET='
+define set1 = {
+ 2.2.2.0/24,
+}
+define set2 = {
+ $set1,
+ 1.1.1.0/24
+}
+table ip x {
+ chain y {
+ ip saddr { 3.3.3.0/24, $set2 }
+ }
+}'
+
+echo "$RULESET" > $tmpfile
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+ echo "E: unable to load ruleset" >&2
+ exit 1
+fi
+
+EXPECTED="table ip x {
+ chain y {
+ ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24}
+ }
+}"
+
+GET="$($NFT list ruleset)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi