diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-07 12:44:56 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-11 10:05:26 +0100 |
| commit | 89fa232fda07d3826c4ab8c155cdedb157d8a09c (patch) | |
| tree | ad2f1e9a3769267843f96f86dfd890c7206ace4a /tests | |
| parent | 8e9807c04b23eb1ffb979f972c0f6061aaaabfeb (diff) | |
tests: shell: split single element in anonymous set
Split this to move set stateful expression support into a separated test
not to harm existing coverage.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
4 files changed, 31 insertions, 4 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft index 3f703034..35e3f36e 100644 --- a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft @@ -11,6 +11,5 @@ table ip test { ip daddr . tcp dport { 192.168.0.1 . 22 } accept meta mark set ip daddr map { 192.168.0.1 : 0x00000001 } ct state { established, related } accept - meta mark { 0x0000000a counter packets 0 bytes 0 } } } diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set_expr.nft b/tests/shell/testcases/optimizations/dumps/single_anon_set_expr.nft new file mode 100644 index 00000000..54880b92 --- /dev/null +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set_expr.nft @@ -0,0 +1,5 @@ +table ip test { + chain test { + meta mark { 0x0000000a counter packets 0 bytes 0 } + } +} diff --git a/tests/shell/testcases/optimizations/single_anon_set b/tests/shell/testcases/optimizations/single_anon_set index 84fc2a7f..632e965f 100755 --- a/tests/shell/testcases/optimizations/single_anon_set +++ b/tests/shell/testcases/optimizations/single_anon_set @@ -46,9 +46,6 @@ table ip test { # ct state cannot be both established and related # at the same time, but this needs extra work. ct state { established, related } accept - - # with stateful statement - meta mark { 0x0000000a counter } } } EOF diff --git a/tests/shell/testcases/optimizations/single_anon_set_expr b/tests/shell/testcases/optimizations/single_anon_set_expr new file mode 100755 index 00000000..81b7ceba --- /dev/null +++ b/tests/shell/testcases/optimizations/single_anon_set_expr @@ -0,0 +1,26 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_set_expr) + +set -e + +test -d "$NFT_TEST_TESTTMPDIR" + +# Input file contains rules with anon sets that contain +# one element, plus extra rule with two elements (that should be +# left alone). + +# Dump file has the simplified rules where anon sets have been +# replaced by equality tests where possible. +file_input1="$NFT_TEST_TESTTMPDIR/input1.nft" + +cat <<EOF > "$file_input1" +table ip test { + chain test { + # with stateful statement + meta mark { 0x0000000a counter } + } +} +EOF + +$NFT -f "$file_input1" |