diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-07-16 14:36:28 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-07-21 14:20:18 +0200 |
| commit | d100e2d811749bf34bb6aeac322052c56661c124 (patch) | |
| tree | 4644bbd66ca3056917de47c012c87e9fa1a5c2b0 /tests | |
| parent | bde991a2e8fe012c65895a5bac8bd9ccb22ffbc4 (diff) | |
src: allow to use variables in flowtable and chain devices
This patch adds support for using variables for devices in the chain and
flowtable definitions, eg.
define if_main = lo
table netdev filter1 {
chain Main_Ingress1 {
type filter hook ingress device $if_main priority -500; policy accept;
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
4 files changed, 95 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/0042chain_variable_0 b/tests/shell/testcases/chains/0042chain_variable_0 new file mode 100755 index 00000000..58535f76 --- /dev/null +++ b/tests/shell/testcases/chains/0042chain_variable_0 @@ -0,0 +1,37 @@ +#!/bin/bash + +set -e + +ip link add name dummy0 type dummy + +EXPECTED="define if_main = \"lo\" + +table netdev filter1 { + chain Main_Ingress1 { + type filter hook ingress device \$if_main priority -500; policy accept; + } +}" + +$NFT -f - <<< $EXPECTED + +EXPECTED="define if_main = \"lo\" + +table netdev filter2 { + chain Main_Ingress2 { + type filter hook ingress devices = { \$if_main, dummy0 } priority -500; policy accept; + } +}" + +$NFT -f - <<< $EXPECTED + +EXPECTED="define if_main = { lo, dummy0 } + +table netdev filter3 { + chain Main_Ingress3 { + type filter hook ingress devices = \$if_main priority -500; policy accept; + } +}" + +$NFT -f - <<< $EXPECTED + + diff --git a/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft new file mode 100644 index 00000000..12931aad --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft @@ -0,0 +1,15 @@ +table netdev filter1 { + chain Main_Ingress1 { + type filter hook ingress device "lo" priority -500; policy accept; + } +} +table netdev filter2 { + chain Main_Ingress2 { + type filter hook ingress devices = { dummy0, lo } priority -500; policy accept; + } +} +table netdev filter3 { + chain Main_Ingress3 { + type filter hook ingress devices = { dummy0, lo } priority -500; policy accept; + } +} diff --git a/tests/shell/testcases/flowtable/0012flowtable_variable_0 b/tests/shell/testcases/flowtable/0012flowtable_variable_0 new file mode 100755 index 00000000..8e334224 --- /dev/null +++ b/tests/shell/testcases/flowtable/0012flowtable_variable_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e + +ip link add name dummy1 type dummy + +EXPECTED="define if_main = { lo, dummy1 } + +table filter1 { + flowtable Main_ft1 { + hook ingress priority filter + counter + devices = \$if_main + } +}" + +$NFT -f - <<< $EXPECTED + +EXPECTED="define if_main = \"lo\" + +table filter2 { + flowtable Main_ft2 { + hook ingress priority filter + counter + devices = { \$if_main, dummy1 } + } +}" + +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft new file mode 100644 index 00000000..1cbb2f11 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft @@ -0,0 +1,14 @@ +table ip filter1 { + flowtable Main_ft1 { + hook ingress priority filter + devices = { dummy1, lo } + counter + } +} +table ip filter2 { + flowtable Main_ft2 { + hook ingress priority filter + devices = { dummy1, lo } + counter + } +} |