summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--[-rwxr-xr-x]tests/dictionary26
-rw-r--r--[-rwxr-xr-x]tests/expr-concat6
-rw-r--r--[-rwxr-xr-x]tests/expr-ct20
-rw-r--r--[-rwxr-xr-x]tests/expr-meta28
-rw-r--r--[-rwxr-xr-x]tests/family-bridge10
-rw-r--r--[-rwxr-xr-x]tests/family-ipv48
-rw-r--r--[-rwxr-xr-x]tests/family-ipv68
-rw-r--r--[-rwxr-xr-x]tests/feat-adjancent-load-merging8
-rw-r--r--[-rwxr-xr-x]tests/obj-chain22
-rw-r--r--[-rwxr-xr-x]tests/obj-table6
-rw-r--r--[-rwxr-xr-x]tests/payload-ll10
-rw-r--r--[-rwxr-xr-x]tests/prefix10
-rw-r--r--[-rwxr-xr-x]tests/set8
-rw-r--r--[-rwxr-xr-x]tests/stmt-log6
14 files changed, 88 insertions, 88 deletions
diff --git a/tests/dictionary b/tests/dictionary
index 20d53570..e489c4ec 100755..100644
--- a/tests/dictionary
+++ b/tests/dictionary
@@ -1,52 +1,52 @@
#! nft -f
#
-table add ip filter
-chain add ip filter OUTPUT NF_INET_LOCAL_OUT 0
+add table ip filter
+add chain ip filter OUTPUT NF_INET_LOCAL_OUT 0
-chain add ip filter chain1
-rule add ip filter chain1 handle 1 counter
+add chain ip filter chain1
+add rule ip filter chain1 handle 1 counter
-chain add ip filter chain2
-rule add ip filter chain2 handle 1 counter
+add chain ip filter chain2
+add rule ip filter chain2 handle 1 counter
# must succeed: expr { expr, ... }
-rule add ip filter OUTPUT ip protocol 6 tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 tcp dport { \
22, \
23, \
}
# must fail: expr { type1, type2, ... }
-rule add ip filter OUTPUT ip protocol 6 tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 tcp dport { \
22, \
192.168.0.1, \
}
# must succeed: expr { expr => verdict, ... }
-rule add ip filter OUTPUT ip protocol 6 tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 tcp dport { \
22 => jump chain1, \
23 => jump chain2, \
}
# must fail: expr { expr => verdict, expr => expr, ... }
-rule add ip filter OUTPUT ip protocol 6 tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 tcp dport { \
22 => jump chain1, \
23 => 0x100, \
}
# must fail: expr { expr => expr, ...}
-rule add ip filter OUTPUT ip protocol 6 tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 tcp dport { \
22 => 0x100, \
23 => 0x200, \
}
# must succeed: expr MAP { expr => expr, ... } expr
-rule add ip filter OUTPUT ip protocol 6 map tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 map tcp dport { \
22 => 1, \
23 => 2, \
} 2
# must fail: expr MAP { expr => type1, expr => type2, .. } expr
-rule add ip filter OUTPUT ip protocol 6 map tcp dport { \
+add rule ip filter OUTPUT ip protocol 6 map tcp dport { \
22 => 1, \
23 => 192.168.0.1, \
} 2
diff --git a/tests/expr-concat b/tests/expr-concat
index d9c553b6..bb284cce 100755..100644
--- a/tests/expr-concat
+++ b/tests/expr-concat
@@ -1,19 +1,19 @@
#! nft -f
# Concat element mismatch
-rule add ip filter output ip daddr . tcp sport . tcp dport { \
+add rule ip filter output ip daddr . tcp sport . tcp dport { \
192.168.0.1 . 22, \
192.168.0.1 . 80, \
}
# Concat type mismatch
-rule add ip filter output ip daddr . tcp dport { \
+add rule ip filter output ip daddr . tcp dport { \
192.168.0.1 . 192.168.0.2, \
192.168.0.1 . 192.168.0.3, \
}
# Concat expression
-rule add ip filter output ip daddr . tcp dport { \
+add rule ip filter output ip daddr . tcp dport { \
192.168.0.1 . 22, \
192.168.0.1 . 80, \
}
diff --git a/tests/expr-ct b/tests/expr-ct
index 8391c3ec..d464a949 100755..100644
--- a/tests/expr-ct
+++ b/tests/expr-ct
@@ -1,26 +1,26 @@
#! nft -f
-table add ip filter
-chain add ip filter output NF_INET_LOCAL_OUT 0
+add table ip filter
+add chain ip filter output NF_INET_LOCAL_OUT 0
# ct: state
-rule add ip filter output ct state 0 counter
+add rule ip filter output ct state 0 counter
# ct: direction original/reply
-rule add ip filter output ct direction 0 counter
-rule add ip filter output ct direction 1 counter
+add rule ip filter output ct direction 0 counter
+add rule ip filter output ct direction 1 counter
# ct: status
-rule add ip filter output ct status 0 counter
+add rule ip filter output ct status 0 counter
# ct: mark
-rule add ip filter output ct mark 0 counter
+add rule ip filter output ct mark 0 counter
# ct: secmark
-rule add ip filter output ct secmark 0 counter
+add rule ip filter output ct secmark 0 counter
# ct: expiration
-rule add ip filter output ct expiration 30 counter
+add rule ip filter output ct expiration 30 counter
# ct: helper ftp
-rule add ip filter output ct helper "ftp" counter
+add rule ip filter output ct helper "ftp" counter
diff --git a/tests/expr-meta b/tests/expr-meta
index 122d2895..97582aa1 100755..100644
--- a/tests/expr-meta
+++ b/tests/expr-meta
@@ -1,40 +1,40 @@
#! nft -f
-table add ip filter
-chain add ip filter output NF_INET_LOCAL_OUT 0
+add table ip filter
+add chain ip filter output NF_INET_LOCAL_OUT 0
# meta: skb len
-rule add ip filter output meta length 1000 counter
+add rule ip filter output meta length 1000 counter
# meta: skb protocol
-rule add ip filter output meta protocol 0x0800 counter
+add rule ip filter output meta protocol 0x0800 counter
# meta: skb mark
-rule add ip filter output meta mark 0 counter
+add rule ip filter output meta mark 0 counter
# meta: skb iif
-rule add ip filter output meta iif 1 counter
+add rule ip filter output meta iif 1 counter
# meta: skb iifname
-rule add ip filter output meta iifname "eth0" counter
+add rule ip filter output meta iifname "eth0" counter
# meta: skb oif
-rule add ip filter output meta oif 1 counter
+add rule ip filter output meta oif 1 counter
# meta: skb oifname
-rule add ip filter output meta oifname "eth0" counter
+add rule ip filter output meta oifname "eth0" counter
# meta: skb sk uid
-rule add ip filter output meta skuid 1000 counter
+add rule ip filter output meta skuid 1000 counter
# meta: skb sk gid
-rule add ip filter output meta skgid 1000 counter
+add rule ip filter output meta skgid 1000 counter
# meta: nftrace - broken, probably should be removed to avoid abuse
-#rule add ip filter output meta nftrace 0 counter
+#add rule ip filter output meta nftrace 0 counter
# meta: rtclassid
-rule add ip filter output meta rtclassid 1 counter
+add rule ip filter output meta rtclassid 1 counter
# meta: secmark
-rule add ip filter output meta secmark 0 counter
+add rule ip filter output meta secmark 0 counter
diff --git a/tests/family-bridge b/tests/family-bridge
index 633211fb..0e3d8f1b 100755..100644
--- a/tests/family-bridge
+++ b/tests/family-bridge
@@ -1,13 +1,13 @@
#! nft -f
-table add bridge filter
-chain add bridge filter output NF_INET_LOCAL_OUT 0
+add table bridge filter
+add chain bridge filter output NF_INET_LOCAL_OUT 0
# LL protocol
-rule add bridge filter output eth type 0x0800 counter
+add rule bridge filter output eth type 0x0800 counter
# IP address
-rule add bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter
+add rule bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter
# IPv6 address
-rule add bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter
+add rule bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter
diff --git a/tests/family-ipv4 b/tests/family-ipv4
index 7c28bb43..b15d1595 100755..100644
--- a/tests/family-ipv4
+++ b/tests/family-ipv4
@@ -1,10 +1,10 @@
#! nft -f
-table add ip filter
-chain add ip filter output NF_INET_LOCAL_OUT 0
+add table ip filter
+add chain ip filter output NF_INET_LOCAL_OUT 0
# IP address
-rule add ip filter output ip daddr 192.168.0.1 counter
+add rule ip filter output ip daddr 192.168.0.1 counter
# TCP ports
-rule add ip filter output ip protocol 6 tcp dport 22 counter
+add rule ip filter output ip protocol 6 tcp dport 22 counter
diff --git a/tests/family-ipv6 b/tests/family-ipv6
index 7cf54d6f..1ddb53e5 100755..100644
--- a/tests/family-ipv6
+++ b/tests/family-ipv6
@@ -1,10 +1,10 @@
#! nft -f
-table add ip6 filter
-chain add ip6 filter output NF_INET_LOCAL_OUT 0
+add table ip6 filter
+add chain ip6 filter output NF_INET_LOCAL_OUT 0
# IP address
-rule add ip6 filter output ip6 daddr 2001:6f8:974::1 counter
+add rule ip6 filter output ip6 daddr 2001:6f8:974::1 counter
# TCP ports
-rule add ip6 filter output ip6 nexthdr 6 tcp dport 22 counter
+add rule ip6 filter output ip6 nexthdr 6 tcp dport 22 counter
diff --git a/tests/feat-adjancent-load-merging b/tests/feat-adjancent-load-merging
index 9c41f509..34234f1a 100755..100644
--- a/tests/feat-adjancent-load-merging
+++ b/tests/feat-adjancent-load-merging
@@ -1,13 +1,13 @@
#! nft -f
# adjacent payload expressions: 4 bytes in order
-rule add filter output ip protocol 6 tcp sport 1024 tcp dport 22 counter
+add rule filter output ip protocol 6 tcp sport 1024 tcp dport 22 counter
# adjacent payload expressions: 8 bytes in order
-rule add filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter
+add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter
# adjacent payload expressions: 8 bytes in order
-rule add filter output tcp sequence 0 tcp sport 1024 tcp dport 22
+add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22
# adjacent payload expressions: 8 bytes in reverse order
-rule add filter output tcp sport 1024 tcp dport 22 tcp sequence 0
+add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0
diff --git a/tests/obj-chain b/tests/obj-chain
index 8422f3a3..53d78333 100755..100644
--- a/tests/obj-chain
+++ b/tests/obj-chain
@@ -1,22 +1,22 @@
#! nft -f
-table add filter
+add table filter
# chains: add and delete chain
-chain add filter testchain
-chain delete filter testchain
+add chain filter testchain
+delete chain filter testchain
# chains: add and delete base chain
-chain add filter input NF_INET_LOCAL_OUT 0
-chain delete filter input NF_INET_LOCAL_OUT 0
+add chain filter input NF_INET_LOCAL_OUT 0
+delete chain filter input NF_INET_LOCAL_OUT 0
# chains: can not delete chain while referenced
-chain add filter testchain
-chain add filter testchain2
+add chain filter testchain
+add chain filter testchain2
-rule add filter testchain handle 1 jump testchain2
-chain delete filter testchain2
+add rule filter testchain handle 1 jump testchain2
+delete chain filter testchain2
rule delete filter testchain handle 1
-chain delete filter testchain2
-chain delete filter testchain
+delete chain filter testchain2
+delete chain filter testchain
diff --git a/tests/obj-table b/tests/obj-table
index 3c3e222a..548c26fa 100755..100644
--- a/tests/obj-table
+++ b/tests/obj-table
@@ -1,11 +1,11 @@
#! nft -f
# table: add and delete table
-table add filter
+add table filter
table delete filter
# table: deleting table with chain must fail
# FIXME: not implemented
-# table add filter
-# chain add filter output
+# add table filter
+# add chain filter output
# table delete filter
diff --git a/tests/payload-ll b/tests/payload-ll
index 8d2480ac..feaf5874 100755..100644
--- a/tests/payload-ll
+++ b/tests/payload-ll
@@ -1,15 +1,15 @@
#! nft -f
-table add ip filter
-chain add ip filter input NF_INET_LOCAL_IN 0
+add table ip filter
+add chain ip filter input NF_INET_LOCAL_IN 0
# mac source
-rule add ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter
+add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter
# mac dest
-rule add ip filter input @ll,0,48 00:1b:21:02:6f:ad counter
+add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad counter
# mac source and mac dest
-rule add ip filter input @ll,0,48 00:1b:21:02:6f:ad \
+add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad \
@ll,48,48 00:15:e9:f0:10:f8 \
counter
diff --git a/tests/prefix b/tests/prefix
index 139f13cc..bada8503 100755..100644
--- a/tests/prefix
+++ b/tests/prefix
@@ -1,5 +1,5 @@
-rule add filter OUTPUT meta mark 123/0x000000ff
-rule add filter OUTPUT ip daddr 192.168.0.0/24
-rule add filter OUTPUT ip daddr 192.168.0.0/255.255.255.0
-rule add filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24
-rule add filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24}
+add rule filter OUTPUT meta mark 123/0x000000ff
+add rule filter OUTPUT ip daddr 192.168.0.0/24
+add rule filter OUTPUT ip daddr 192.168.0.0/255.255.255.0
+add rule filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24
+add rule filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24}
diff --git a/tests/set b/tests/set
index 17fb2183..b3e7ad65 100755..100644
--- a/tests/set
+++ b/tests/set
@@ -1,14 +1,14 @@
#! nft -f
-table add filter
-chain add filter output NF_INET_LOCAL_OUT 0
+add table filter
+add chain filter output NF_INET_LOCAL_OUT 0
# set: IP addresses
-rule add filter output ip daddr { \
+add rule filter output ip daddr { \
192.168.0.1, \
192.168.0.2, \
192.168.0.3, \
}
# set: tcp ports
-rule add filter output ip protocol 6 tcp dport { 22, 23 } counter
+add rule filter output ip protocol 6 tcp dport { 22, 23 } counter
diff --git a/tests/stmt-log b/tests/stmt-log
index c2d0f868..21537721 100755..100644
--- a/tests/stmt-log
+++ b/tests/stmt-log
@@ -1,6 +1,6 @@
#! nft -f
-table add ip filter
-chain add ip filter output NF_INET_LOCAL_OUT 0
+add table ip filter
+add chain ip filter output NF_INET_LOCAL_OUT 0
-rule add ip filter output log saddr "prefix" group 0 counter
+add rule ip filter output log saddr "prefix" group 0 counter