diff options
Diffstat (limited to 'tests/shell/testcases/flowtable')
34 files changed, 657 insertions, 3 deletions
diff --git a/tests/shell/testcases/flowtable/0006segfault_0 b/tests/shell/testcases/flowtable/0006segfault_0 index de590b77..fb7c52fe 100755 --- a/tests/shell/testcases/flowtable/0006segfault_0 +++ b/tests/shell/testcases/flowtable/0006segfault_0 @@ -9,6 +9,3 @@ $NFT add flowtable ip t f { hook ingress priority 10\; devices = { lo } } $NFT add flowtable ip t f { hook ingress\; priority 10\; } [[ $? -eq 1 ]] || exit 1 - -$NFT add flowtable ip t f { hook ingress priority 10\; } -[[ $? -eq 1 ]] || exit 1 diff --git a/tests/shell/testcases/flowtable/0012flowtable_variable_0 b/tests/shell/testcases/flowtable/0012flowtable_variable_0 new file mode 100755 index 00000000..9c03820f --- /dev/null +++ b/tests/shell/testcases/flowtable/0012flowtable_variable_0 @@ -0,0 +1,37 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_flowtable_counter) + +set -e + +iface_cleanup() { + ip link del dummy1 &>/dev/null || : +} +trap 'iface_cleanup' EXIT +iface_cleanup + +ip link add name dummy1 type dummy + +EXPECTED="define if_main = { lo, dummy1 } + +table filter1 { + flowtable Main_ft1 { + hook ingress priority filter + counter + devices = \$if_main + } +}" + +$NFT -f - <<< $EXPECTED + +EXPECTED="define if_main = \"lo\" + +table filter2 { + flowtable Main_ft2 { + hook ingress priority filter + counter + devices = { \$if_main, dummy1 } + } +}" + +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/flowtable/0013addafterdelete_0 b/tests/shell/testcases/flowtable/0013addafterdelete_0 new file mode 100755 index 00000000..56c9834f --- /dev/null +++ b/tests/shell/testcases/flowtable/0013addafterdelete_0 @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +RULESET='table inet filter { + + flowtable f { + hook ingress priority filter - 1 + devices = { lo } + } +}' + +$NFT -f - <<< "$RULESET" + +RULESET='delete flowtable inet filter f + +table inet filter { + + flowtable f { + hook ingress priority filter - 1 + devices = { lo } + } +}' + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/flowtable/0014addafterdelete_0 b/tests/shell/testcases/flowtable/0014addafterdelete_0 new file mode 100755 index 00000000..1ac65104 --- /dev/null +++ b/tests/shell/testcases/flowtable/0014addafterdelete_0 @@ -0,0 +1,38 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_flowtable_counter) + +set -e + +RULESET='table inet filter { + + flowtable f { + hook ingress priority filter - 1 + devices = { lo } + } + + chain y { + type filter hook forward priority 0; + flow add @f counter + } +}' + +$NFT -f - <<< "$RULESET" + +RULESET='delete rule inet filter y handle 3 +delete flowtable inet filter f + +table inet filter { + flowtable f { + hook ingress priority filter - 1 + devices = { lo } + counter + } + + chain y { + type filter hook forward priority 0; + flow add @f counter + } +}' + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/flowtable/0015destroy_0 b/tests/shell/testcases/flowtable/0015destroy_0 new file mode 100755 index 00000000..cea33524 --- /dev/null +++ b/tests/shell/testcases/flowtable/0015destroy_0 @@ -0,0 +1,20 @@ +#!/bin/bash -e + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_destroy) + +trap "ip link del dummy1" EXIT + +ip link add dummy1 type dummy +ip link set dummy1 up + +$NFT add table t + +# pass for non-existent flowtable +$NFT destroy flowtable t f + +# successfully delete existing flowtable +$NFT add flowtable t f '{ hook ingress priority 10; devices = { lo }; }' + +$NFT 'add flowtable t f { devices = { dummy1 } ; }' + +$NFT destroy flowtable t f diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.json-nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.json-nft new file mode 100644 index 00000000..4d15fe3a --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.json-nft @@ -0,0 +1,53 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "flowtable": { + "family": "inet", + "name": "f", + "table": "t", + "handle": 0, + "hook": "ingress", + "prio": 10, + "dev": "lo" + } + }, + { + "rule": { + "family": "inet", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "flow": { + "op": "add", + "flowtable": "@f" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.json-nft b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.json-nft new file mode 100644 index 00000000..0013512b --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.json-nft @@ -0,0 +1,29 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "flowtable": { + "family": "ip", + "name": "f", + "table": "t", + "handle": 0, + "hook": "ingress", + "prio": 10, + "dev": "lo" + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft new file mode 100644 index 00000000..aecfb2ab --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft @@ -0,0 +1,6 @@ +table ip t { + flowtable f { + hook ingress priority filter + 10 + devices = { lo } + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.json-nft b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.json-nft new file mode 100644 index 00000000..04057f1f --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.json-nft @@ -0,0 +1,29 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "flowtable": { + "family": "ip", + "name": "y", + "table": "x", + "handle": 0, + "hook": "ingress", + "prio": 0, + "dev": "lo" + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft new file mode 100644 index 00000000..dd904f44 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft @@ -0,0 +1,6 @@ +table ip x { + flowtable y { + hook ingress priority filter + devices = { lo } + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0004delete_after_add_0.json-nft b/tests/shell/testcases/flowtable/dumps/0004delete_after_add_0.json-nft new file mode 100644 index 00000000..15ec0aac --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0004delete_after_add_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0004delete_after_add_0.nft b/tests/shell/testcases/flowtable/dumps/0004delete_after_add_0.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0004delete_after_add_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.json-nft b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.json-nft new file mode 100644 index 00000000..302502dc --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.json-nft @@ -0,0 +1,53 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "x", + "handle": 0 + } + }, + { + "flowtable": { + "family": "ip", + "name": "y", + "table": "x", + "handle": 0, + "hook": "ingress", + "prio": 0, + "dev": "lo" + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "x", + "handle": 0, + "expr": [ + { + "flow": { + "op": "add", + "flowtable": "@y" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft new file mode 100644 index 00000000..c1d79e7b --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft @@ -0,0 +1,10 @@ +table ip x { + flowtable y { + hook ingress priority filter + devices = { lo } + } + + chain x { + flow add @y + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0006segfault_0.json-nft b/tests/shell/testcases/flowtable/dumps/0006segfault_0.json-nft new file mode 100644 index 00000000..e0e56fec --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0006segfault_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0006segfault_0.nft b/tests/shell/testcases/flowtable/dumps/0006segfault_0.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0006segfault_0.nft @@ -0,0 +1,2 @@ +table ip t { +} diff --git a/tests/shell/testcases/flowtable/dumps/0007prio_0.json-nft b/tests/shell/testcases/flowtable/dumps/0007prio_0.json-nft new file mode 100644 index 00000000..e0e56fec --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0007prio_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0007prio_0.nft b/tests/shell/testcases/flowtable/dumps/0007prio_0.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0007prio_0.nft @@ -0,0 +1,2 @@ +table ip t { +} diff --git a/tests/shell/testcases/flowtable/dumps/0008prio_1.json-nft b/tests/shell/testcases/flowtable/dumps/0008prio_1.json-nft new file mode 100644 index 00000000..e0e56fec --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0008prio_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0008prio_1.nft b/tests/shell/testcases/flowtable/dumps/0008prio_1.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0008prio_1.nft @@ -0,0 +1,2 @@ +table ip t { +} diff --git a/tests/shell/testcases/flowtable/dumps/0009deleteafterflush_0.json-nft b/tests/shell/testcases/flowtable/dumps/0009deleteafterflush_0.json-nft new file mode 100644 index 00000000..b6088c80 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0009deleteafterflush_0.json-nft @@ -0,0 +1,26 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0009deleteafterflush_0.nft b/tests/shell/testcases/flowtable/dumps/0009deleteafterflush_0.nft new file mode 100644 index 00000000..8e818d2d --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0009deleteafterflush_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0010delete_handle_0.json-nft b/tests/shell/testcases/flowtable/dumps/0010delete_handle_0.json-nft new file mode 100644 index 00000000..10372b0e --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0010delete_handle_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "t", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0010delete_handle_0.nft b/tests/shell/testcases/flowtable/dumps/0010delete_handle_0.nft new file mode 100644 index 00000000..17838bdf --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0010delete_handle_0.nft @@ -0,0 +1,2 @@ +table inet t { +} diff --git a/tests/shell/testcases/flowtable/dumps/0011deleteafterflush_0.json-nft b/tests/shell/testcases/flowtable/dumps/0011deleteafterflush_0.json-nft new file mode 100644 index 00000000..b6088c80 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0011deleteafterflush_0.json-nft @@ -0,0 +1,26 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0011deleteafterflush_0.nft b/tests/shell/testcases/flowtable/dumps/0011deleteafterflush_0.nft new file mode 100644 index 00000000..8e818d2d --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0011deleteafterflush_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.json-nft b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.json-nft new file mode 100644 index 00000000..10f1df98 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.json-nft @@ -0,0 +1,47 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter1", + "handle": 0 + } + }, + { + "flowtable": { + "family": "ip", + "name": "Main_ft1", + "table": "filter1", + "handle": 0, + "hook": "ingress", + "prio": 0, + "dev": "lo" + } + }, + { + "table": { + "family": "ip", + "name": "filter2", + "handle": 0 + } + }, + { + "flowtable": { + "family": "ip", + "name": "Main_ft2", + "table": "filter2", + "handle": 0, + "hook": "ingress", + "prio": 0, + "dev": "lo" + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft new file mode 100644 index 00000000..df1c51a2 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft @@ -0,0 +1,14 @@ +table ip filter1 { + flowtable Main_ft1 { + hook ingress priority filter + devices = { lo } + counter + } +} +table ip filter2 { + flowtable Main_ft2 { + hook ingress priority filter + devices = { lo } + counter + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.json-nft b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.json-nft new file mode 100644 index 00000000..85c7b327 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.json-nft @@ -0,0 +1,29 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "flowtable": { + "family": "inet", + "name": "f", + "table": "filter", + "handle": 0, + "hook": "ingress", + "prio": -1, + "dev": "lo" + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft new file mode 100644 index 00000000..67db7d02 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft @@ -0,0 +1,6 @@ +table inet filter { + flowtable f { + hook ingress priority filter - 1 + devices = { lo } + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.json-nft b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.json-nft new file mode 100644 index 00000000..471ba5be --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.json-nft @@ -0,0 +1,63 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "y", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "flowtable": { + "family": "inet", + "name": "f", + "table": "filter", + "handle": 0, + "hook": "ingress", + "prio": -1, + "dev": "lo" + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "y", + "handle": 0, + "expr": [ + { + "flow": { + "op": "add", + "flowtable": "@f" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft new file mode 100644 index 00000000..145aa081 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft @@ -0,0 +1,12 @@ +table inet filter { + flowtable f { + hook ingress priority filter - 1 + devices = { lo } + counter + } + + chain y { + type filter hook forward priority filter; policy accept; + flow add @f counter packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/flowtable/dumps/0015destroy_0.json-nft b/tests/shell/testcases/flowtable/dumps/0015destroy_0.json-nft new file mode 100644 index 00000000..e0e56fec --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0015destroy_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/flowtable/dumps/0015destroy_0.nft b/tests/shell/testcases/flowtable/dumps/0015destroy_0.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0015destroy_0.nft @@ -0,0 +1,2 @@ +table ip t { +} |