diff options
Diffstat (limited to 'tests/shell/testcases/optimizations/dumps')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/single_anon_set.nft | 15 | ||||
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input | 35 |
2 files changed, 50 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft new file mode 100644 index 00000000..35e3f36e --- /dev/null +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft @@ -0,0 +1,15 @@ +table ip test { + chain test { + ip saddr 127.0.0.1 accept + iif "lo" accept + tcp dport != 22 drop + ip saddr 127.0.0.0/8 accept + ip saddr 127.0.0.1-192.168.7.3 accept + tcp sport 1-1023 drop + ip daddr { 192.168.7.1, 192.168.7.5 } accept + tcp dport { 80, 443 } accept + ip daddr . tcp dport { 192.168.0.1 . 22 } accept + meta mark set ip daddr map { 192.168.0.1 : 0x00000001 } + ct state { established, related } accept + } +} diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input new file mode 100644 index 00000000..35b93832 --- /dev/null +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input @@ -0,0 +1,35 @@ +table ip test { + chain test { + # Test cases where anon set can be removed: + ip saddr { 127.0.0.1 } accept + iif { "lo" } accept + + # negation, can change to != 22. + tcp dport != { 22 } drop + + # single prefix, can remove anon set. + ip saddr { 127.0.0.0/8 } accept + + # range, can remove anon set. + ip saddr { 127.0.0.1-192.168.7.3 } accept + tcp sport { 1-1023 } drop + + # Test cases where anon set must be kept. + + # 2 elements, cannot remove the anon set. + ip daddr { 192.168.7.1, 192.168.7.5 } accept + tcp dport { 80, 443 } accept + + # single element, but concatenation which is not + # supported outside of set/map context at this time. + ip daddr . tcp dport { 192.168.0.1 . 22 } accept + + # single element, but a map. + meta mark set ip daddr map { 192.168.0.1 : 1 } + + # 2 elements. This could be converted because + # ct state cannot be both established and related + # at the same time, but this needs extra work. + ct state { established, related } accept + } +} |