diff options
Diffstat (limited to 'tests/shell/testcases/optionals')
20 files changed, 610 insertions, 6 deletions
diff --git a/tests/shell/testcases/optionals/comments_chain_0 b/tests/shell/testcases/optionals/comments_chain_0 index fba961c7..1a84cfa6 100755 --- a/tests/shell/testcases/optionals/comments_chain_0 +++ b/tests/shell/testcases/optionals/comments_chain_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_comment) + EXPECTED='table ip test_table { chain test_chain { comment "test" diff --git a/tests/shell/testcases/optionals/comments_objects_0 b/tests/shell/testcases/optionals/comments_objects_0 index 7437c77b..28041ebd 100755 --- a/tests/shell/testcases/optionals/comments_objects_0 +++ b/tests/shell/testcases/optionals/comments_objects_0 @@ -1,9 +1,25 @@ #!/bin/bash -EXPECTED='table ip filter { +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_comment) + +set -e + +COMMENT128="12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" + +# test for pass with comment that is 128 bytes long. +rc=0 +$NFT add table ip filter \{ quota foo1 \{ comment "\"${COMMENT128}\"" \}\; \}\; || rc="$?" +test "$rc" = 0 + +# test for failure with comment that is 128+1 bytes long. +rc=0 +$NFT add table ip filter \{ quota foo2 \{ comment "\"${COMMENT128}x\"" \}\; \}\; || rc="$?" +test "$rc" = 1 + +RULESET='table ip filter { quota q { over 1200 bytes - comment "test1" + comment "'"$COMMENT128"'" } counter c { @@ -39,6 +55,4 @@ EXPECTED='table ip filter { } ' -set -e - -$NFT -f - <<< "$EXPECTED" +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/optionals/comments_table_0 b/tests/shell/testcases/optionals/comments_table_0 index a0dfd749..56bb206b 100755 --- a/tests/shell/testcases/optionals/comments_table_0 +++ b/tests/shell/testcases/optionals/comments_table_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_comment) + # comments are shown $NFT add table test { comment \"test_comment\"\; } diff --git a/tests/shell/testcases/optionals/dumps/comments_0.json-nft b/tests/shell/testcases/optionals/dumps/comments_0.json-nft new file mode 100644 index 00000000..aef4b3e4 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_0.json-nft @@ -0,0 +1,58 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "test", + "chain": "test", + "handle": 0, + "comment": "test_comment", + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/comments_chain_0.json-nft b/tests/shell/testcases/optionals/dumps/comments_chain_0.json-nft new file mode 100644 index 00000000..4c752e80 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_chain_0.json-nft @@ -0,0 +1,27 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test_table", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test_table", + "name": "test_chain", + "handle": 0, + "comment": "test" + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/comments_handles_0.json-nft b/tests/shell/testcases/optionals/dumps/comments_handles_0.json-nft new file mode 100644 index 00000000..aef4b3e4 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_handles_0.json-nft @@ -0,0 +1,58 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "test", + "chain": "test", + "handle": 0, + "comment": "test_comment", + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/comments_objects_0.json-nft b/tests/shell/testcases/optionals/dumps/comments_objects_0.json-nft new file mode 100644 index 00000000..b5359d8b --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_objects_0.json-nft @@ -0,0 +1,102 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "quota": { + "family": "ip", + "name": "foo1", + "table": "filter", + "handle": 0, + "comment": "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678", + "bytes": 0, + "used": 0, + "inv": false + } + }, + { + "quota": { + "family": "ip", + "name": "q", + "table": "filter", + "handle": 0, + "comment": "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678", + "bytes": 1200, + "used": 0, + "inv": true + } + }, + { + "counter": { + "family": "ip", + "name": "c", + "table": "filter", + "handle": 0, + "comment": "test2", + "packets": 0, + "bytes": 0 + } + }, + { + "ct helper": { + "family": "ip", + "name": "h", + "table": "filter", + "handle": 0, + "comment": "test3", + "type": "sip", + "protocol": "tcp", + "l3proto": "ip" + } + }, + { + "ct expectation": { + "family": "ip", + "name": "e", + "table": "filter", + "handle": 0, + "comment": "test4", + "protocol": "tcp", + "dport": 666, + "timeout": 100, + "size": 96, + "l3proto": "ip" + } + }, + { + "limit": { + "family": "ip", + "name": "l", + "table": "filter", + "handle": 0, + "comment": "test5", + "rate": 400, + "per": "hour", + "burst": 5 + } + }, + { + "synproxy": { + "family": "ip", + "name": "s", + "table": "filter", + "handle": 0, + "comment": "test6", + "mss": 1460, + "wscale": 2 + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/comments_objects_0.nft b/tests/shell/testcases/optionals/dumps/comments_objects_0.nft index b760ced6..13822209 100644 --- a/tests/shell/testcases/optionals/dumps/comments_objects_0.nft +++ b/tests/shell/testcases/optionals/dumps/comments_objects_0.nft @@ -1,6 +1,11 @@ table ip filter { + quota foo1 { + comment "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" + 0 bytes + } + quota q { - comment "test1" + comment "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" over 1200 bytes } diff --git a/tests/shell/testcases/optionals/dumps/comments_objects_dup_0.json-nft b/tests/shell/testcases/optionals/dumps/comments_objects_dup_0.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_objects_dup_0.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/comments_objects_dup_0.nft b/tests/shell/testcases/optionals/dumps/comments_objects_dup_0.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_objects_dup_0.nft diff --git a/tests/shell/testcases/optionals/dumps/comments_table_0.json-nft b/tests/shell/testcases/optionals/dumps/comments_table_0.json-nft new file mode 100644 index 00000000..8512c7de --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_table_0.json-nft @@ -0,0 +1,19 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0, + "comment": "test_comment" + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/delete_object_handles_0.json-nft b/tests/shell/testcases/optionals/dumps/delete_object_handles_0.json-nft new file mode 100644 index 00000000..583ce528 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/delete_object_handles_0.json-nft @@ -0,0 +1,67 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test-ip", + "handle": 0 + } + }, + { + "quota": { + "family": "ip", + "name": "https-quota", + "table": "test-ip", + "handle": 0, + "bytes": 26214400, + "used": 0, + "inv": false + } + }, + { + "map": { + "family": "ip", + "name": "ports", + "table": "test-ip", + "type": "inet_service", + "handle": 0, + "map": "quota" + } + }, + { + "table": { + "family": "ip6", + "name": "test-ip6", + "handle": 0 + } + }, + { + "quota": { + "family": "ip6", + "name": "http-quota", + "table": "test-ip6", + "handle": 0, + "bytes": 26214400, + "used": 0, + "inv": true + } + }, + { + "counter": { + "family": "ip6", + "name": "http-traffic", + "table": "test-ip6", + "handle": 0, + "packets": 0, + "bytes": 0 + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/delete_object_handles_0.nft b/tests/shell/testcases/optionals/dumps/delete_object_handles_0.nft new file mode 100644 index 00000000..aac03cc5 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/delete_object_handles_0.nft @@ -0,0 +1,18 @@ +table ip test-ip { + quota https-quota { + 25 mbytes + } + + map ports { + type inet_service : quota + } +} +table ip6 test-ip6 { + quota http-quota { + over 25 mbytes + } + + counter http-traffic { + packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/optionals/dumps/handles_0.json-nft b/tests/shell/testcases/optionals/dumps/handles_0.json-nft new file mode 100644 index 00000000..ff06af30 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/handles_0.json-nft @@ -0,0 +1,57 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "test", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/handles_1.json-nft b/tests/shell/testcases/optionals/dumps/handles_1.json-nft new file mode 100644 index 00000000..ff06af30 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/handles_1.json-nft @@ -0,0 +1,57 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test", + "name": "test", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "test", + "chain": "test", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 22 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "accept": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/handles_1.nft b/tests/shell/testcases/optionals/dumps/handles_1.nft new file mode 100644 index 00000000..085c6cf1 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/handles_1.nft @@ -0,0 +1,5 @@ +table ip test { + chain test { + tcp dport 22 counter packets 0 bytes 0 accept + } +} diff --git a/tests/shell/testcases/optionals/dumps/log_prefix_0.json-nft b/tests/shell/testcases/optionals/dumps/log_prefix_0.json-nft new file mode 100644 index 00000000..161a58d4 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/log_prefix_0.json-nft @@ -0,0 +1,52 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "in", + "left": { + "ct": { + "key": "state" + } + }, + "right": "invalid" + } + }, + { + "log": { + "prefix": "invalid state match, logging:" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/update_object_handles_0.json-nft b/tests/shell/testcases/optionals/dumps/update_object_handles_0.json-nft new file mode 100644 index 00000000..ba78f8d7 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/update_object_handles_0.json-nft @@ -0,0 +1,39 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test-ip", + "handle": 0 + } + }, + { + "counter": { + "family": "ip", + "name": "traffic-counter", + "table": "test-ip", + "handle": 0, + "packets": 0, + "bytes": 0 + } + }, + { + "quota": { + "family": "ip", + "name": "traffic-quota", + "table": "test-ip", + "handle": 0, + "bytes": 52428800, + "used": 0, + "inv": false + } + } + ] +} diff --git a/tests/shell/testcases/optionals/dumps/update_object_handles_0.nft b/tests/shell/testcases/optionals/dumps/update_object_handles_0.nft new file mode 100644 index 00000000..f391b631 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/update_object_handles_0.nft @@ -0,0 +1,9 @@ +table ip test-ip { + counter traffic-counter { + packets 0 bytes 0 + } + + quota traffic-quota { + 50 mbytes + } +} diff --git a/tests/shell/testcases/optionals/update_object_handles_0 b/tests/shell/testcases/optionals/update_object_handles_0 index 8b12b8c5..ccd96779 100755 --- a/tests/shell/testcases/optionals/update_object_handles_0 +++ b/tests/shell/testcases/optionals/update_object_handles_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_stateful_object_update) + set -e $NFT add table test-ip $NFT add counter test-ip traffic-counter |