summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/sets/0043concatenated_ranges_0
diff options
context:
space:
mode:
Diffstat (limited to 'tests/shell/testcases/sets/0043concatenated_ranges_0')
-rwxr-xr-xtests/shell/testcases/sets/0043concatenated_ranges_0195
1 files changed, 195 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0043concatenated_ranges_0 b/tests/shell/testcases/sets/0043concatenated_ranges_0
new file mode 100755
index 00000000..a3dbf5bf
--- /dev/null
+++ b/tests/shell/testcases/sets/0043concatenated_ranges_0
@@ -0,0 +1,195 @@
+#!/bin/bash -e
+#
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_pipapo)
+# NFT_TEST_SKIP(NFT_TEST_SKIP_slow)
+#
+# 0043concatenated_ranges_0 - Add, get, list, timeout for concatenated ranges
+#
+# Cycle over supported data types, forming concatenations of three fields, for
+# all possible permutations, and:
+# - add entries to set
+# - list them
+# - get entries by specifying a value matching ranges for all fields
+# - delete them
+# - check that they can't be deleted again
+# - add them with 1s timeout
+# - check that they are not listed after 1s, just once, for the first entry
+# - delete them
+# - make sure they can't be deleted again
+
+TYPES="ipv4_addr ipv6_addr ether_addr inet_proto inet_service mark"
+
+RULESPEC_ipv4_addr="ip saddr"
+ELEMS_ipv4_addr="192.0.2.1 198.51.100.0/25 203.0.113.0-203.0.113.129"
+ADD_ipv4_addr="192.0.2.252/31"
+GET_ipv4_addr="198.51.100.127 198.51.100.0/25"
+
+RULESPEC_ipv6_addr="ip6 daddr"
+ELEMS_ipv6_addr="2001:db8:c0c:c0de::1-2001:db8:cacc::a 2001:db8::1 2001:db8:dada:da::/64"
+ADD_ipv6_addr="2001:db8::d1ca:d1ca"
+GET_ipv6_addr="2001:db8::1 2001:db8::1"
+
+RULESPEC_ether_addr="ether saddr"
+ELEMS_ether_addr="00:0a:c1:d1:f1:ed-00:0a:c1:dd:ec:af 00:0b:0c:ca:cc:10-c1:a0:c1:cc:10:00 f0:ca:cc:1a:b0:1a"
+ADD_ether_addr="00:be:1d:ed:ab:e1"
+GET_ether_addr="ac:c1:ac:c0:ce:c0 00:0b:0c:ca:cc:10-c1:a0:c1:cc:10:00"
+
+RULESPEC_inet_proto="meta l4proto"
+ELEMS_inet_proto="tcp udp icmp"
+ADD_inet_proto="sctp"
+GET_inet_proto="udp udp"
+
+RULESPEC_inet_service="tcp dport"
+ELEMS_inet_service="22-23 1024-32768 31337"
+ADD_inet_service="32769-65535"
+GET_inet_service="32768 1024-32768"
+
+RULESPEC_mark="mark"
+ELEMS_mark="0x00000064-0x000000c8 0x0000006f 0x0000fffd-0x0000ffff"
+ADD_mark="0x0000002a"
+GET_mark="0x0000006f 0x0000006f"
+
+tmp="$(mktemp)"
+trap "rm -f ${tmp}" EXIT
+
+render() {
+ eval "echo \"$(cat ${1})\""
+}
+
+cat <<'EOF' > "${tmp}"
+flush ruleset
+
+table inet filter {
+ ${setmap} test {
+ type ${ta} . ${tb} . ${tc} ${mapt}
+ flags interval,timeout
+ elements = { ${a1} . ${b1} . ${c1} ${mapv},
+ ${a2} . ${b2} . ${c2} ${mapv},
+ ${a3} . ${b3} . ${c3} ${mapv}, }
+ }
+
+ chain output {
+ type filter hook output priority 0; policy accept;
+ ${rule} @test counter
+ }
+}
+EOF
+
+timeout_tested=0
+run_test()
+{
+setmap="$1"
+for ta in ${TYPES}; do
+ eval a=\$ELEMS_${ta}
+ a1=${a%% *}; a2=$(expr "$a" : ".* \(.*\) .*"); a3=${a##* }
+ eval sa=\$RULESPEC_${ta}
+
+ mark=0
+ for tb in ${TYPES}; do
+ [ "${tb}" = "${ta}" ] && continue
+ if [ "${tb}" = "ipv6_addr" ]; then
+ [ "${ta}" = "ipv4_addr" ] && continue
+ elif [ "${tb}" = "ipv4_addr" ]; then
+ [ "${ta}" = "ipv6_addr" ] && continue
+ fi
+
+ eval b=\$ELEMS_${tb}
+ b1=${b%% *}; b2=$(expr "$b" : ".* \(.*\) .*"); b3=${b##* }
+ eval sb=\$RULESPEC_${tb}
+
+ for tc in ${TYPES}; do
+ [ "${tc}" = "${ta}" ] && continue
+ [ "${tc}" = "${tb}" ] && continue
+ if [ "${tc}" = "ipv6_addr" ]; then
+ [ "${ta}" = "ipv4_addr" ] && continue
+ [ "${tb}" = "ipv4_addr" ] && continue
+ elif [ "${tc}" = "ipv4_addr" ]; then
+ [ "${ta}" = "ipv6_addr" ] && continue
+ [ "${tb}" = "ipv6_addr" ] && continue
+ fi
+
+ echo "$setmap TYPE: ${ta} ${tb} ${tc}"
+
+ eval c=\$ELEMS_${tc}
+ c1=${c%% *}; c2=$(expr "$c" : ".* \(.*\) .*"); c3=${c##* }
+ eval sc=\$RULESPEC_${tc}
+
+ case "${setmap}" in
+ "set")
+ mapt=""
+ mapv=""
+ rule="${sa} . ${sb} . ${sc}"
+ ;;
+ "map")
+ mapt=": mark"
+ mark=42
+ mapv=$(printf " : 0x%08x" ${mark})
+ rule="meta mark set ${sa} . ${sb} . ${sc} map"
+ ;;
+ esac
+
+ render ${tmp} | ${NFT} -f -
+
+ [ $(${NFT} list ${setmap} inet filter test | \
+ grep -c -e "${a1} . ${b1} . ${c1}${mapv}" \
+ -e "${a2} . ${b2} . ${c2}${mapv}" \
+ -e "${a3} . ${b3} . ${c3}${mapv}") -eq 3 ]
+
+ ${NFT} delete element inet filter test \
+ "{ ${a1} . ${b1} . ${c1}${mapv} }"
+ ${NFT} delete element inet filter test \
+ "{ ${a1} . ${b1} . ${c1}${mapv} }" \
+ 2>/dev/null && exit 1
+
+ eval add_a=\$ADD_${ta}
+ eval add_b=\$ADD_${tb}
+ eval add_c=\$ADD_${tc}
+ ${NFT} add element inet filter test \
+ "{ ${add_a} . ${add_b} . ${add_c} timeout 2m${mapv}}"
+ [ $(${NFT} list ${setmap} inet filter test | \
+ grep -c "${add_a} . ${add_b} . ${add_c}") -eq 1 ]
+
+ eval get_a=\$GET_${ta}
+ eval get_b=\$GET_${tb}
+ eval get_c=\$GET_${tc}
+ exp_a=${get_a##* }; get_a=${get_a%% *}
+ exp_b=${get_b##* }; get_b=${get_b%% *}
+ exp_c=${get_c##* }; get_c=${get_c%% *}
+ [ $(${NFT} get element inet filter test \
+ "{ ${get_a} . ${get_b} . ${get_c}${mapv} }" | \
+ grep -c "${exp_a} . ${exp_b} . ${exp_c}") -eq 1 ]
+
+ ${NFT} "delete element inet filter test \
+ { ${a2} . ${b2} . ${c2}${mapv} };
+ delete element inet filter test \
+ { ${a3} . ${b3} . ${c3}${mapv} }"
+ ${NFT} "delete element inet filter test \
+ { ${a2} . ${b2} . ${c2}${mapv} };
+ delete element inet filter test \
+ { ${a3} . ${b3} . ${c3} ${mapv} }" \
+ 2>/dev/null && exit 1
+
+ if [ ${timeout_tested} -eq 1 ]; then
+ ${NFT} delete element inet filter test \
+ "{ ${add_a} . ${add_b} . ${add_c} ${mapv} }"
+ ${NFT} delete element inet filter test \
+ "{ ${add_a} . ${add_b} . ${add_c} ${mapv} }" \
+ 2>/dev/null && exit 1
+ continue
+ fi
+
+ ${NFT} delete element inet filter test \
+ "{ ${add_a} . ${add_b} . ${add_c} ${mapv}}"
+ ${NFT} add element inet filter test \
+ "{ ${add_a} . ${add_b} . ${add_c} timeout 1s${mapv}}"
+ sleep 1
+ [ $(${NFT} list ${setmap} inet filter test | \
+ grep -c "${add_a} . ${add_b} . ${add_c} ${mapv}") -eq 0 ]
+ timeout_tested=1
+ done
+ done
+done
+}
+
+run_test "set"
+run_test "map"