diff options
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/testcases/sets/0043concatenated_ranges_0 | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0043concatenated_ranges_0 b/tests/shell/testcases/sets/0043concatenated_ranges_0 new file mode 100755 index 00000000..a783dacc --- /dev/null +++ b/tests/shell/testcases/sets/0043concatenated_ranges_0 @@ -0,0 +1,180 @@ +#!/bin/sh -e +# +# 0043concatenated_ranges_0 - Add, get, list, timeout for concatenated ranges +# +# Cycle over supported data types, forming concatenations of three fields, for +# all possible permutations, and: +# - add entries to set +# - list them +# - check that they can't be added again +# - get entries by specifying a value matching ranges for all fields +# - delete them +# - add them with 1s timeout +# - check that they can't be added again right away +# - check that they are not listed after 1s, just once, for the first entry +# - delete them +# - make sure they can't be deleted again + +if [ "$(ps -o comm= $PPID)" = "run-tests.sh" ]; then + # Skip some permutations on a full test suite run to keep it quick + TYPES="ipv4_addr ipv6_addr ether_addr inet_service" +else + TYPES="ipv4_addr ipv6_addr ether_addr inet_proto inet_service mark" +fi + +RULESPEC_ipv4_addr="ip saddr" +ELEMS_ipv4_addr="192.0.2.1 198.51.100.0/25 203.0.113.0-203.0.113.129" +ADD_ipv4_addr="192.0.2.252/31" +GET_ipv4_addr="198.51.100.127 198.51.100.0/25" + +RULESPEC_ipv6_addr="ip6 daddr" +ELEMS_ipv6_addr="2001:db8:c0c:c0de::1-2001:db8:cacc::a 2001:db8::1 2001:db8:dada:da::/64" +ADD_ipv6_addr="2001:db8::d1ca:d1ca" +GET_ipv6_addr="2001:db8::1 2001:db8::1" + +RULESPEC_ether_addr="ether saddr" +ELEMS_ether_addr="00:0a:c1:d1:f1:ed-00:0a:c1:dd:ec:af 00:0b:0c:ca:cc:10-c1:a0:c1:cc:10:00 f0:ca:cc:1a:b0:1a" +ADD_ether_addr="00:be:1d:ed:ab:e1" +GET_ether_addr="ac:c1:ac:c0:ce:c0 00:0b:0c:ca:cc:10-c1:a0:c1:cc:10:00" + +RULESPEC_inet_proto="meta l4proto" +ELEMS_inet_proto="tcp udp icmp" +ADD_inet_proto="sctp" +GET_inet_proto="udp udp" + +RULESPEC_inet_service="tcp dport" +ELEMS_inet_service="22-23 1024-32768 31337" +ADD_inet_service="32769-65535" +GET_inet_service="32768 1024-32768" + +RULESPEC_mark="mark" +ELEMS_mark="0x00000064-0x000000c8 0x0000006f 0x0000fffd-0x0000ffff" +ADD_mark="0x0000002a" +GET_mark="0x0000006f 0x0000006f" + +tmp="$(mktemp)" +trap "rm -f ${tmp}" EXIT + +render() { + eval "echo \"$(cat ${1})\"" +} + +cat <<'EOF' > "${tmp}" +flush ruleset + +table inet filter { + set test { + type ${ta} . ${tb} . ${tc} + flags interval,timeout + elements = { ${a1} . ${b1} . ${c1} , + ${a2} . ${b2} . ${c2} , + ${a3} . ${b3} . ${c3} } + } + + chain output { + type filter hook output priority 0; policy accept; + ${sa} . ${sb} . ${sc} @test counter + } +} +EOF + +timeout_tested=0 +for ta in ${TYPES}; do + eval a=\$ELEMS_${ta} + a1=${a%% *}; a2=$(expr "$a" : ".* \(.*\) .*"); a3=${a##* } + eval sa=\$RULESPEC_${ta} + + for tb in ${TYPES}; do + [ "${tb}" = "${ta}" ] && continue + if [ "${tb}" = "ipv6_addr" ]; then + [ "${ta}" = "ipv4_addr" ] && continue + elif [ "${tb}" = "ipv4_addr" ]; then + [ "${ta}" = "ipv6_addr" ] && continue + fi + + eval b=\$ELEMS_${tb} + b1=${b%% *}; b2=$(expr "$b" : ".* \(.*\) .*"); b3=${b##* } + eval sb=\$RULESPEC_${tb} + + for tc in ${TYPES}; do + [ "${tc}" = "${ta}" ] && continue + [ "${tc}" = "${tb}" ] && continue + if [ "${tc}" = "ipv6_addr" ]; then + [ "${ta}" = "ipv4_addr" ] && continue + [ "${tb}" = "ipv4_addr" ] && continue + elif [ "${tc}" = "ipv4_addr" ]; then + [ "${ta}" = "ipv6_addr" ] && continue + [ "${tb}" = "ipv6_addr" ] && continue + fi + + echo "TYPE: ${ta} ${tb} ${tc}" + + eval c=\$ELEMS_${tc} + c1=${c%% *}; c2=$(expr "$c" : ".* \(.*\) .*"); c3=${c##* } + eval sc=\$RULESPEC_${tc} + + render ${tmp} | ${NFT} -f - + + [ $(${NFT} list set inet filter test | \ + grep -c -e "${a1} . ${b1} . ${c1}" \ + -e "${a2} . ${b2} . ${c2}" \ + -e "${a3} . ${b3} . ${c3}") -eq 3 ] + + ! ${NFT} "add element inet filter test \ + { ${a1} . ${b1} . ${c1} }; + add element inet filter test \ + { ${a2} . ${b2} . ${c2} }; + add element inet filter test \ + { ${a3} . ${b3} . ${c3} }" 2>/dev/null + + ${NFT} delete element inet filter test \ + "{ ${a1} . ${b1} . ${c1} }" + ! ${NFT} delete element inet filter test \ + "{ ${a1} . ${b1} . ${c1} }" 2>/dev/null + + eval add_a=\$ADD_${ta} + eval add_b=\$ADD_${tb} + eval add_c=\$ADD_${tc} + ${NFT} add element inet filter test \ + "{ ${add_a} . ${add_b} . ${add_c} timeout 1s}" + [ $(${NFT} list set inet filter test | \ + grep -c "${add_a} . ${add_b} . ${add_c}") -eq 1 ] + ! ${NFT} add element inet filter test \ + "{ ${add_a} . ${add_b} . ${add_c} timeout 1s}" \ + 2>/dev/null + + eval get_a=\$GET_${ta} + eval get_b=\$GET_${tb} + eval get_c=\$GET_${tc} + exp_a=${get_a##* }; get_a=${get_a%% *} + exp_b=${get_b##* }; get_b=${get_b%% *} + exp_c=${get_c##* }; get_c=${get_c%% *} + [ $(${NFT} get element inet filter test \ + "{ ${get_a} . ${get_b} . ${get_c} }" | \ + grep -c "${exp_a} . ${exp_b} . ${exp_c}") -eq 1 ] + + ${NFT} "delete element inet filter test \ + { ${a2} . ${b2} . ${c2} }; + delete element inet filter test \ + { ${a3} . ${b3} . ${c3} }" + ! ${NFT} "delete element inet filter test \ + { ${a2} . ${b2} . ${c2} }; + delete element inet filter test \ + { ${a3} . ${b3} . ${c3} }" 2>/dev/null + + if [ ${timeout_tested} -eq 1 ]; then + ${NFT} delete element inet filter test \ + "{ ${add_a} . ${add_b} . ${add_c} }" + ! ${NFT} delete element inet filter test \ + "{ ${add_a} . ${add_b} . ${add_c} }" \ + 2>/dev/null + continue + fi + + sleep 1 + [ $(${NFT} list set inet filter test | \ + grep -c "${add_a} . ${add_b} . ${add_c}") -eq 0 ] + timeout_tested=1 + done + done +done |