summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rwxr-xr-xtests/shell/testcases/rule_management/0001addinsertposition_089
-rwxr-xr-xtests/shell/testcases/rule_management/0001addposition_011
-rwxr-xr-xtests/shell/testcases/rule_management/0002addinsertlocation_123
-rwxr-xr-xtests/shell/testcases/rule_management/0002insertposition_011
-rw-r--r--tests/shell/testcases/rule_management/dumps/0001addposition_0.nft7
-rw-r--r--tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft7
6 files changed, 112 insertions, 36 deletions
diff --git a/tests/shell/testcases/rule_management/0001addinsertposition_0 b/tests/shell/testcases/rule_management/0001addinsertposition_0
new file mode 100755
index 00000000..bb3fda51
--- /dev/null
+++ b/tests/shell/testcases/rule_management/0001addinsertposition_0
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+# tests for Netfilter bug #965 and the related fix
+# (regarding rule management with a given position/handle spec)
+
+set -e
+
+RULESET="flush ruleset
+table ip t {
+ chain c {
+ accept
+ accept
+ }
+}"
+
+EXPECTED="table ip t {
+ chain c {
+ accept
+ drop
+ accept
+ }
+}"
+
+for arg in "position 2" "handle 2" "index 0"; do
+ $NFT -f - <<< "$RULESET"
+ $NFT add rule t c $arg drop || {
+ $NFT list ruleset
+ exit 1
+ }
+
+ GET="$($NFT list ruleset)"
+ if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+ fi
+done
+
+for arg in "position 3" "handle 3" "index 1"; do
+ $NFT -f - <<< "$RULESET"
+ $NFT insert rule t c $arg drop
+
+ GET="$($NFT list ruleset)"
+ if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+ fi
+done
+
+EXPECTED="table ip t {
+ chain c {
+ accept
+ accept
+ drop
+ }
+}"
+
+for arg in "position 3" "handle 3" "index 1"; do
+ $NFT -f - <<< "$RULESET"
+ $NFT add rule t c $arg drop
+
+ GET="$($NFT list ruleset)"
+ if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+ fi
+done
+
+EXPECTED="table ip t {
+ chain c {
+ drop
+ accept
+ accept
+ }
+}"
+
+for arg in "position 2" "handle 2" "index 0"; do
+ $NFT -f - <<< "$RULESET"
+ $NFT insert rule t c $arg drop
+
+ GET="$($NFT list ruleset)"
+ if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+ fi
+done
diff --git a/tests/shell/testcases/rule_management/0001addposition_0 b/tests/shell/testcases/rule_management/0001addposition_0
deleted file mode 100755
index ee90d923..00000000
--- a/tests/shell/testcases/rule_management/0001addposition_0
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-# tests for Netfilter bug #965 and the related fix
-# (regarding rule management with a given position/handle spec)
-
-set -e
-$NFT add table t
-$NFT add chain t c
-$NFT add rule t c accept # should have handle 2
-$NFT add rule t c accept # should have handle 3
-$NFT add rule t c position 2 drop
diff --git a/tests/shell/testcases/rule_management/0002addinsertlocation_1 b/tests/shell/testcases/rule_management/0002addinsertlocation_1
new file mode 100755
index 00000000..b48d3d66
--- /dev/null
+++ b/tests/shell/testcases/rule_management/0002addinsertlocation_1
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# test rule adding with invalid position/handle/index value
+
+RULESET="flush ruleset
+table ip t {
+ chain c {
+ accept
+ accept
+ }
+}"
+
+$NFT -f - <<< "$RULESET"
+
+for cmd in add insert; do
+ for keyword in position handle index; do
+ $NFT $cmd rule t c $keyword 5 drop 2>/dev/null || continue
+
+ echo "E: invalid $keyword value allowed in $cmd command" >&2
+ exit 0
+ done
+done
+exit 1
diff --git a/tests/shell/testcases/rule_management/0002insertposition_0 b/tests/shell/testcases/rule_management/0002insertposition_0
deleted file mode 100755
index e9f886fb..00000000
--- a/tests/shell/testcases/rule_management/0002insertposition_0
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-# tests for Netfilter bug #965 and the related fix
-# (regarding rule management with a given position/handle spec)
-
-set -e
-$NFT add table t
-$NFT add chain t c
-$NFT add rule t c accept # should have handle 2
-$NFT add rule t c accept # should have handle 3
-$NFT insert rule t c position 2 drop
diff --git a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
deleted file mode 100644
index e282e13b..00000000
--- a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
+++ /dev/null
@@ -1,7 +0,0 @@
-table ip t {
- chain c {
- accept
- drop
- accept
- }
-}
diff --git a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
deleted file mode 100644
index 527d79d6..00000000
--- a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
+++ /dev/null
@@ -1,7 +0,0 @@
-table ip t {
- chain c {
- drop
- accept
- accept
- }
-}