summaryrefslogtreecommitdiffstats
path: root/tests/monitor
Commit message (Collapse)AuthorAgeFilesLines
* monitor: do not call interval_map_decompose() for concat intervalsFlorian Westphal10 days1-0/+5
| | | | | | | | | | | | | | Without this, nft monitor will either print garbage or even segfault when encountering a concat set because we pass expr->value to libgmp helpers for concat (non-value) expressions. Also, for concat case, we need to call concat_range_aggregate() helper. Add a test case for this. Without this patch, it gives: tests/monitor/run-tests.sh: line 98: 1163 Segmentation fault (core dumped) $nft -nn -e -f $command_file > $echo_output Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: monitor: update insert and replace commandsPablo Neira Ayuso2021-09-291-2/+2
| | | | | | | | | Adjust test after these two kernel fixes: ("netfilter: nf_tables: reverse order in rule replacement expansion") ("netfilter: nf_tables: add position handle in event notification") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: monitor: Continue on errorPhil Sutter2021-08-241-10/+23
| | | | | | Just make sure return code reflects the overall result. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: monitor: Print errors to stderrPhil Sutter2021-08-241-10/+17
| | | | | | | While being at it, introduce die() to error and exit. But don't use it everywhere to prepare for continuing on errors. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: monitor: use correct $nft value in EXIT trapŠtěpán Němec2021-01-271-1/+1
| | | | | | | | | | With double quotes, $nft was being expanded to the default value even in presence of the -H option. Signed-off-by: Štěpán Němec <snemec@redhat.com> Helped-by: Tomáš Doležal <todoleza@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: allow tests/monitor to use a custom nft executableBalazs Scheidler2020-08-291-1/+1
| | | | | Signed-off-by: Balazs Scheidler <bazsi77@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: monitor: Support testing host's nft binaryPhil Sutter2020-02-071-0/+4
| | | | | | | Add support for -H/--host flag to use 'nft' tool from $PATH instead of the local one. Signed-off-by: Phil Sutter <phil@nwl.cc>
* monitor: Fix output for ranges in anonymous setsPhil Sutter2020-01-131-0/+5
| | | | | | | | | | | | | | | | | | Previous fix for named interval sets was simply wrong: Instead of limiting decomposing to anonymous interval sets, it effectively disabled it entirely. Since code needs to check for both interval and anonymous bits separately, introduce set_is_interval() helper to keep the code readable. Also extend test case to assert ranges in anonymous sets are correctly printed by echo or monitor modes. Without this fix, range boundaries are printed as individual set elements. Fixes: 5d57fa3e99bb9 ("monitor: Do not decompose non-anonymous sets") Signed-off-by: Phil Sutter <phil@nwl.cc> Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: monitor: Support running individual test casesPhil Sutter2020-01-101-2/+7
| | | | | | | | Recognize testcase paths on command line and limit testing on those only. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Do not decompose non-anonymous setsPhil Sutter2020-01-101-0/+20
| | | | | | | | | They have been decomposed already, trying to do that again causes a segfault. This is a similar fix as in commit 8ecb885589591 ("src: restore --echo with anonymous sets"). Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/monitor: Fix for changed ct timeout formatPhil Sutter2019-10-171-1/+1
| | | | | | | | | | Commit a9b0c385a1d5e ("rule: print space between policy and timeout") changed spacing in ct timeout objects but missed to adjust related test case. Fixes: a9b0c385a1d5e ("rule: print space between policy and timeout") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de>
* tests: monitor: Adjust to changed events orderingPhil Sutter2019-04-301-2/+2
| | | | | | | | | | When replacing a rule, kernel nowadays seems to report rule add event before rule delete one. Since both events belong to the same transaction, this is harmless per definition and merely needs adjustment in expected output. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: fix return codesArturo Borrero Gonzalez2018-11-281-1/+1
| | | | | | | Try to return != 0 if a testsuite fails. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: monitor: Test JSON output as wellPhil Sutter2018-10-158-11/+117
| | | | | | | | Enhance monitor test suite to test check JSON output as well. Note that for now there is no support for --echo output testing with JSON. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Fix printing of ct objectsPhil Sutter2018-10-151-0/+33
| | | | | | | | | | | | | | | Monitor output is supposed to be single lined without tabs, but ct object were printed with newlines and tabs hard-coded. Fixing this wasn't too hard given that there is 'stmt_separator' to also include semi-colons where required if newline was removed. A more obvious mistake was position of object type in monitor output: Like with other object types, it has to occur between command and table spec. As a positive side-effect, this aligns ct objects better with others (see obj_type_name_array for instance). Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/monitor: Print error "this requires root" and exitHarsha Sharma2017-11-061-0/+5
| | | | | | | | If executed without root privileges, print error "this requires root!" and exit. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Merge monitor and echo test suitesPhil Sutter2017-08-152-31/+96
| | | | | | | | | The two test suites were pretty similar already, and since echo output is supposed to be identical to monitor output apart from delete commands, they can be merged together with litte effort. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/monitor: Clear ruleset after testingPhil Sutter2017-07-271-5/+6
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/monitor: Simplify testcasesPhil Sutter2017-07-275-29/+20
| | | | | | | | By introducing 'O -' indicating that output should be identical as input, testcases can be simplified quite a bit. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Fix printing of set declarationsPhil Sutter2017-07-274-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | The optional attributes 'flags', 'gc-interval' and 'timeout' have to be delimited by stmt_separator (either newline or semicolon), not 'nl' which is set to whitespace by set_print_plain(). In order to restore readability, change stmt_separator to include a single whitespace after the semicolon. Here's monitor output for the following command: | # nft add set ip t testset { type inet_service; \ | timeout 60s; gc-interval 120s; } Before this patch: | add set ip t testset { type inet_service;timeout 1m gc-interval 2m } With this patch applied: | add set ip t testset { type inet_service; timeout 1m; gc-interval 2m; } Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/monitor: Add a small READMEPhil Sutter2017-07-251-0/+48
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/monitor: Ignore newgen messages in outputPhil Sutter2017-07-251-2/+5
| | | | | | | | | | | | Predicting the new ID value is not feasible and neither is implementing support for regular expressions when matching monitor output, so simply ignore them. Also use diff option '-w' instead of '-Z' to ignore all whitespace, not just at EOL. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Add basic monitor testing frameworkPhil Sutter2017-07-195-0/+168
This implements testing of 'nft monitor' output correctness and adds a number of testcases for named sets. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>