summaryrefslogtreecommitdiffstats
path: root/tests/py/inet/tcp.t.json
Commit message (Collapse)AuthorAgeFilesLines
* tests: remove redundant test casesFlorian Westphal2021-06-071-280/+0
| | | | | | | | | | | | | Check for ... 23-42 ... ... { 23-42 } ... and remove the latter. Followup patch will translate the former to the latter during evaluation step to avoid the unneded anon set. A separate test case will be added that checks for such rewrites. Signed-off-by: Florian Westphal <fw@strlen.de>
* json: fix parse of flagcmp expressionFlorian Westphal2021-06-021-0/+27
| | | | | | | | | | | | The json test case for the flagcmp notation ('tcp flags syn,fin / syn,fin') fails with: command: {"nftables": [{"add": {"rule": {"family": "ip", "table": "test-ip4", "chain": "input", "expr": [{"match": {"left": {"&": [{"payload": {"field": "flags", "protocol": "tcp"}}, ["fin", "syn"]]}, "op": "==", "right": ["fin", "syn"]}}]}}}]} internal:0:0-0: Error: List expression only allowed on RHS or in statement expression. internal:0:0-0: Error: Failed to parse RHS of binop expression. internal:0:0-0: Error: Invalid LHS of relational. internal:0:0-0: Error: Parsing expr array at index 0 failed. internal:0:0-0: Error: Parsing command array at index 0 failed. Signed-off-by: Florian Westphal <fw@strlen.de>
* parser_bison: missing relational operation on flag listPablo Neira Ayuso2021-05-021-0/+19
| | | | | | | | | | | | | | | Complete e6c32b2fa0b8 ("src: add negation match on singleton bitmask value") which was missing comma-separated list of flags. This patch provides a shortcut for: tcp flags and fin,rst == 0 which allows to check for the packet whose fin and rst bits are unset: # nft add rule x y tcp flags not fin,rst counter Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: py: add missing test JSON output for TCP flag tests.Jeremy Sowden2020-10-121-0/+93
| | | | | | Fixes: 3926a3369bb5 ("mergesort: unbreak listing with binops") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Revert "tests: py: remove single-value-anon-set test cases"Pablo Neira Ayuso2019-05-241-0/+280
| | | | This reverts commit d03bcb669c0c645190df9bd166f53380bcac7862.
* tests: py: remove single-value-anon-set test casesFlorian Westphal2019-05-191-280/+0
| | | | | | | | future change will rewrite all single-element anon sets to a cmp op. Retain a few test cases to later check that the rewrite is correct, but remove all others. Signed-off-by: Florian Westphal <fw@strlen.de>
* parser_bison: Fix for ECN keyword in LHS of relationalPhil Sutter2018-10-041-0/+23
| | | | | | | | | | | | | | | | | | | | Of all possible TCP flags, 'ecn' is special since it is recognized by lex as a keyword (there is a a field in IPv4 and IPv6 headers with the same name). Therefore it is listed in keyword_expr, but that was sufficient for RHS only. The following statement reproduces the issue: | tcp flags & (syn | ecn) == (syn | ecn) The solution is to limit binop expressions to accept an RHS expression on RHS ("real" LHS expressions don't make much sense there anyway), which then allows keyword_expr to occur there. In order to maintain the recursive behaviour if braces are present, allow primary_rhs_expr to consist of a basic_rhs_expr enclosed in braces. This in turn requires for braced RHS part in relational_expr to be dropped, otherwise bison complains about shift/reduce conflict. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Make match op mandatory, introduce 'in' operatorPhil Sutter2018-08-301-0/+48
| | | | | | | | This special operator is required for cases where missing operator does not lead to same results as equal operator, i.e. with bitmasks on RHS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Rename (v)map expression propertiesPhil Sutter2018-08-301-6/+6
| | | | | | | | Change the rather generic "left" and "right" into "key" and "data" as suggested at NFWS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Review payload expressionPhil Sutter2018-08-301-84/+84
| | | | | | | | | | | For raw payloads, property "name" is not needed, it's clearly identified by base/offset/len properties. In non-raw payload expressions, rename property "name" to "protocol" as suggested during NFWS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Call verdict maps 'vmap' in JSON as wellPhil Sutter2018-06-111-3/+3
| | | | | | | This way JSON format is more consistent with the standard one. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Add missing JSON equivalent for rule in inet/tcp.tPhil Sutter2018-06-011-0/+16
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Support testing JSON input and output as wellPhil Sutter2018-05-111-0/+1552
This extends nft-test.py by optional JSON testing capabilities, activated via '-j'/'--enable-json' parameter). JSON testing happens for all rules which are supposed to work: After a rule has been added and the existing tests (payload, ruleset listing output) have been performed, basically the same test is done again using a recorded JSON equivalent and (if necessary) a recorded listing output. The code tries to ease new test case creation overhead by auto-generating JSON equivalent input via listing the (non-JSON) rule in JSON format. Also, differing netlink debug and listing output are stored in *.got files to assist in analyzing/fixing failing test cases. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>