summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/nft-f
Commit message (Collapse)AuthorAgeFilesLines
* sets: Fix for missing space after last elementPhil Sutter2017-03-224-9/+9
| | | | | | | | | | | Not having a space between the last element in a set and the closing curly brace looks ugly, so add it here. This also adjusts all shell testcases as they match whitespace in nft output and therefore fail otherwise. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: add testcase for different defines usageArturo Borrero Gonzalez2016-11-291-0/+44
| | | | | | | | | | | | | | | | | | This testcase add some defines in a nft -f run and then uses them in different spots (which are not covered in previous testcases). * defines used to define another one * different datatypes (numbers, strings, bits, ranges) * usage in sets, maps, contatenatios * single rules with single statements, multiple statements * reuse define in same rule Perhaps this isn't testing many different code path, but I find this interesting to have given it will probably be one of the most common use cases of nftables. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: add a testcase for many definesArturo Borrero Gonzalez2016-11-291-0/+37
| | | | | | | Use many defines in a single nft -f run. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* parser_bison: allow to use variable to add/create/delete elementsPablo Neira Ayuso2016-10-211-0/+22
| | | | | | | | | | | | | | | | | | | | | | | Using variable definitions from element command doesn't work, eg. -test.nft- define whitelist_v4 = { 1.1.1.1 } table inet filter { set whitelist_v4 { type ipv4_addr; } } add element inet filter whitelist_v4 $whitelist_v4 -EOF- # nft -f test.nft test.nft:7:38-38: Error: syntax error, unexpected '$', expecting '{' add element inet filter whitelist_v4 $whitelist_v4 ^ Fix this by using set_block_expr rule for every element command. This patch also comes with a new regression test. Reported-by: Leon Merten Lohse <leon@green-side.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* parser_bison: allow variable references in set elements definitionPablo Neira Ayuso2016-08-291-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Andreas reports that he cannot use variables in set definitions: define s-ext-2-int = 10.10.10.10 . 25, 10.10.10.10 . 143 set s-ext-2-int { type ipv4_addr . inet_service elements = { $s-ext-2-int } } This syntax is not correct though, since the curly braces should be placed in the variable definition itself, so we have context to handle this variable as a list of set elements. The correct syntax that works after this patch is: define s-ext-2-int = { 10.10.10.10 . 25, 10.10.10.10 . 143 } table inet forward { set s-ext-2-int { type ipv4_addr . inet_service elements = $s-ext-2-int } } Reported-by: Andreas Hainke <andreas.hainke@foteviken.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: make sure split table definition works via nft -fPablo Neira Ayuso2016-07-131-0/+50
| | | | | | Add test to cover split table definition in one single file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: make testcases which using tcp/udp port more rubostLiping Zhang2016-06-154-4/+4
| | | | | | | | | | | | | | | | In my mechain, port 12345 is mapped to italk in /etc/services: italk 12345/tcp # Italk Chat System So when we add nft rule with udp port "12345", nft list ruleset will displayed it as "italk", that cause the result is not same with expected, then testcase fail. Add "-nn" option when dump the rulesets from the kernel, make testcases which using tcp/udp port more rubost. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: add testcase to catch segfault if invalid syntax was usedArturo Borrero2016-05-131-0/+21
| | | | | | | | This helps to catch 5afa5a1 ("evaluate: check for NULL datatype in rhs in lookup expr"). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: add testcase for 'nft -f' load with actionsArturo Borrero2016-05-131-0/+68
| | | | | | | Let's tests loading a ruleset with actions. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: delete tempfile failover in testcasesArturo Borrero2016-04-155-35/+5
| | | | | | | | It seems both Debian/Fedora (and derivates) contains mktemp (from the coreutils package) so it makes no sense to have this failover, which looks buggy also. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: add new testcases for commit/rollbackArturo Borrero2016-04-074-0/+267
| | | | | | | | | | | New simple testcases for kernel commit/rollback operations. * ruleset A is loaded (good ruleset) * ruleset B is loaded (bad ruleset): fail is expected * ruleset A should remain in the kernel Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/shell: add first `nft -f' testsArturo Borrero2016-03-031-0/+25
This patch add some basic initial tests. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>