From 15500d0b1c07e8c497609e4509f7c8489cbc4b83 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Mon, 23 Oct 2023 18:13:15 +0200 Subject: tests/shell: inline input data in "single_anon_set" test The file "optimizations/dumps/single_anon_set.nft.input" was laying around, and it was unclear how it was used. Let's extend "check-patch.sh" to flag all unused files. But the script cannot understand how "single_anon_set.nft.input" is used (aside allow listing it). Instead, inline the script to keep it inside the test (script). We still write the data to a separate file and don't use `nft -f -` (because reading stdin uses a different code path we want to cover). Signed-off-by: Thomas Haller Signed-off-by: Pablo Neira Ayuso --- .../optimizations/dumps/single_anon_set.nft.input | 38 ----------------- .../shell/testcases/optimizations/single_anon_set | 47 +++++++++++++++++++++- 2 files changed, 45 insertions(+), 40 deletions(-) delete mode 100644 tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input deleted file mode 100644 index ecc5691b..00000000 --- a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input +++ /dev/null @@ -1,38 +0,0 @@ -table ip test { - chain test { - # Test cases where anon set can be removed: - ip saddr { 127.0.0.1 } accept - iif { "lo" } accept - - # negation, can change to != 22. - tcp dport != { 22 } drop - - # single prefix, can remove anon set. - ip saddr { 127.0.0.0/8 } accept - - # range, can remove anon set. - ip saddr { 127.0.0.1-192.168.7.3 } accept - tcp sport { 1-1023 } drop - - # Test cases where anon set must be kept. - - # 2 elements, cannot remove the anon set. - ip daddr { 192.168.7.1, 192.168.7.5 } accept - tcp dport { 80, 443 } accept - - # single element, but concatenation which is not - # supported outside of set/map context at this time. - ip daddr . tcp dport { 192.168.0.1 . 22 } accept - - # single element, but a map. - meta mark set ip daddr map { 192.168.0.1 : 1 } - - # 2 elements. This could be converted because - # ct state cannot be both established and related - # at the same time, but this needs extra work. - ct state { established, related } accept - - # with stateful statement - meta mark { 0x0000000a counter } - } -} diff --git a/tests/shell/testcases/optimizations/single_anon_set b/tests/shell/testcases/optimizations/single_anon_set index 7275e360..84fc2a7f 100755 --- a/tests/shell/testcases/optimizations/single_anon_set +++ b/tests/shell/testcases/optimizations/single_anon_set @@ -2,12 +2,55 @@ set -e +test -d "$NFT_TEST_TESTTMPDIR" + # Input file contains rules with anon sets that contain # one element, plus extra rule with two elements (that should be # left alone). # Dump file has the simplified rules where anon sets have been # replaced by equality tests where possible. -dumpfile=$(dirname $0)/dumps/$(basename $0).nft +file_input1="$NFT_TEST_TESTTMPDIR/input1.nft" + +cat < "$file_input1" +table ip test { + chain test { + # Test cases where anon set can be removed: + ip saddr { 127.0.0.1 } accept + iif { "lo" } accept + + # negation, can change to != 22. + tcp dport != { 22 } drop + + # single prefix, can remove anon set. + ip saddr { 127.0.0.0/8 } accept + + # range, can remove anon set. + ip saddr { 127.0.0.1-192.168.7.3 } accept + tcp sport { 1-1023 } drop + + # Test cases where anon set must be kept. + + # 2 elements, cannot remove the anon set. + ip daddr { 192.168.7.1, 192.168.7.5 } accept + tcp dport { 80, 443 } accept + + # single element, but concatenation which is not + # supported outside of set/map context at this time. + ip daddr . tcp dport { 192.168.0.1 . 22 } accept + + # single element, but a map. + meta mark set ip daddr map { 192.168.0.1 : 1 } + + # 2 elements. This could be converted because + # ct state cannot be both established and related + # at the same time, but this needs extra work. + ct state { established, related } accept + + # with stateful statement + meta mark { 0x0000000a counter } + } +} +EOF -$NFT -f "$dumpfile".input +$NFT -f "$file_input1" -- cgit v1.2.3