From 9a32c83f7529ca7b3f6d4b3253b537a9da5681af Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 3 Aug 2012 19:56:37 +0200 Subject: tests: fix test, commands now comes before the family and table name Most tests still don't work though. They still need another fix. Reported-by: Tomasz Bursztyka Signed-off-by: Pablo Neira Ayuso --- tests/dictionary | 26 +++++++++++++------------- tests/expr-concat | 6 +++--- tests/expr-ct | 20 ++++++++++---------- tests/expr-meta | 28 ++++++++++++++-------------- tests/family-bridge | 10 +++++----- tests/family-ipv4 | 8 ++++---- tests/family-ipv6 | 8 ++++---- tests/feat-adjancent-load-merging | 8 ++++---- tests/obj-chain | 22 +++++++++++----------- tests/obj-table | 6 +++--- tests/payload-ll | 10 +++++----- tests/prefix | 10 +++++----- tests/set | 8 ++++---- tests/stmt-log | 6 +++--- 14 files changed, 88 insertions(+), 88 deletions(-) mode change 100755 => 100644 tests/dictionary mode change 100755 => 100644 tests/expr-concat mode change 100755 => 100644 tests/expr-ct mode change 100755 => 100644 tests/expr-meta mode change 100755 => 100644 tests/family-bridge mode change 100755 => 100644 tests/family-ipv4 mode change 100755 => 100644 tests/family-ipv6 mode change 100755 => 100644 tests/feat-adjancent-load-merging mode change 100755 => 100644 tests/obj-chain mode change 100755 => 100644 tests/obj-table mode change 100755 => 100644 tests/payload-ll mode change 100755 => 100644 tests/prefix mode change 100755 => 100644 tests/set mode change 100755 => 100644 tests/stmt-log diff --git a/tests/dictionary b/tests/dictionary old mode 100755 new mode 100644 index 20d53570..e489c4ec --- a/tests/dictionary +++ b/tests/dictionary @@ -1,52 +1,52 @@ #! nft -f # -table add ip filter -chain add ip filter OUTPUT NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter OUTPUT NF_INET_LOCAL_OUT 0 -chain add ip filter chain1 -rule add ip filter chain1 handle 1 counter +add chain ip filter chain1 +add rule ip filter chain1 handle 1 counter -chain add ip filter chain2 -rule add ip filter chain2 handle 1 counter +add chain ip filter chain2 +add rule ip filter chain2 handle 1 counter # must succeed: expr { expr, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22, \ 23, \ } # must fail: expr { type1, type2, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22, \ 192.168.0.1, \ } # must succeed: expr { expr => verdict, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22 => jump chain1, \ 23 => jump chain2, \ } # must fail: expr { expr => verdict, expr => expr, ... } -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22 => jump chain1, \ 23 => 0x100, \ } # must fail: expr { expr => expr, ...} -rule add ip filter OUTPUT ip protocol 6 tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 tcp dport { \ 22 => 0x100, \ 23 => 0x200, \ } # must succeed: expr MAP { expr => expr, ... } expr -rule add ip filter OUTPUT ip protocol 6 map tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 map tcp dport { \ 22 => 1, \ 23 => 2, \ } 2 # must fail: expr MAP { expr => type1, expr => type2, .. } expr -rule add ip filter OUTPUT ip protocol 6 map tcp dport { \ +add rule ip filter OUTPUT ip protocol 6 map tcp dport { \ 22 => 1, \ 23 => 192.168.0.1, \ } 2 diff --git a/tests/expr-concat b/tests/expr-concat old mode 100755 new mode 100644 index d9c553b6..bb284cce --- a/tests/expr-concat +++ b/tests/expr-concat @@ -1,19 +1,19 @@ #! nft -f # Concat element mismatch -rule add ip filter output ip daddr . tcp sport . tcp dport { \ +add rule ip filter output ip daddr . tcp sport . tcp dport { \ 192.168.0.1 . 22, \ 192.168.0.1 . 80, \ } # Concat type mismatch -rule add ip filter output ip daddr . tcp dport { \ +add rule ip filter output ip daddr . tcp dport { \ 192.168.0.1 . 192.168.0.2, \ 192.168.0.1 . 192.168.0.3, \ } # Concat expression -rule add ip filter output ip daddr . tcp dport { \ +add rule ip filter output ip daddr . tcp dport { \ 192.168.0.1 . 22, \ 192.168.0.1 . 80, \ } diff --git a/tests/expr-ct b/tests/expr-ct old mode 100755 new mode 100644 index 8391c3ec..d464a949 --- a/tests/expr-ct +++ b/tests/expr-ct @@ -1,26 +1,26 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 # ct: state -rule add ip filter output ct state 0 counter +add rule ip filter output ct state 0 counter # ct: direction original/reply -rule add ip filter output ct direction 0 counter -rule add ip filter output ct direction 1 counter +add rule ip filter output ct direction 0 counter +add rule ip filter output ct direction 1 counter # ct: status -rule add ip filter output ct status 0 counter +add rule ip filter output ct status 0 counter # ct: mark -rule add ip filter output ct mark 0 counter +add rule ip filter output ct mark 0 counter # ct: secmark -rule add ip filter output ct secmark 0 counter +add rule ip filter output ct secmark 0 counter # ct: expiration -rule add ip filter output ct expiration 30 counter +add rule ip filter output ct expiration 30 counter # ct: helper ftp -rule add ip filter output ct helper "ftp" counter +add rule ip filter output ct helper "ftp" counter diff --git a/tests/expr-meta b/tests/expr-meta old mode 100755 new mode 100644 index 122d2895..97582aa1 --- a/tests/expr-meta +++ b/tests/expr-meta @@ -1,40 +1,40 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 # meta: skb len -rule add ip filter output meta length 1000 counter +add rule ip filter output meta length 1000 counter # meta: skb protocol -rule add ip filter output meta protocol 0x0800 counter +add rule ip filter output meta protocol 0x0800 counter # meta: skb mark -rule add ip filter output meta mark 0 counter +add rule ip filter output meta mark 0 counter # meta: skb iif -rule add ip filter output meta iif 1 counter +add rule ip filter output meta iif 1 counter # meta: skb iifname -rule add ip filter output meta iifname "eth0" counter +add rule ip filter output meta iifname "eth0" counter # meta: skb oif -rule add ip filter output meta oif 1 counter +add rule ip filter output meta oif 1 counter # meta: skb oifname -rule add ip filter output meta oifname "eth0" counter +add rule ip filter output meta oifname "eth0" counter # meta: skb sk uid -rule add ip filter output meta skuid 1000 counter +add rule ip filter output meta skuid 1000 counter # meta: skb sk gid -rule add ip filter output meta skgid 1000 counter +add rule ip filter output meta skgid 1000 counter # meta: nftrace - broken, probably should be removed to avoid abuse -#rule add ip filter output meta nftrace 0 counter +#add rule ip filter output meta nftrace 0 counter # meta: rtclassid -rule add ip filter output meta rtclassid 1 counter +add rule ip filter output meta rtclassid 1 counter # meta: secmark -rule add ip filter output meta secmark 0 counter +add rule ip filter output meta secmark 0 counter diff --git a/tests/family-bridge b/tests/family-bridge old mode 100755 new mode 100644 index 633211fb..0e3d8f1b --- a/tests/family-bridge +++ b/tests/family-bridge @@ -1,13 +1,13 @@ #! nft -f -table add bridge filter -chain add bridge filter output NF_INET_LOCAL_OUT 0 +add table bridge filter +add chain bridge filter output NF_INET_LOCAL_OUT 0 # LL protocol -rule add bridge filter output eth type 0x0800 counter +add rule bridge filter output eth type 0x0800 counter # IP address -rule add bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter +add rule bridge filter output eth type 0x0800 ip daddr 20.0.0.2 counter # IPv6 address -rule add bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter +add rule bridge filter output eth type 0x86DD ip6 daddr 2001:6f8:974:3::2 counter diff --git a/tests/family-ipv4 b/tests/family-ipv4 old mode 100755 new mode 100644 index 7c28bb43..b15d1595 --- a/tests/family-ipv4 +++ b/tests/family-ipv4 @@ -1,10 +1,10 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 # IP address -rule add ip filter output ip daddr 192.168.0.1 counter +add rule ip filter output ip daddr 192.168.0.1 counter # TCP ports -rule add ip filter output ip protocol 6 tcp dport 22 counter +add rule ip filter output ip protocol 6 tcp dport 22 counter diff --git a/tests/family-ipv6 b/tests/family-ipv6 old mode 100755 new mode 100644 index 7cf54d6f..1ddb53e5 --- a/tests/family-ipv6 +++ b/tests/family-ipv6 @@ -1,10 +1,10 @@ #! nft -f -table add ip6 filter -chain add ip6 filter output NF_INET_LOCAL_OUT 0 +add table ip6 filter +add chain ip6 filter output NF_INET_LOCAL_OUT 0 # IP address -rule add ip6 filter output ip6 daddr 2001:6f8:974::1 counter +add rule ip6 filter output ip6 daddr 2001:6f8:974::1 counter # TCP ports -rule add ip6 filter output ip6 nexthdr 6 tcp dport 22 counter +add rule ip6 filter output ip6 nexthdr 6 tcp dport 22 counter diff --git a/tests/feat-adjancent-load-merging b/tests/feat-adjancent-load-merging old mode 100755 new mode 100644 index 9c41f509..34234f1a --- a/tests/feat-adjancent-load-merging +++ b/tests/feat-adjancent-load-merging @@ -1,13 +1,13 @@ #! nft -f # adjacent payload expressions: 4 bytes in order -rule add filter output ip protocol 6 tcp sport 1024 tcp dport 22 counter +add rule filter output ip protocol 6 tcp sport 1024 tcp dport 22 counter # adjacent payload expressions: 8 bytes in order -rule add filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter +add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter # adjacent payload expressions: 8 bytes in order -rule add filter output tcp sequence 0 tcp sport 1024 tcp dport 22 +add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22 # adjacent payload expressions: 8 bytes in reverse order -rule add filter output tcp sport 1024 tcp dport 22 tcp sequence 0 +add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0 diff --git a/tests/obj-chain b/tests/obj-chain old mode 100755 new mode 100644 index 8422f3a3..53d78333 --- a/tests/obj-chain +++ b/tests/obj-chain @@ -1,22 +1,22 @@ #! nft -f -table add filter +add table filter # chains: add and delete chain -chain add filter testchain -chain delete filter testchain +add chain filter testchain +delete chain filter testchain # chains: add and delete base chain -chain add filter input NF_INET_LOCAL_OUT 0 -chain delete filter input NF_INET_LOCAL_OUT 0 +add chain filter input NF_INET_LOCAL_OUT 0 +delete chain filter input NF_INET_LOCAL_OUT 0 # chains: can not delete chain while referenced -chain add filter testchain -chain add filter testchain2 +add chain filter testchain +add chain filter testchain2 -rule add filter testchain handle 1 jump testchain2 -chain delete filter testchain2 +add rule filter testchain handle 1 jump testchain2 +delete chain filter testchain2 rule delete filter testchain handle 1 -chain delete filter testchain2 -chain delete filter testchain +delete chain filter testchain2 +delete chain filter testchain diff --git a/tests/obj-table b/tests/obj-table old mode 100755 new mode 100644 index 3c3e222a..548c26fa --- a/tests/obj-table +++ b/tests/obj-table @@ -1,11 +1,11 @@ #! nft -f # table: add and delete table -table add filter +add table filter table delete filter # table: deleting table with chain must fail # FIXME: not implemented -# table add filter -# chain add filter output +# add table filter +# add chain filter output # table delete filter diff --git a/tests/payload-ll b/tests/payload-ll old mode 100755 new mode 100644 index 8d2480ac..feaf5874 --- a/tests/payload-ll +++ b/tests/payload-ll @@ -1,15 +1,15 @@ #! nft -f -table add ip filter -chain add ip filter input NF_INET_LOCAL_IN 0 +add table ip filter +add chain ip filter input NF_INET_LOCAL_IN 0 # mac source -rule add ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter +add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter # mac dest -rule add ip filter input @ll,0,48 00:1b:21:02:6f:ad counter +add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad counter # mac source and mac dest -rule add ip filter input @ll,0,48 00:1b:21:02:6f:ad \ +add rule ip filter input @ll,0,48 00:1b:21:02:6f:ad \ @ll,48,48 00:15:e9:f0:10:f8 \ counter diff --git a/tests/prefix b/tests/prefix old mode 100755 new mode 100644 index 139f13cc..bada8503 --- a/tests/prefix +++ b/tests/prefix @@ -1,5 +1,5 @@ -rule add filter OUTPUT meta mark 123/0x000000ff -rule add filter OUTPUT ip daddr 192.168.0.0/24 -rule add filter OUTPUT ip daddr 192.168.0.0/255.255.255.0 -rule add filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24 -rule add filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24} +add rule filter OUTPUT meta mark 123/0x000000ff +add rule filter OUTPUT ip daddr 192.168.0.0/24 +add rule filter OUTPUT ip daddr 192.168.0.0/255.255.255.0 +add rule filter OUTPUT ip saddr . ip daddr 192.168.0.0/24 . 192.168.0.0/24 +add rule filter OUTPUT ip daddr { 192.168.0.0/24, 192.168.1.0/24} diff --git a/tests/set b/tests/set old mode 100755 new mode 100644 index 17fb2183..b3e7ad65 --- a/tests/set +++ b/tests/set @@ -1,14 +1,14 @@ #! nft -f -table add filter -chain add filter output NF_INET_LOCAL_OUT 0 +add table filter +add chain filter output NF_INET_LOCAL_OUT 0 # set: IP addresses -rule add filter output ip daddr { \ +add rule filter output ip daddr { \ 192.168.0.1, \ 192.168.0.2, \ 192.168.0.3, \ } # set: tcp ports -rule add filter output ip protocol 6 tcp dport { 22, 23 } counter +add rule filter output ip protocol 6 tcp dport { 22, 23 } counter diff --git a/tests/stmt-log b/tests/stmt-log old mode 100755 new mode 100644 index c2d0f868..21537721 --- a/tests/stmt-log +++ b/tests/stmt-log @@ -1,6 +1,6 @@ #! nft -f -table add ip filter -chain add ip filter output NF_INET_LOCAL_OUT 0 +add table ip filter +add chain ip filter output NF_INET_LOCAL_OUT 0 -rule add ip filter output log saddr "prefix" group 0 counter +add rule ip filter output log saddr "prefix" group 0 counter -- cgit v1.2.3