From 3d24b16b9ac132d26869953f54ef7c69f1c1d58f Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 14 Nov 2023 17:08:28 +0100 Subject: tests/shell: add JSON dump files Generate and add ".json-nft" files. These files contain the output of `nft -j list ruleset` after the test. Also, "test-wrapper.sh" will compare the current ruleset against the ".json-nft" files and test them with "nft -j --check -f $FILE`. These are useful extra tests, that we almost get for free. Note that for some JSON dumps, `nft -f --check` fails (or prints something). For those tests no *.json-nft file is added. The bugs needs to be fixed first. An example of such an issue is: $ DUMPGEN=all ./tests/shell/run-tests.sh tests/shell/testcases/maps/nat_addr_port which gives a file "rc-failed-chkdump" with Command `./tests/shell/../../src/nft -j --check -f "tests/shell/testcases/maps/dumps/nat_addr_port.json-nft"` failed >>>> internal:0:0-0: Error: Invalid map type 'ipv4_addr . inet_service'. internal:0:0-0: Error: Parsing command array at index 3 failed. internal:0:0-0: Error: unqualified type integer specified in map definition. Try "typeof expression" instead of "type datatype". <<<< Tests like "tests/shell/testcases/nft-f/0012different_defines_0" and "tests/shell/testcases/nft-f/0024priority_0" also don't get a .json-nft dump yet, because their output is not stable. That needs fixing too. Cc: Pablo Neira Ayuso Cc: Florian Westphal Signed-off-by: Thomas Haller Signed-off-by: Florian Westphal --- tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft | 1 + tests/shell/testcases/cache/dumps/0002_interval_0.json-nft | 1 + tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft | 1 + tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft | 1 + tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft | 1 + tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft | 1 + tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft | 1 + tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft | 1 + .../testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft | 1 + tests/shell/testcases/cache/dumps/0011_index_0.json-nft | 1 + 10 files changed, 10 insertions(+) create mode 100644 tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0002_interval_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft create mode 100644 tests/shell/testcases/cache/dumps/0011_index_0.json-nft (limited to 'tests/shell/testcases/cache/dumps') diff --git a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft new file mode 100644 index 00000000..d4223d90 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "test", "handle": 2}}, {"set": {"family": "inet", "name": "test", "table": "test", "type": "ipv4_addr", "handle": 6, "elem": ["1.1.1.1", "3.3.3.3"]}}, {"chain": {"family": "inet", "table": "test", "name": "test", "handle": 1}}, {"rule": {"family": "inet", "table": "test", "chain": "test", "handle": 5, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": {"set": ["2.2.2.2", "4.4.4.4"]}}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "test", "chain": "test", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@test"}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "test", "chain": "test", "handle": 9, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": {"set": ["2.2.2.2", "4.4.4.4"]}}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0002_interval_0.json-nft b/tests/shell/testcases/cache/dumps/0002_interval_0.json-nft new file mode 100644 index 00000000..2292ef10 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0002_interval_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "t", "handle": 2}}, {"set": {"family": "inet", "name": "s", "table": "t", "type": "ipv4_addr", "handle": 1, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.0.0", "len": 24}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft b/tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft new file mode 100644 index 00000000..65dc93a8 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0003_cache_update_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 1}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1}}, {"table": {"family": "ip", "name": "t2", "handle": 2}}, {"chain": {"family": "ip", "table": "t2", "name": "c", "handle": 1}}, {"table": {"family": "ip", "name": "t3", "handle": 3}}, {"table": {"family": "ip", "name": "t4", "handle": 4}}, {"chain": {"family": "ip", "table": "t4", "name": "c", "handle": 1}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 2, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": "icmp"}}, {"accept": null}]}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 3, "expr": [{"drop": null}]}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 4, "expr": [{"match": {"op": "==", "left": {"meta": {"key": "l4proto"}}, "right": "igmp"}}, {"accept": null}]}}, {"rule": {"family": "ip", "table": "t4", "chain": "c", "handle": 5, "expr": [{"drop": null}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft b/tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft new file mode 100644 index 00000000..eeece69c --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0004_cache_update_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "testfilter", "handle": 1}}, {"chain": {"family": "inet", "table": "testfilter", "name": "test", "handle": 1}}, {"rule": {"family": "inet", "table": "testfilter", "chain": "test", "handle": 2, "expr": [{"counter": {"packets": 0, "bytes": 0}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft b/tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft new file mode 100644 index 00000000..83fc56a5 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0005_cache_chain_flush.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"map": {"family": "ip", "name": "mapping", "table": "x", "type": "ipv4_addr", "handle": 3, "map": "inet_service", "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "z", "handle": 2}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 6, "expr": [{"map": {"op": "update", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": {"payload": {"protocol": "tcp", "field": "sport"}}, "map": "@mapping"}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft b/tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft new file mode 100644 index 00000000..83fc56a5 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0006_cache_table_flush.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"map": {"family": "ip", "name": "mapping", "table": "x", "type": "ipv4_addr", "handle": 3, "map": "inet_service", "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "z", "handle": 2}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 6, "expr": [{"map": {"op": "update", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "data": {"payload": {"protocol": "tcp", "field": "sport"}}, "map": "@mapping"}}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft b/tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft new file mode 100644 index 00000000..fe134236 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0007_echo_cache_init_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "t", "handle": 1}}, {"chain": {"family": "inet", "table": "t", "name": "c", "handle": 1}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 2, "comment": "first", "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 4, "comment": "second", "expr": [{"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 3, "comment": "third", "expr": [{"accept": null}]}}]} diff --git a/tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft b/tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft new file mode 100644 index 00000000..5f8cd066 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0008_delete_by_handle_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 2}}]} diff --git a/tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft b/tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0009_delete_by_handle_incorrect_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/cache/dumps/0011_index_0.json-nft b/tests/shell/testcases/cache/dumps/0011_index_0.json-nft new file mode 100644 index 00000000..0fed2a69 --- /dev/null +++ b/tests/shell/testcases/cache/dumps/0011_index_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "t", "handle": 1}}, {"chain": {"family": "inet", "table": "t", "name": "c", "handle": 1, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 2, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 1234}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 4, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 4321}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "t", "chain": "c", "handle": 3, "expr": [{"accept": null}]}}]} -- cgit v1.2.3