From 7d93e2c2fbc77f05fd7acb63a2acf9874c9ad58f Mon Sep 17 00:00:00 2001 From: Laura Garcia Liebana Date: Wed, 7 Mar 2018 22:51:10 +0100 Subject: tests: shell: autogenerate dump verification Complete the automated shell tests with the verification of the test file dump, only for positive tests and if the test execution was successful. It's able to generate the dump file with the -g option. Example: # ./run-tests.sh -g testcases/chains/0001jumps_0 The dump files are generated in the same path in the folder named dumps/ with .nft extension. It has been avoided the dump verification code in every test file. Signed-off-by: Laura Garcia Liebana Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/nft-f/0002rollback_rule_0 | 10 ---------- tests/shell/testcases/nft-f/0003rollback_jump_0 | 10 ---------- tests/shell/testcases/nft-f/0004rollback_set_0 | 10 ---------- tests/shell/testcases/nft-f/0005rollback_map_0 | 10 ---------- tests/shell/testcases/nft-f/0008split_tables_0 | 19 ------------------- .../testcases/nft-f/dumps/0002rollback_rule_0.nft | 16 ++++++++++++++++ .../testcases/nft-f/dumps/0003rollback_jump_0.nft | 16 ++++++++++++++++ .../testcases/nft-f/dumps/0004rollback_set_0.nft | 16 ++++++++++++++++ .../testcases/nft-f/dumps/0005rollback_map_0.nft | 16 ++++++++++++++++ .../testcases/nft-f/dumps/0008split_tables_0.nft | 10 ++++++++++ tests/shell/testcases/nft-f/dumps/0009variable_0.nft | 7 +++++++ tests/shell/testcases/nft-f/dumps/0010variable_0.nft | 6 ++++++ .../testcases/nft-f/dumps/0012different_defines_0.nft | 16 ++++++++++++++++ 13 files changed, 103 insertions(+), 59 deletions(-) create mode 100644 tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0009variable_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0010variable_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft (limited to 'tests/shell/testcases/nft-f') diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0 index ddeb5423..19690544 100755 --- a/tests/shell/testcases/nft-f/0002rollback_rule_0 +++ b/tests/shell/testcases/nft-f/0002rollback_rule_0 @@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0 index 6c43df9d..f53fd238 100755 --- a/tests/shell/testcases/nft-f/0003rollback_jump_0 +++ b/tests/shell/testcases/nft-f/0003rollback_jump_0 @@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0 index 1dea85ec..7674106f 100755 --- a/tests/shell/testcases/nft-f/0004rollback_set_0 +++ b/tests/shell/testcases/nft-f/0004rollback_set_0 @@ -48,13 +48,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0 index 777cc717..ba1fcc59 100755 --- a/tests/shell/testcases/nft-f/0005rollback_map_0 +++ b/tests/shell/testcases/nft-f/0005rollback_map_0 @@ -51,13 +51,3 @@ if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi - -KERNEL_RULESET="$($NFT list ruleset -nn)" - -if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET") - exit 1 -fi - -exit 0 diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0 index dd03545b..b244d14e 100755 --- a/tests/shell/testcases/nft-f/0008split_tables_0 +++ b/tests/shell/testcases/nft-f/0008split_tables_0 @@ -29,22 +29,3 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi - -EXPECTED="table inet filter { - chain ssh { - type filter hook input priority 0; policy accept; - tcp dport ssh accept - } - - chain input { - type filter hook input priority 1; policy accept; - } -}" - -GET="$($NFT list ruleset)" - -if [ "$EXPECTED" != "$GET" ] ; then - DIFF="$(which diff)" - [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 -fi diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft new file mode 100644 index 00000000..f6f26158 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft @@ -0,0 +1,16 @@ +table ip t { + set t { + type ipv4_addr + elements = { 1.1.1.1 } + } + + chain c { + ct state new + tcp dport { 22222 } + ip saddr @t drop + jump other + } + + chain other { + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft new file mode 100644 index 00000000..1211411f --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft @@ -0,0 +1,10 @@ +table inet filter { + chain ssh { + type filter hook input priority 0; policy accept; + tcp dport ssh accept + } + + chain input { + type filter hook input priority 1; policy accept; + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft new file mode 100644 index 00000000..a793751b --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft @@ -0,0 +1,7 @@ +table inet forward { + set concat-set-variable { + type ipv4_addr . inet_service + elements = { 10.10.10.10 . smtp, + 10.10.10.10 . imap2 } + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft new file mode 100644 index 00000000..1f3d05e8 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft @@ -0,0 +1,6 @@ +table inet filter { + set whitelist_v4 { + type ipv4_addr + elements = { 1.1.1.1 } + } +} diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft new file mode 100644 index 00000000..e9eef4b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft @@ -0,0 +1,16 @@ +table inet t { + chain c { + iifname "whatever" oifname "whatever" iif "lo" oif "lo" + iifname { "whatever" } iif { "lo" } mark 0x0000007b + ct state established,related,new + ct state != established | related | new + ip saddr 10.0.0.0 ip saddr 10.0.0.0 ip daddr 10.0.0.2 + ip6 daddr fe0::1 ip6 saddr fe0::2 + ip saddr vmap { 10.0.0.0 : drop, 10.0.0.2 : accept } + ip6 daddr vmap { fe0::1 : drop, fe0::2 : accept } + ip6 saddr . ip6 nexthdr { fe0::1 . udp, fe0::2 . tcp } + ip daddr . iif vmap { 10.0.0.0 . "lo" : accept } + tcp dport 100-222 + udp dport vmap { 100-222 : accept } + } +} -- cgit v1.2.3