From 624b034b83a66ec2263314db9dc62ac06b1ae7e7 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 8 Feb 2024 14:30:17 +0100 Subject: tests: shell: Pretty-print all *.json-nft dumps The problem with single line output as produced by 'nft -j list ruleset' is its incompatibility to unified diff format as any change in this single line will produce a diff which contains the old and new lines in total. This is not just unreadable but will blow up patches which may exceed mailinglists' mail size limits. Convert them all at once by feeding their contents to tests/shell/helpers/json-pretty.sh. Signed-off-by: Phil Sutter --- .../optimizations/dumps/merge_reject.json-nft | 321 ++++++++++++++++++++- 1 file changed, 320 insertions(+), 1 deletion(-) (limited to 'tests/shell/testcases/optimizations/dumps/merge_reject.json-nft') diff --git a/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft b/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft index 07169297..46ed0677 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft +++ b/tests/shell/testcases/optimizations/dumps/merge_reject.json-nft @@ -1 +1,320 @@ -{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 0}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": "172.30.33.70"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 3306}}, {"counter": {"packets": 0, "bytes": 0}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"concat": [{"meta": {"key": "l4proto"}}, {"payload": {"protocol": "ip", "field": "daddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": {"set": [{"concat": ["tcp", "172.30.238.117", 8080]}, {"concat": ["tcp", "172.30.33.71", 3306]}, {"concat": ["tcp", "172.30.254.251", 3306]}]}}}, {"counter": {"packets": 0, "bytes": 0}}, {"reject": {"type": "icmp", "expr": "port-unreachable"}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": "172.30.254.252"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 3306}}, {"counter": {"packets": 0, "bytes": 0}}, {"reject": {"type": "tcp reset"}}]}}, {"table": {"family": "ip6", "name": "x", "handle": 0}}, {"chain": {"family": "ip6", "table": "x", "name": "y", "handle": 0}}, {"rule": {"family": "ip6", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"concat": [{"meta": {"key": "l4proto"}}, {"payload": {"protocol": "ip6", "field": "daddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": {"set": [{"concat": ["tcp", "aaaa::3", 8080]}, {"concat": ["tcp", "aaaa::2", 3306]}, {"concat": ["tcp", "aaaa::4", 3306]}]}}}, {"counter": {"packets": 0, "bytes": 0}}, {"reject": {"type": "icmpv6", "expr": "port-unreachable"}}]}}, {"rule": {"family": "ip6", "table": "x", "chain": "y", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "right": "aaaa::5"}}, {"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 3306}}, {"counter": {"packets": 0, "bytes": 0}}, {"reject": {"type": "tcp reset"}}]}}]} +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "172.30.33.70" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 3306 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "meta": { + "key": "l4proto" + } + }, + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "tcp", + "172.30.238.117", + 8080 + ] + }, + { + "concat": [ + "tcp", + "172.30.33.71", + 3306 + ] + }, + { + "concat": [ + "tcp", + "172.30.254.251", + 3306 + ] + } + ] + } + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "icmp", + "expr": "port-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "172.30.254.252" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 3306 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "tcp reset" + } + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "y", + "handle": 0 + } + }, + { + "rule": { + "family": "ip6", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "meta": { + "key": "l4proto" + } + }, + { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "tcp", + "aaaa::3", + 8080 + ] + }, + { + "concat": [ + "tcp", + "aaaa::2", + 3306 + ] + }, + { + "concat": [ + "tcp", + "aaaa::4", + 3306 + ] + } + ] + } + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "icmpv6", + "expr": "port-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "x", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": "aaaa::5" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "right": 3306 + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "reject": { + "type": "tcp reset" + } + } + ] + } + } + ] +} -- cgit v1.2.3