From 935f82e7dd4911fde6be9dae960fd1d438542a5d Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 19 Mar 2018 18:02:02 +0100 Subject: Support 'nft -f -' to read from stdin In libnftables, detect if given filename is '-' and treat it as the common way of requesting to read from stdin, then open /dev/stdin instead. (Calling 'nft -f /dev/stdin' worked before as well, but this makes it official.) With this in place and bash's support for here strings, review all tests in tests/shell for needless use of temp files. Note that two categories of test cases were intentionally left unchanged: - Tests creating potentially large rulesets to avoid running into shell parameter length limits. - Tests for 'include' directive for obvious reasons. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/sets/0001named_interval_0 | 14 +++----------- tests/shell/testcases/sets/0008create_verdict_map_0 | 14 +++----------- .../testcases/sets/0014malformed_set_is_not_defined_0 | 14 +++----------- tests/shell/testcases/sets/0015rulesetflush_0 | 16 ++++------------ tests/shell/testcases/sets/0021nesting_0 | 11 +---------- tests/shell/testcases/sets/0022type_selective_flush_0 | 17 ++++------------- tests/shell/testcases/sets/0024named_objects_0 | 14 +++----------- tests/shell/testcases/sets/0026named_limit_0 | 14 +++----------- tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 | 14 +++----------- tests/shell/testcases/sets/0029named_ifname_dtype_0 | 11 +---------- tests/shell/testcases/sets/0031set_timeout_size_0 | 14 +++----------- 11 files changed, 31 insertions(+), 122 deletions(-) (limited to 'tests/shell/testcases/sets') diff --git a/tests/shell/testcases/sets/0001named_interval_0 b/tests/shell/testcases/sets/0001named_interval_0 index 8d08b755..74098125 100755 --- a/tests/shell/testcases/sets/0001named_interval_0 +++ b/tests/shell/testcases/sets/0001named_interval_0 @@ -4,15 +4,7 @@ # * creating a valid interval set # * referencing it from a valid rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table inet t { set s1 { type ipv4_addr @@ -41,7 +33,7 @@ table inet t { ip6 nexthdr @s3 accept tcp dport @s4 accept } -}" > $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0008create_verdict_map_0 b/tests/shell/testcases/sets/0008create_verdict_map_0 index 8ebb4509..1188e977 100755 --- a/tests/shell/testcases/sets/0008create_verdict_map_0 +++ b/tests/shell/testcases/sets/0008create_verdict_map_0 @@ -1,14 +1,6 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table ip t { map sourcemap { type ipv4_addr : verdict; @@ -19,7 +11,7 @@ table ip t { } add chain t c add element t sourcemap { 100.123.10.2 : jump c } -" > $tmpfile +" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 index 5d1a2dab..61d6b49c 100755 --- a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 +++ b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 @@ -7,22 +7,14 @@ # In this case, nft should error out because the set doesn't exist instead of # segfaulting -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" add table t add chain t c add set t s {type ipv4_addr\;} add rule t c ip saddr @s -" >$tmpfile +" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET ret=$? trap - EXIT diff --git a/tests/shell/testcases/sets/0015rulesetflush_0 b/tests/shell/testcases/sets/0015rulesetflush_0 index 27242b36..3bfab97c 100755 --- a/tests/shell/testcases/sets/0015rulesetflush_0 +++ b/tests/shell/testcases/sets/0015rulesetflush_0 @@ -1,14 +1,6 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo "flush ruleset +RULESET="flush ruleset add table t add chain t c @@ -18,9 +10,9 @@ table inet filter { add element inet filter blacklist_v4 { 192.168.0.1/24, -}" >$tmpfile +}" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET # make sure flush ruleset works right -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0 index 4779f264..c0ac396f 100755 --- a/tests/shell/testcases/sets/0021nesting_0 +++ b/tests/shell/testcases/sets/0021nesting_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -#trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET=' define set1 = { 2.2.2.0/24, @@ -24,8 +16,7 @@ table ip x { } }' -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/sets/0022type_selective_flush_0 b/tests/shell/testcases/sets/0022type_selective_flush_0 index 659bf70c..0c39cbad 100755 --- a/tests/shell/testcases/sets/0022type_selective_flush_0 +++ b/tests/shell/testcases/sets/0022type_selective_flush_0 @@ -3,23 +3,15 @@ # This tests the selectiveness of flush command on structures that use the # generic set infrastructure (sets, maps and meters). -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" add table t add chain t c add set t s {type ipv4_addr;} add map t m {type ipv4_addr : inet_service;} add rule t c tcp dport 80 meter f {ip saddr limit rate 10/second} -" >$tmpfile +" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET # Commands that should be invalid @@ -31,8 +23,7 @@ declare -a cmds=( for i in "${cmds[@]}" do - echo "$i" >$tmpfile - $NFT -f $tmpfile &>/dev/null + $NFT "$i" &>/dev/null ret=$? if [ $ret -eq 0 ]; then diff --git a/tests/shell/testcases/sets/0024named_objects_0 b/tests/shell/testcases/sets/0024named_objects_0 index 19dd1cd5..772247e0 100755 --- a/tests/shell/testcases/sets/0024named_objects_0 +++ b/tests/shell/testcases/sets/0024named_objects_0 @@ -4,15 +4,7 @@ # * creating valid named objects # * referencing them from a valid rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table inet x { counter user123 { packets 12 bytes 1433 @@ -35,7 +27,7 @@ table inet x { counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"} quota name ip saddr map @test drop } -}" > $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0026named_limit_0 b/tests/shell/testcases/sets/0026named_limit_0 index 91553f34..23bc0b02 100755 --- a/tests/shell/testcases/sets/0026named_limit_0 +++ b/tests/shell/testcases/sets/0026named_limit_0 @@ -4,15 +4,7 @@ # * creating valid named limits # * referencing them from a valid rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table ip filter { limit http-traffic { rate 1/second @@ -21,7 +13,7 @@ table ip filter { type filter hook input priority 0; policy accept; limit name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"} } -}" > $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 b/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 index 7ac271a0..846e3226 100755 --- a/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 +++ b/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 @@ -4,15 +4,7 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table inet t { set s { type ipv6_addr @@ -20,6 +12,6 @@ table inet t { elements = { ::ffff:0.0.0.0/96 } } } -" > $tmpfile +" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0 index 92f4a4ad..532d8927 100755 --- a/tests/shell/testcases/sets/0029named_ifname_dtype_0 +++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0 @@ -2,14 +2,6 @@ # support for ifname in named sets -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - EXPECTED="table inet t { set s { type ifname @@ -23,5 +15,4 @@ EXPECTED="table inet t { }" set -e -echo "$EXPECTED" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/sets/0031set_timeout_size_0 b/tests/shell/testcases/sets/0031set_timeout_size_0 index 89af58f3..3d3f919a 100755 --- a/tests/shell/testcases/sets/0031set_timeout_size_0 +++ b/tests/shell/testcases/sets/0031set_timeout_size_0 @@ -1,15 +1,7 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo "add table x -add set x y { type ipv4_addr; size 128; timeout 30s; }" > $tmpfile +RULESET="add table x +add set x y { type ipv4_addr; size 128; timeout 30s; }" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET -- cgit v1.2.3