From 1b25bfa4b2f6b14dbee569ff467ea4d495abcc81 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 22 Jun 2016 13:18:56 +0200 Subject: tests: shell: cover transactions via nft -f using flat syntax This patch covers transactions using the flat syntax representation, eg. add table x add chain x y { type filter hook forward priority 0; } add chain x y { policy drop; } This also covers things like: add element x whitelist { 1.1.1.1 } delete element x whitelist { 1.1.1.1 } The one above may look silly from a human behaviour point of view, but silly robots may very well behave like this. These tests require several kernel patches though in order to pass successfully. Signed-off-by: Pablo Neira Ayuso Acked-by: Arturo Borrero Gonzalez --- tests/shell/testcases/transactions/0011chain_0 | 38 ++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100755 tests/shell/testcases/transactions/0011chain_0 (limited to 'tests/shell/testcases/transactions/0011chain_0') diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0 new file mode 100755 index 00000000..71afa6ed --- /dev/null +++ b/tests/shell/testcases/transactions/0011chain_0 @@ -0,0 +1,38 @@ +#!/bin/bash + +set -e + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +RULESET="add table x +add chain x y +delete chain x y +add chain x y { type filter hook input priority 0; } +add chain x y { policy drop; }" + +echo "$RULESET" > $tmpfile +$NFT -f $tmpfile +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi + +EXPECTED="table ip x { + chain y { + type filter hook input priority 0; policy drop; + } +}" + +GET="$($NFT list ruleset)" + +if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 +fi -- cgit v1.2.3