From 935f82e7dd4911fde6be9dae960fd1d438542a5d Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 19 Mar 2018 18:02:02 +0100 Subject: Support 'nft -f -' to read from stdin In libnftables, detect if given filename is '-' and treat it as the common way of requesting to read from stdin, then open /dev/stdin instead. (Calling 'nft -f /dev/stdin' worked before as well, but this makes it official.) With this in place and bash's support for here strings, review all tests in tests/shell for needless use of temp files. Note that two categories of test cases were intentionally left unchanged: - Tests creating potentially large rulesets to avoid running into shell parameter length limits. - Tests for 'include' directive for obvious reasons. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/transactions/0001table_0 | 11 +---------- tests/shell/testcases/transactions/0002table_0 | 11 +---------- tests/shell/testcases/transactions/0003table_0 | 11 +---------- tests/shell/testcases/transactions/0010chain_0 | 11 +---------- tests/shell/testcases/transactions/0011chain_0 | 11 +---------- tests/shell/testcases/transactions/0012chain_0 | 11 +---------- tests/shell/testcases/transactions/0013chain_0 | 11 +---------- tests/shell/testcases/transactions/0014chain_1 | 11 +---------- tests/shell/testcases/transactions/0020rule_0 | 11 +---------- tests/shell/testcases/transactions/0021rule_0 | 11 +---------- tests/shell/testcases/transactions/0022rule_1 | 11 +---------- tests/shell/testcases/transactions/0023rule_1 | 11 +---------- tests/shell/testcases/transactions/0030set_0 | 11 +---------- tests/shell/testcases/transactions/0031set_0 | 11 +---------- tests/shell/testcases/transactions/0032set_0 | 11 +---------- tests/shell/testcases/transactions/0033set_0 | 11 +---------- tests/shell/testcases/transactions/0034set_0 | 11 +---------- tests/shell/testcases/transactions/0035set_0 | 11 +---------- tests/shell/testcases/transactions/0036set_1 | 11 +---------- tests/shell/testcases/transactions/0037set_0 | 11 +---------- tests/shell/testcases/transactions/0038set_0 | 11 +---------- tests/shell/testcases/transactions/0039set_0 | 11 +---------- tests/shell/testcases/transactions/0040set_0 | 14 ++------------ 23 files changed, 24 insertions(+), 232 deletions(-) (limited to 'tests/shell/testcases/transactions') diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0 index 83f9fd0d..1a8ecb86 100755 --- a/tests/shell/testcases/transactions/0001table_0 +++ b/tests/shell/testcases/transactions/0001table_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x delete table x add table x add table y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0 index dbd2f4ab..290ea436 100755 --- a/tests/shell/testcases/transactions/0002table_0 +++ b/tests/shell/testcases/transactions/0002table_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x delete table x add table x add table x { flags dormant; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0 index 004ce513..c5a87d3f 100755 --- a/tests/shell/testcases/transactions/0003table_0 +++ b/tests/shell/testcases/transactions/0003table_0 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add table y flush ruleset" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0 index d1918680..39a5fe9e 100755 --- a/tests/shell/testcases/transactions/0010chain_0 +++ b/tests/shell/testcases/transactions/0010chain_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y flush ruleset add table w add chain w y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0 index aac33d56..7dca1287 100755 --- a/tests/shell/testcases/transactions/0011chain_0 +++ b/tests/shell/testcases/transactions/0011chain_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y add chain x y { type filter hook input priority 0; } add chain x y { policy drop; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0 index c3bfe130..7ebfad42 100755 --- a/tests/shell/testcases/transactions/0012chain_0 +++ b/tests/shell/testcases/transactions/0012chain_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y flush ruleset @@ -20,8 +12,7 @@ flush ruleset add table w add chain w y { type filter hook output priority 0; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0 index 67c31c8a..383e8347 100755 --- a/tests/shell/testcases/transactions/0013chain_0 +++ b/tests/shell/testcases/transactions/0013chain_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y @@ -21,8 +13,7 @@ flush ruleset add table w add chain w y { type filter hook output priority 0; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0014chain_1 b/tests/shell/testcases/transactions/0014chain_1 index 955860d0..40cea8b2 100755 --- a/tests/shell/testcases/transactions/0014chain_1 +++ b/tests/shell/testcases/transactions/0014chain_1 @@ -2,19 +2,10 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y delete chain x y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing double-removal of chain" >&2 diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0 index e38634d3..b8e4cff5 100755 --- a/tests/shell/testcases/transactions/0020rule_0 +++ b/tests/shell/testcases/transactions/0020rule_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y ip saddr 1.1.1.1 counter flush ruleset" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0 index 284a9e71..f5f6eb8b 100755 --- a/tests/shell/testcases/transactions/0021rule_0 +++ b/tests/shell/testcases/transactions/0021rule_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y ip saddr 1.1.1.1 counter @@ -18,8 +10,7 @@ add table x add chain x y add rule x y ip saddr 2.2.2.2 counter" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0022rule_1 b/tests/shell/testcases/transactions/0022rule_1 index 5b937acd..83c72af1 100755 --- a/tests/shell/testcases/transactions/0022rule_1 +++ b/tests/shell/testcases/transactions/0022rule_1 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y add rule x y jump y" -echo "$RULESET" > $tmpfile # kernel must return ENOENT -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing jump loop to unexisting chain" diff --git a/tests/shell/testcases/transactions/0023rule_1 b/tests/shell/testcases/transactions/0023rule_1 index 4c4e24cd..b43a0cce 100755 --- a/tests/shell/testcases/transactions/0023rule_1 +++ b/tests/shell/testcases/transactions/0023rule_1 @@ -2,19 +2,10 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y jump y" -echo "$RULESET" > $tmpfile # kernel must return ELOOP -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing jump to chain loop" diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0 index ad08b7e5..464bc2b3 100755 --- a/tests/shell/testcases/transactions/0030set_0 +++ b/tests/shell/testcases/transactions/0030set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } flush ruleset add table x" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0 index 6c5757cc..0bab4993 100755 --- a/tests/shell/testcases/transactions/0031set_0 +++ b/tests/shell/testcases/transactions/0031set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } delete set x y add set x y { type ipv4_addr; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0 index 1b41cf09..126f37e5 100755 --- a/tests/shell/testcases/transactions/0032set_0 +++ b/tests/shell/testcases/transactions/0032set_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } flush ruleset add table w add set w y { type ipv4_addr; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0 index 19543b3c..f7a31e8c 100755 --- a/tests/shell/testcases/transactions/0033set_0 +++ b/tests/shell/testcases/transactions/0033set_0 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } delete set x y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0 index 4cddb94d..88261032 100755 --- a/tests/shell/testcases/transactions/0034set_0 +++ b/tests/shell/testcases/transactions/0034set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0 index 9b20746b..d442b68e 100755 --- a/tests/shell/testcases/transactions/0035set_0 +++ b/tests/shell/testcases/transactions/0035set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } @@ -17,8 +9,7 @@ delete element x y { 1.1.1.1 } delete element x y { 2.2.2.2 } add element x y { 3.3.3.3 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0036set_1 b/tests/shell/testcases/transactions/0036set_1 index 46f94573..a0deb7a0 100755 --- a/tests/shell/testcases/transactions/0036set_1 +++ b/tests/shell/testcases/transactions/0036set_1 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } delete element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2> /dev/null +$NFT -f - <<< $RULESET 2> /dev/null # Kernel must return ENOENT echo "E: allowing double-removal of element" diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0 index 75b1d453..4aef63f1 100755 --- a/tests/shell/testcases/transactions/0037set_0 +++ b/tests/shell/testcases/transactions/0037set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 1.1.1.0/24 } delete element x y { 1.1.1.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0 index 3120e916..fc9f1ca4 100755 --- a/tests/shell/testcases/transactions/0038set_0 +++ b/tests/shell/testcases/transactions/0038set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 192.168.0.0/24, 192.168.2.0/24 } @@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 } delete element x y { 192.168.2.0/24 } add element x y { 192.168.4.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0 index 3120e916..fc9f1ca4 100755 --- a/tests/shell/testcases/transactions/0039set_0 +++ b/tests/shell/testcases/transactions/0039set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 192.168.0.0/24, 192.168.2.0/24 } @@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 } delete element x y { 192.168.2.0/24 } add element x y { 192.168.4.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0 index 0ffc4416..7386ecfb 100755 --- a/tests/shell/testcases/transactions/0040set_0 +++ b/tests/shell/testcases/transactions/0040set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table ip filter { map client_to_any { type ipv4_addr : verdict @@ -28,8 +20,7 @@ RULESET="table ip filter { chain CIn_1 { } }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 @@ -45,8 +36,7 @@ fi RULESET="delete element ip filter client_to_any { 1.2.3.4 : goto CIn_1 } delete chain ip filter CIn_1" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 -- cgit v1.2.3