From 901349884473fb7c2e261b555e3f347cd2419ece Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Wed, 11 May 2016 13:30:08 +0200
Subject: tests/shell: add testcase for 'nft -f' load with actions

Let's tests loading a ruleset with actions.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/nft-f/0006action_object_0 | 68 +++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100755 tests/shell/testcases/nft-f/0006action_object_0

(limited to 'tests')

diff --git a/tests/shell/testcases/nft-f/0006action_object_0 b/tests/shell/testcases/nft-f/0006action_object_0
new file mode 100755
index 00000000..f4ec41d5
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0006action_object_0
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# test loading a ruleset with the 'action object' pattern
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+	echo "Failed to create tmp file" >&2
+	exit 0
+fi
+
+trap "rm -f $tmpfile" EXIT # cleanup if aborted
+
+set -e
+
+FAMILIES="ip ip6 inet arp bridge"
+
+generate1()
+{
+	local family=$1
+	echo "
+	add table $family t
+	add chain $family t c
+	add rule $family t c accept
+	add set $family t s {type inet_service;}
+	add element $family t s {8080}
+	insert rule $family t c meta l4proto tcp tcp dport @s accept
+	replace rule $family t c handle 2 meta l4proto tcp tcp dport {9090}
+	add map $family t m {type inet_service:verdict;}
+	add element $family t m {10080:drop}
+	insert rule $family t c meta l4proto tcp tcp dport vmap @m
+	add rule $family t c meta l4proto udp udp sport vmap {1111:accept}
+	" >> $tmpfile
+}
+
+generate2()
+{
+	local family=$1
+	echo "
+	flush chain $family t c
+	delete element $family t m {10080:drop}
+	delete element $family t s {8080}
+	delete chain $family t c
+	delete table $family t
+	" >> $tmpfile
+}
+
+for family in $FAMILIES ; do
+	generate1 $family
+done
+
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+	echo "E: unable to load ruleset 1" >&2
+	exit 1
+fi
+
+echo "" > $tmpfile
+for family in $FAMILIES ; do
+	generate2 $family
+done
+
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+	echo "E: unable to load ruleset 2" >&2
+	exit 1
+fi
+
+exit 0
-- 
cgit v1.2.3