Patchwork [libnftables] test: xml: fix malformed ruleset testfile

login
register
mail settings
Submitter Arturo Borrero
Date Oct. 24, 2013, 3 p.m.
Message ID <20131024150058.21634.49651.stgit@nfdev.cica.es>
Download mbox | patch
Permalink /patch/285934/
State Accepted
Delegated to: Jozsef Kadlecsik
Headers show

Comments

Arturo Borrero - Oct. 24, 2013, 3 p.m.
Give a new XML ruleset testfile. For some reason, the previous was truncated.
This passed silently as nft-parsing-test is not reporting some errors properly.

This new file provides:
 * 2 tables
 * 3 chains
 * 2 sets, with and without maps
 * 3 rules with mixed exprs

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 tests/xmlfiles/75-ruleset.xml |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 e><name>map0</name><flags>11</flags><key_type>12</key_type><key_len>2</key_len><data_type>4294967040</data_type><data_len>16</data_len><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00005000</data0></data_reg></key><data><data_reg type="verdict"><verdict>drop</verdict></data_reg></data></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00001600</data0></data_reg></key><data><data_reg type="verdict"><verdict>accept</verdict></data_reg></data></set_elem></set><rule><family>ip</family><table>filter</table><chain>input</chain><handle>8</handle><flags>0</flags><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><immediatedata><data_reg type="verdict"><verdict>accept</verdict></data_reg></immediatedata></expr></rule><rule><family>ip</family><table>filter</table><chain>output</chain><handle>9</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</l
 en><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>map0</set><sreg>1</sreg><dreg>0</dreg></expr></rule><rule><family>ip6</family><table>filter</table><chain>forward</chain><handle>2</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>6</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000011</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>set0</set><sreg>1</sreg><dreg>0</dreg></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><immediatedata><data_reg type="verdict"><verdict>accept<
 /verdict></data_reg></immediatedata></expr></rule></nftables>

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - Oct. 27, 2013, 8:01 p.m.
On Thu, Oct 24, 2013 at 05:00:58PM +0200, Arturo Borrero Gonzalez wrote:
> Give a new XML ruleset testfile. For some reason, the previous was truncated.
> This passed silently as nft-parsing-test is not reporting some errors properly.
> 
> This new file provides:
>  * 2 tables
>  * 3 chains
>  * 2 sets, with and without maps
>  * 3 rules with mixed exprs

Applied, thanks Arturo.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Arturo Borrero - Oct. 28, 2013, 8:28 a.m.
On 27 October 2013 21:01, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Thu, Oct 24, 2013 at 05:00:58PM +0200, Arturo Borrero Gonzalez wrote:
>> Give a new XML ruleset testfile. For some reason, the previous was truncated.
>> This passed silently as nft-parsing-test is not reporting some errors properly.
>>
>> This new file provides:
>>  * 2 tables
>>  * 3 chains
>>  * 2 sets, with and without maps
>>  * 3 rules with mixed exprs
>
> Applied, thanks Arturo.

something went wrong again. The new testfile is also malformed...
Pablo Neira - Oct. 28, 2013, 8:58 a.m.
On Mon, Oct 28, 2013 at 09:28:22AM +0100, Arturo Borrero Gonzalez wrote:
> On 27 October 2013 21:01, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > On Thu, Oct 24, 2013 at 05:00:58PM +0200, Arturo Borrero Gonzalez wrote:
> >> Give a new XML ruleset testfile. For some reason, the previous was truncated.
> >> This passed silently as nft-parsing-test is not reporting some errors properly.
> >>
> >> This new file provides:
> >>  * 2 tables
> >>  * 3 chains
> >>  * 2 sets, with and without maps
> >>  * 3 rules with mixed exprs
> >
> > Applied, thanks Arturo.
> 
> something went wrong again. The new testfile is also malformed...

Indeed, it's been truncated, I got your patch from patchwork. It seems
it does like too long lines, check:

http://patchwork.ozlabs.org/patch/285934/

Please, send me a new patch, I'll apply directly from your email.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/tests/xmlfiles/75-ruleset.xml b/tests/xmlfiles/75-ruleset.xml
index 926c2be..5f673a6 100644
--- a/tests/xmlfiles/75-ruleset.xml
+++ b/tests/xmlfiles/75-ruleset.xml
@@ -1 +1 @@ 
-<nftables><table><name>filter</name><family>ip</family><flags>0</flags></table><table><name>filter2</name><family>ip</family><flags>0</flags></table><chain><name>input</name><handle>1</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><chain><name>output</name><handle>3</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><set><family>ip</family><table>filter</table><name>set0</name><flags>3</flags><key_type>12</key_type><key_len>2</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00001900</data0></data_reg></key></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00001600</data0></data_reg></key></set_elem></set><set><family>ip</family><table>filter</table><name>set1</name><flags>3</flags><key_type>12</key_type><key_len>2</key_len><data_type>0</data_type><data_len>0</data_len><set_el
+<nftables><table><name>filter</name><family>ip</family><flags>0</flags></table><table><name>filter</name><family>ip6</family><flags>0</flags></table><chain><name>input</name><handle>1</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><chain><name>output</name><handle>2</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><chain><name>forward</name><handle>1</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip6</family></chain><set><family>ip6</family><table>filter</table><name>set0</name><flags>3</flags><key_type>12</key_type><key_len>2</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00004300</data0></data_reg></key></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>2</len><data0>0x00003500</data0></data_reg></key></set_elem></set><set><family>ip</family><table>filter</tabl