From patchwork Mon Apr 25 10:20:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arturo Borrero X-Patchwork-Id: 614348 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3qtj1y1YfHz9t5q for ; Mon, 25 Apr 2016 20:21:42 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754397AbcDYKVi (ORCPT ); Mon, 25 Apr 2016 06:21:38 -0400 Received: from smtp3.cica.es ([150.214.5.190]:52582 "EHLO smtp.cica.es" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754153AbcDYKVg (ORCPT ); Mon, 25 Apr 2016 06:21:36 -0400 Received: from localhost (unknown [127.0.0.1]) by smtp.cica.es (Postfix) with ESMTP id 0427F51F258; Mon, 25 Apr 2016 10:21:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at cica.es Received: from smtp.cica.es ([127.0.0.1]) by localhost (mail.cica.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzeDg5-HmdSx; Mon, 25 Apr 2016 12:20:58 +0200 (CEST) Received: from nfdev2.cica.es (nfdev2.cica.es [IPv6:2a00:9ac0:c1ca:31::221]) by smtp.cica.es (Postfix) with ESMTP id 4813151F259; Mon, 25 Apr 2016 12:20:58 +0200 (CEST) Subject: [nft PATCH] tests: shell: add testcases for named sets with intervals From: Arturo Borrero Gonzalez To: netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org Date: Mon, 25 Apr 2016 12:20:57 +0200 Message-ID: <146157965718.18051.10385957941244104731.stgit@nfdev2.cica.es> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Let's add some testcases for named sets with intervals and ranges. Signed-off-by: Arturo Borrero Gonzalez --- tests/shell/testcases/sets/0001named_interval_0 | 47 ++++++++++++++++++++ .../sets/0002named_interval_automerging_0 | 12 +++++ .../sets/0003named_interval_missing_flag_0 | 12 +++++ .../testcases/sets/0004named_interval_shadow_0 | 13 ++++++ .../testcases/sets/0005named_interval_shadow_0 | 13 ++++++ 5 files changed, 97 insertions(+) create mode 100755 tests/shell/testcases/sets/0001named_interval_0 create mode 100755 tests/shell/testcases/sets/0002named_interval_automerging_0 create mode 100755 tests/shell/testcases/sets/0003named_interval_missing_flag_0 create mode 100755 tests/shell/testcases/sets/0004named_interval_shadow_0 create mode 100755 tests/shell/testcases/sets/0005named_interval_shadow_0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/tests/shell/testcases/sets/0001named_interval_0 b/tests/shell/testcases/sets/0001named_interval_0 new file mode 100755 index 0000000..8d08b75 --- /dev/null +++ b/tests/shell/testcases/sets/0001named_interval_0 @@ -0,0 +1,47 @@ +#!/bin/bash + +# This is the most basic testscase: +# * creating a valid interval set +# * referencing it from a valid rule + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +echo " +table inet t { + set s1 { + type ipv4_addr + flags interval + elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 } + } + set s2 { + type ipv6_addr + flags interval + elements = { fe00::/64, fe11::-fe22::} + } + set s3 { + type inet_proto + flags interval + elements = { 10-20, 50-60} + } + set s4 { + type inet_service + flags interval + elements = {8080-8082, 0-1024, 10000-40000} + } + chain c { + ip saddr @s1 accept + ip6 daddr @s2 accept + ip protocol @s3 accept + ip6 nexthdr @s3 accept + tcp dport @s4 accept + } +}" > $tmpfile + +set -e +$NFT -f $tmpfile diff --git a/tests/shell/testcases/sets/0002named_interval_automerging_0 b/tests/shell/testcases/sets/0002named_interval_automerging_0 new file mode 100755 index 0000000..b07e0b0 --- /dev/null +++ b/tests/shell/testcases/sets/0002named_interval_automerging_0 @@ -0,0 +1,12 @@ +#!/bin/bash + +# This testscase checks the automerging of adjacent intervals + +set -e + +$NFT add table t +$NFT add set t s { type ipv4_addr \; flags interval \; } +$NFT add element t s { 192.168.0.0/24, 192.168.1.0/24 } +$NFT list ruleset | grep "192.168.0.0/23" >/dev/null && exit 0 +echo "E: automerging of adjavect intervals failed in named set" >&2 +exit 1 diff --git a/tests/shell/testcases/sets/0003named_interval_missing_flag_0 b/tests/shell/testcases/sets/0003named_interval_missing_flag_0 new file mode 100755 index 0000000..e0b7f74 --- /dev/null +++ b/tests/shell/testcases/sets/0003named_interval_missing_flag_0 @@ -0,0 +1,12 @@ +#!/bin/bash + +# This testscase checks the nft checking of flags in named intervals + +set -e +$NFT add table t +$NFT add set t s { type ipv4_addr \; } +if $NFT add element t s { 192.168.0.0/24, 192.168.1.0/24 } 2>/dev/null ; then + echo "E: accepted interval in named set without proper flags" >&2 + exit 1 +fi +exit 0 diff --git a/tests/shell/testcases/sets/0004named_interval_shadow_0 b/tests/shell/testcases/sets/0004named_interval_shadow_0 new file mode 100755 index 0000000..827423d --- /dev/null +++ b/tests/shell/testcases/sets/0004named_interval_shadow_0 @@ -0,0 +1,13 @@ +#!/bin/bash + +# This testscase checks the nft checking of shadowed elements + +set -e +$NFT add table inet t +$NFT add set inet t s { type ipv6_addr \; flags interval \; } +$NFT add element inet t s { fe00::/64 } +if $NFT add element inet t s { fe00::/48 } 2>/dev/null ; then + echo "E: accepted shadowed element in named set" >&2 + exit 1 +fi +exit 0 diff --git a/tests/shell/testcases/sets/0005named_interval_shadow_0 b/tests/shell/testcases/sets/0005named_interval_shadow_0 new file mode 100755 index 0000000..14fcbdc --- /dev/null +++ b/tests/shell/testcases/sets/0005named_interval_shadow_0 @@ -0,0 +1,13 @@ +#!/bin/bash + +# This testscase checks the nft checking of shadowed elements + +set -e +$NFT add table inet t +$NFT add set inet t s { type ipv6_addr \; flags interval \; } +$NFT add element inet t s { fe00::/48 } +if $NFT add element inet t s { fe00::/64 } 2>/dev/null ; then + echo "E: accepted shadowed element in named set" >&2 + exit 1 +fi +exit 0