From patchwork Thu May 17 07:36:54 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915144
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="ULlef3Lk"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjn60gSxz9s3X
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:14 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752071AbeEQHhM (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:12 -0400
Received: from mail-wr0-f194.google.com ([209.85.128.194]:36351 "EHLO
	mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751533AbeEQHhL (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:11 -0400
Received: by mail-wr0-f194.google.com with SMTP id p4-v6so4553481wrh.3
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=LWQW+npSRrzTCDmcvzEmYrUoAjBf6SkeR8X0tRWZzT0=;
	b=ULlef3LkO6YA+Uaup9sWVQ8JBDE02jZ//4yJUC/rqP1m53zuDxffSFJ8lMfQNeRh1G
	snrRz2Hq7AMUqK+JqpULi8X1WheGiqCzGzIr7I/E/KQpRepHxc6bQTkS8RxKS9i/UXV9
	FSfYPpeeHoNZrxA0CpVFZxREct4JOmbgtuoMhKBzmrUqoC/87cn3Czre2i8fUdnQROov
	yL76YreexlK5/KGyZXSNXJdX6S9lOnnSpPfWhGfSSif4C28bufOYopVtzdpDmq/A/+F/
	HFH1N7rEo3ZYSR1nWCs7z3Z2/XzYHcl0xTQ56A8AATXHmAHb28RoUcJDSbatIWL9LYJz
	M3XQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=LWQW+npSRrzTCDmcvzEmYrUoAjBf6SkeR8X0tRWZzT0=;
	b=ZyqgoIfSIqPz9bLU6ErowS1d9/F84CIhMvF7vv2d6ClfR4GGbu3M//0FnJS17Z/YHc
	hrTHntt74Qnnp7noIInI5CKTrkcpyn+HCk88kiyYyWnkkM05lR0v71RMdii4e33gGx6f
	L0q6VWlCJIFfGdbDJLQtFzp3mygfZJi3GP3fbuVyDx3k43ewjLyWxT03q3D96Kcxind7
	NmecYhL3NxIUCL7hkNeKqoZvXheHdtvAHELIbSQfQxH+qqPLu1pEfREdfiP9pJlQ7SuR
	PAHb08g88DnuOyeFh1Qjz3zDTAwAVUV85K+wpengZRVHwE2t3Da24oYwFHWvpVkNHKtb
	Q+vg==
X-Gm-Message-State: ALKqPwcoTiCwyX2nAfhnCCilfhdW92ul/+5PkFoajcLNX3wY9CcxVW85
	w2BbaFATnkN/e6F5Alm4JEN8ISvN
X-Google-Smtp-Source: 
 AB8JxZrxQffmZ34DFJA4uyqONKEEgSyoL9yWWtf6dkQxeTbsdTsy+cjvVAB8DL3x9nBrX+hSqhqokA==
X-Received: by 2002:adf:85b8:: with SMTP id
	53-v6mr3456709wrt.31.1526542629477;
	Thu, 17 May 2018 00:37:09 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.08
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:09 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 1/2] Introduce socket matching
Date: Thu, 17 May 2018 09:36:54 +0200
Message-Id: 
 <ec64cf9cb6bfce1693f9ff4073514fa9c3f6ab70.1526542099.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Socket matching is achieved using the nft_compat interface.

The list of known limitations of the current implementation are:

* The absence of a corresponding socket cannot be matched (`socket
  missing`).
* Only transparent socket flag can be matched, nowildcard is not a flag,
  it should be matched with a different expression if desired. Other
  options that can be set with `setsockopt` are unavailable.
* Such a rule cannot be added to an `inet` table.

In the long term native implementation might be worth it.

Example:

table ip stable {
	chain tchain {
		type filter hook prerouting priority -150; policy accept;
		socket flags transparent counter packets 12 bytes 608 mark set 0x00000001 accept
		socket exists counter packets 52 bytes 3316
	}
}
table ip6 stable {
	chain tchain {
		type filter hook prerouting priority -150; policy accept;
		socket flags transparent counter packets 0 bytes 0 mark set 0x00000001 accept
		socket exists counter packets 0 bytes 0
	}
}

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 include/linux/netfilter/nf_tables.h |  4 ++++
 include/statement.h                 | 10 +++++++++
 include/xt.h                        |  4 ++--
 src/evaluate.c                      | 11 ++++++++++
 src/netlink_delinearize.c           | 19 ++++++++++++++++
 src/netlink_linearize.c             | 21 ++++++++++++++++++
 src/parser_bison.y                  | 31 ++++++++++++++++++++++++--
 src/scanner.l                       |  3 +++
 src/statement.c                     | 34 +++++++++++++++++++++++++++++
 src/xt.c                            |  2 +-
 10 files changed, 134 insertions(+), 5 deletions(-)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 3395faf..31fd6f4 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1284,6 +1284,10 @@ enum nft_fib_flags {
 	NFTA_FIB_F_PRESENT	= 1 << 5,	/* check existence only */
 };
 
+enum nft_socket_flags {
+	NFTA_SOCKET_TRANSPARENT = (1<<0),
+};
+
 enum nft_ct_helper_attributes {
 	NFTA_CT_HELPER_UNSPEC,
 	NFTA_CT_HELPER_NAME,
diff --git a/include/statement.h b/include/statement.h
index de26549..84a8f3f 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -32,6 +32,13 @@ struct counter_stmt {
 
 extern struct stmt *counter_stmt_alloc(const struct location *loc);
 
+struct socket_stmt {
+	bool exists;
+	__u8 flags;
+};
+
+extern struct stmt *socket_stmt_alloc(const struct location *loc, bool exists, __u8 flags);
+
 struct exthdr_stmt {
 	struct expr			*expr;
 	struct expr			*val;
@@ -248,6 +255,7 @@ extern struct stmt *xt_stmt_alloc(const struct location *loc);
  * @STMT_EXTHDR:	extension header statement
  * @STMT_FLOW_OFFLOAD:	flow offload statement
  * @STMT_MAP:		map statement
+ * @STMT_SOCKET:	socket statement
  */
 enum stmt_types {
 	STMT_INVALID,
@@ -273,6 +281,7 @@ enum stmt_types {
 	STMT_EXTHDR,
 	STMT_FLOW_OFFLOAD,
 	STMT_MAP,
+	STMT_SOCKET,
 };
 
 /**
@@ -335,6 +344,7 @@ struct stmt {
 		struct objref_stmt	objref;
 		struct flow_stmt	flow;
 		struct map_stmt		map;
+		struct socket_stmt	socket;
 	};
 };
 
diff --git a/include/xt.h b/include/xt.h
index 753511e..5b29522 100644
--- a/include/xt.h
+++ b/include/xt.h
@@ -14,7 +14,7 @@ void xt_stmt_release(const struct stmt *stmt);
 void netlink_parse_target(struct netlink_parse_ctx *ctx,
 			  const struct location *loc,
 			  const struct nftnl_expr *nle);
-void netlink_parse_match(struct netlink_parse_ctx *ctx,
+void xt_netlink_parse_match(struct netlink_parse_ctx *ctx,
 			 const struct location *loc,
 			 const struct nftnl_expr *nle);
 void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt,
@@ -28,7 +28,7 @@ static inline void xt_stmt_release(const struct stmt *stmt) {}
 static inline void netlink_parse_target(struct netlink_parse_ctx *ctx,
 					const struct location *loc,
 					const struct nftnl_expr *nle) {}
-static inline void netlink_parse_match(struct netlink_parse_ctx *ctx,
+static inline void xt_netlink_parse_match(struct netlink_parse_ctx *ctx,
 				       const struct location *loc,
 				       const struct nftnl_expr *nle) {}
 static inline void stmt_xt_postprocess(struct rule_pp_ctx *rctx,
diff --git a/src/evaluate.c b/src/evaluate.c
index 4eb36e2..5222f4e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2686,6 +2686,15 @@ static int stmt_evaluate_objref(struct eval_ctx *ctx, struct stmt *stmt)
 	return 0;
 }
 
+static int stmt_evaluate_socket(struct eval_ctx *ctx, struct stmt *stmt)
+{
+	const struct socket_stmt * const s = &stmt->socket;
+
+	if (!s->exists && s->flags)
+		return -1;
+	return 0;
+}
+
 int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt)
 {
 	if (ctx->debug_mask & NFT_DEBUG_EVALUATION) {
@@ -2737,6 +2746,8 @@ int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt)
 		return stmt_evaluate_objref(ctx, stmt);
 	case STMT_MAP:
 		return stmt_evaluate_map(ctx, stmt);
+	case STMT_SOCKET:
+		return stmt_evaluate_socket(ctx, stmt);
 	default:
 		BUG("unknown statement type %s\n", stmt->ops->name);
 	}
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 8f4035a..19c753a 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -27,6 +27,7 @@
 #include <sys/socket.h>
 #include <libnftnl/udata.h>
 #include <xt.h>
+#include <linux/netfilter/xt_socket.h>
 
 static int netlink_parse_expr(const struct nftnl_expr *nle,
 			      struct netlink_parse_ctx *ctx);
@@ -1278,6 +1279,24 @@ static void netlink_parse_objref(struct netlink_parse_ctx *ctx,
 	ctx->stmt = stmt;
 }
 
+static void netlink_parse_match(struct netlink_parse_ctx *ctx,
+				 const struct location *loc,
+				 const struct nftnl_expr *nle)
+{
+	if (!strcmp(nftnl_expr_get_str(nle, NFTNL_EXPR_MT_NAME), "socket") &&
+	    nftnl_expr_get_u32(nle, NFTNL_EXPR_MT_REV) == 3) {
+		const struct xt_socket_mtinfo3 *info;
+		uint32_t len = 0;
+
+		info = nftnl_expr_get(nle, NFTNL_EXPR_MT_INFO, &len);
+		if(!info)
+			return;
+		ctx->stmt = socket_stmt_alloc(loc, true, info->flags); // true is placeholder
+	} else {
+		xt_netlink_parse_match(ctx, loc, nle);
+	}
+}
+
 static const struct {
 	const char	*name;
 	void		(*parse)(struct netlink_parse_ctx *ctx,
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 2ab8acc..5e9345a 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -19,6 +19,7 @@
 #include <gmputil.h>
 #include <utils.h>
 #include <netinet/in.h>
+#include <linux/netfilter/xt_socket.h>
 
 #include <linux/netfilter.h>
 #include <libnftnl/udata.h>
@@ -1155,6 +1156,24 @@ static void netlink_gen_flow_offload_stmt(struct netlink_linearize_ctx *ctx,
 	nftnl_rule_add_expr(ctx->nlr, nle);
 }
 
+static void netlink_gen_socket_match_stmt(struct netlink_linearize_ctx *ctx,
+					  const struct stmt *stmt)
+{
+	struct nftnl_expr *nle = alloc_nft_expr("match");
+	struct xt_socket_mtinfo3 *info;
+
+	nftnl_expr_set_str(nle, NFTNL_EXPR_MT_NAME, "socket");
+	nftnl_expr_set_u32(nle, NFTNL_EXPR_MT_REV, 3);
+
+	info = xzalloc(sizeof(struct xt_socket_mtinfo3));
+	info->flags = stmt->socket.flags;
+
+	nftnl_expr_set(nle, NFTNL_EXPR_MT_INFO, info, sizeof(struct xt_socket_mtinfo3));
+
+	nftnl_rule_add_expr(ctx->nlr, nle);
+}
+
+
 static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
 				 const struct stmt *stmt)
 {
@@ -1283,6 +1302,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx,
 		return netlink_gen_objref_stmt(ctx, stmt);
 	case STMT_MAP:
 		return netlink_gen_map_stmt(ctx, stmt);
+	case STMT_SOCKET:
+		return netlink_gen_socket_match_stmt(ctx, stmt);
 	default:
 		BUG("unknown statement type %s\n", stmt->ops->name);
 	}
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 0e3ee84..67a5b6f 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -189,6 +189,9 @@ int nft_lex(void *, void *, void *);
 
 %token FIB			"fib"
 
+%token SOCKET			"socket"
+%token TRANSPARENT		"transparent"
+
 %token HOOK			"hook"
 %token DEVICE			"device"
 %token DEVICES			"devices"
@@ -547,8 +550,11 @@ int nft_lex(void *, void *, void *);
 
 %type <list>			stmt_list
 %destructor { stmt_list_free($$); xfree($$); } stmt_list
-%type <stmt>			stmt match_stmt verdict_stmt
-%destructor { stmt_free($$); }	stmt match_stmt verdict_stmt
+%type <stmt>			stmt match_stmt verdict_stmt	socket_stmt
+%destructor { stmt_free($$); }	stmt match_stmt verdict_stmt	socket_stmt
+
+%type <val>			socket_stmt_flag socket_stmt_flags
+
 %type <stmt>			counter_stmt counter_stmt_alloc
 %destructor { stmt_free($$); }	counter_stmt counter_stmt_alloc
 %type <stmt>			payload_stmt
@@ -2078,6 +2084,27 @@ stmt			:	verdict_stmt
 			|	fwd_stmt
 			|	set_stmt
 			|	map_stmt
+			|	socket_stmt
+			;
+
+socket_stmt_flag	:	TRANSPARENT { $$ = NFTA_SOCKET_TRANSPARENT; }
+			;
+
+socket_stmt_flags	:	socket_stmt_flags COMMA socket_stmt_flag
+			{
+				$$ = $1 | $3;
+			}
+			|	socket_stmt_flag
+			;
+
+socket_stmt		:	SOCKET	EXISTS /* with the actual implementation we cannot match abscence */
+			{
+				$$ = socket_stmt_alloc(&@$, true, 0);
+			}
+			|	SOCKET FLAGS socket_stmt_flags /* we suppose existance criterion in this case */
+			{
+				$$ = socket_stmt_alloc(&@$, true, $3);
+			}
 			;
 
 verdict_stmt		:	verdict_expr
diff --git a/src/scanner.l b/src/scanner.l
index 6a861cf..416bd27 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -258,6 +258,9 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "ruleset"		{ return RULESET; }
 "trace"			{ return TRACE; }
 
+"socket"		{ return SOCKET; }
+"transparent"		{ return TRANSPARENT;}
+
 "accept"		{ return ACCEPT; }
 "drop"			{ return DROP; }
 "continue"		{ return CONTINUE; }
diff --git a/src/statement.c b/src/statement.c
index d291001..ff6a98a 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -176,6 +176,40 @@ struct stmt *counter_stmt_alloc(const struct location *loc)
 	return stmt;
 }
 
+static void socket_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
+{
+	const struct socket_stmt *s = &stmt->socket;
+	const char *transp_str = "transparent",
+	     *existance_str = (s->exists) ? "exists" : "missing";
+
+	nft_print(octx, "socket");
+	if (s->flags) {
+		__u8 f = s->flags;
+
+		nft_print(octx, " flags ");
+		if(f & NFTA_SOCKET_TRANSPARENT)
+			nft_print(octx, "%s", transp_str);
+	} else {
+		nft_print(octx, " %s", existance_str);
+	}
+	// (!s->exists && s->flags) is impossible, see stmt_evaluate_socket
+}
+
+static const struct stmt_ops socket_stmt_ops = {
+	.type		= STMT_SOCKET,
+	.name		= "socket",
+	.print		= socket_stmt_print,
+};
+
+extern struct stmt *socket_stmt_alloc(const struct location *loc, bool exists, __u8 flags)
+{
+	struct stmt *stmt = stmt_alloc(loc, &socket_stmt_ops);
+
+	stmt->socket.exists = exists;
+	stmt->socket.flags = flags;
+	return stmt;
+}
+
 static const char *objref_type[NFT_OBJECT_MAX + 1] = {
 	[NFT_OBJECT_COUNTER]	= "counter",
 	[NFT_OBJECT_QUOTA]	= "quota",
diff --git a/src/xt.c b/src/xt.c
index 95d0c5f..4f7c235 100644
--- a/src/xt.c
+++ b/src/xt.c
@@ -188,7 +188,7 @@ static struct xtables_match *xt_match_clone(struct xtables_match *m)
  * Delinearization
  */
 
-void netlink_parse_match(struct netlink_parse_ctx *ctx,
+void xt_netlink_parse_match(struct netlink_parse_ctx *ctx,
 			 const struct location *loc,
 			 const struct nftnl_expr *nle)
 {

From patchwork Thu May 17 07:36:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915146
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="K/xNjKep"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjn81tHdz9s33
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:16 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752253AbeEQHhP (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:15 -0400
Received: from mail-wr0-f182.google.com ([209.85.128.182]:43357 "EHLO
	mail-wr0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752044AbeEQHhM (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:12 -0400
Received: by mail-wr0-f182.google.com with SMTP id v15-v6so4530974wrm.10
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=kg7biSEVbuA9oewdrntGyAjX9V/zYPK5yxE7XVN++cs=;
	b=K/xNjKepb+DcV6KlG+RRJMx0Hi8j24zujamY4Pd/nqhSqnhjFm6aWHKLwbvNwENB4i
	xZ58wOkkNHNw5Kl2m143K/BD/ZHmZnt5u/zvfW7E462q1/OLy05edkbq4PrdOw141nfR
	UnzSESpPTQAVG7AjoebS0Bz3xOdnLd4nSdfIKiaOskyIkrpvsVxpHUMcn0cn8AJx5pTu
	iB/2ligttTkYiFfsf4V1vFBc+1ssge0ELG0L3ZHpsDugbYKaWlYH/PWA03xFZFf4qX33
	5dpeSeXiNEKoBxLtNZmBNrxNKn/uYBbxCYfEqOBy0eb+K2YDsptzTWCVVanTLGy997Fb
	iPbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=kg7biSEVbuA9oewdrntGyAjX9V/zYPK5yxE7XVN++cs=;
	b=P7t27B/yt8tnHPuxxI+NRn9muKtI0Zwbv/DRv/6yULBMgeC2b1y5GtMGKu+cyTA5wI
	z0GcDFmQMGkHz5AALpqhNLbtzb3zmr3cxK1RjMLNauf3BniAtNfWBhOx7MZnouHpVKN2
	ty1Reuia7zItrOg4dyBv8H/IFQWUDrzx0JncnuIg2V2y0TqWGerQz8h/X9agOTINv/wt
	k/+JBjJCqU6I2BuWRkHatNy2bZsSmJUjTVP8RscAcmpg925bDaHniRUDCD5V9a1ROHXQ
	U2bAY3nRx0tCVnwpQdcgFv8C/G3ZPfwPS2+RQplIVGbCmA5OCGHV9DmKNpW8ogHs4ybX
	QzzQ==
X-Gm-Message-State: ALKqPwcfUBe0JDY0gti5ZIDvnMxr1+apgWJePKOg6h52lnkihuWccNiL
	UwkGsTo3Lc04GjNSTEnSzRJc8Ygg
X-Google-Smtp-Source: 
 AB8JxZovzMF9XeEd9lbE83G/UjE8LLlMudcBgbvxe9z2A0Fkd3Y8Ft7applz8erm6E3xmNPfzuk2wg==
X-Received: by 2002:adf:a319:: with SMTP id
	c25-v6mr3456864wrb.88.1526542631034;
	Thu, 17 May 2018 00:37:11 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.10
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:10 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 2/2] test: Added test cases for socket matching
Date: Thu, 17 May 2018 09:36:56 +0200
Message-Id: 
 <ae545eb3583cad8bccade24e28148370974a4cf6.1526542099.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
In-Reply-To: 
 <ec64cf9cb6bfce1693f9ff4073514fa9c3f6ab70.1526542099.git.ecklm94@gmail.com>
References: 
 <ec64cf9cb6bfce1693f9ff4073514fa9c3f6ab70.1526542099.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 tests/py/inet/socket.t         | 10 ++++++++++
 tests/py/inet/socket.t.payload |  8 ++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 tests/py/inet/socket.t
 create mode 100644 tests/py/inet/socket.t.payload

diff --git a/tests/py/inet/socket.t b/tests/py/inet/socket.t
new file mode 100644
index 0000000..7782c3c
--- /dev/null
+++ b/tests/py/inet/socket.t
@@ -0,0 +1,10 @@
+:sockchain;type filter hook prerouting priority -150
+
+*ip;sockip4;sockchain
+*ip6;sockip6;sockchain
+
+# For now, it does not work for inet tables
+
+socket exists;ok
+socket flags transparent;ok
+
diff --git a/tests/py/inet/socket.t.payload b/tests/py/inet/socket.t.payload
new file mode 100644
index 0000000..05ece70
--- /dev/null
+++ b/tests/py/inet/socket.t.payload
@@ -0,0 +1,8 @@
+# socket exists
+ip sockip4 sockchain 
+  [ match name socket rev 3 ]
+
+# socket flags transparent
+ip sockip4 sockchain 
+  [ match name socket rev 3 ]
+

From patchwork Thu May 17 07:36:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915148
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="WS5gNfp5"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjnC6m4wz9s33
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:19 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752303AbeEQHhS (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:18 -0400
Received: from mail-wm0-f65.google.com ([74.125.82.65]:54611 "EHLO
	mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751533AbeEQHhN (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:13 -0400
Received: by mail-wm0-f65.google.com with SMTP id f6-v6so6610271wmc.4
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=pZUrZLAmBRwrrQKoCrp/CR+QSTEUVUVVgGvP5/1QFxI=;
	b=WS5gNfp5/x8MnuGCXTSL5jkxDqa/LhJ6RcnNAI2GJQEDNCuVpzWxluJDb7vesnfOsB
	o8WPQN/v7yYi9k3rb1YF3GyegGekcGluF5ljisMWU7v770dPrPFvCDIrHTrnAImCrszO
	iCzuPdKpf7bZkUOFLrOWxLSGCiC9x7Eo4359bfe2E82+ca5akUbYudN0jknrtkDvgnLV
	iN2fu7keEzpfiMKmPXOzrcgJG4TbeDHWraFrF+2fI1gnBM3zVZPm3vKmg2MXx36+dcqt
	0HIDmqAk5MVkWqMLDUkgMRV21+7O3iesFvNw+1fm9CmYc4O0FBQbRpVI92q4RSVfrV1G
	b6xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=pZUrZLAmBRwrrQKoCrp/CR+QSTEUVUVVgGvP5/1QFxI=;
	b=uA2k/rOJiOJZLySMf5luyJd5qGba+hV4tgXzVv3rup4G+G3PpBZPq3GIFn3zgkCUJg
	Cb0on1rsDdmun2T4m1OYlItOWK4SwzZgbC44AMB4QhzgeYSH08vMYAoihKsL9yDSxfwn
	p0JPofUHvTLhwEftbyjmOLO1aQNBxJ4MHuc9JtGqlxuMu1mmZnhOweTWNgVX3Bp5T7lV
	5bCOjd4JIjvAo9GbgiDJoPiBVYGcmnouTtYzbjk+XH3dqya1rhoBs98lUXnvtyUSN6gt
	i+E5G0nq0md2F/kq2MQ3SX1TdAzxwW159NYTGEjxqCmlKXkJreJsCJJvJHe8dKaQtAQx
	TuBQ==
X-Gm-Message-State: ALKqPwffCaE57fXurCEF9rqyfKIvV80hlBMW/8LPvSr8R+jIIyb5FHfy
	MTn8aTe3Ew8x/aOUJMxRr1FpMSZP
X-Google-Smtp-Source: 
 AB8JxZp8vHzNzwbzcV6bFw/JJbBgBwaIJD4y/XvIVd4YvxHlkQ1mffaK/aIN3cb9gJOYBiBVACKekQ==
X-Received: by 2002:a1c:355:: with SMTP id 82-v6mr825577wmd.96.1526542632332;
	Thu, 17 May 2018 00:37:12 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.11
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:11 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 3/7] test/py: Updated test file structure descripion in
	README
Date: Thu, 17 May 2018 09:36:58 +0200
Message-Id: 
 <3691ce35e8668bcab2742342db2c65242aac78ba.1526542126.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

The order of the table and chain definitions have changed in test files.
Now the name of the chain has to be specified in the definition of the
table, so their order is reverted.

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 tests/py/README | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/tests/py/README b/tests/py/README
index 005fe8e..a156032 100644
--- a/tests/py/README
+++ b/tests/py/README
@@ -64,11 +64,11 @@ A test file contains a set of rules that are added in the system.
 
 Here, an example of a test file:
 
-   *ip;test-ipv4                               # line 1
-   *ip6;test-ipv6                              # line 2
-   *inet;test-inet                             # line 3
+   :input;type filter hook input priority 0    # line 1
 
-   :input;type filter hook input priority 0    # line 4
+   *ip;test-ipv4;input                         # line 2
+   *ip6;test-ipv6;input                        # line 3
+   *inet;test-inet;input                       # line 4
 
    ah hdrlength != 11-23;ok;ah hdrlength < 11 ah hdrlength > 23   # line 5
    - tcp dport != {22-25}                                         # line 6
@@ -77,12 +77,12 @@ Here, an example of a test file:
    ?set1 192.168.3.8 192.168.3.9;ok            # line 8
    # This is a commented-line.                 # line 9
 
-Line 1 defines a table. The name of the table is 'test-ipv4' and the
-family is ip. Lines 2 and 3 defines more tables for different families
-so the rules in this test file are also tested there.
+Line 1 defines a chain. The name of this chain is "input". The type is "filter",
+the hook is "input" and the priority is 0.
 
-Line 4 defines the chain. The name of this chain is "input". The type is
-"filter", the hook is "input" and the priority is 0.
+Line 2 defines a table. The name of the table is 'test-ipv4', the family is ip
+and the chain to be added to it is 'input'. Lines 3 and 4 defines more tables for
+different families so the rules in this test file are also tested there.
 
 Line 5 defines the rule, the ";" character is used as separator of several
 parts:

From patchwork Thu May 17 07:36:59 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915149
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="CpJz9Gts"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjnD5R3Lz9s3c
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:20 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752306AbeEQHhT (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:19 -0400
Received: from mail-wr0-f195.google.com ([209.85.128.195]:41429 "EHLO
	mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752083AbeEQHhO (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:14 -0400
Received: by mail-wr0-f195.google.com with SMTP id g21-v6so4535789wrb.8
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=z51YGsKdw05XJbyPvAb1ItMT5kRHm23VGQzk6QXha8s=;
	b=CpJz9GtskD7+Xxx2mGrRIZH31B6Itmt8b3Ac7knwZ8xbjcAqVhBTdH/yorVe4aXSPl
	0VKVbNRSZ5k8otlLhDF89L2bbtFSzUMh/WbpDNEQLdLJpXUsT8nbng7TjpJUlX1Jfhn4
	WBeu9Tweo/MTYxmKHIv5kEJ0nQvdG6R05WFHgWme9RRSW6TmuH5EtyHAAFu1RJ21bqyk
	0vDd2lJdTp42ZJ8XdpxapcgpmP5uHSAlgKpSko6uIOk1OElvLhCtmvow58a17JsNtI3l
	qXerCySGJgHXpEFG1dimEE/Yl45jM6M00OkLevg4paBl+qi5orJXBUg0+AkrNKQd8d/G
	ZGpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=z51YGsKdw05XJbyPvAb1ItMT5kRHm23VGQzk6QXha8s=;
	b=IYDXN+0b7eJEWxsQVHSjXAI6/SaMT/yZBZIFCO2jmN4Qsw+qoYz1+ey50BaBka/B8G
	8FTKhhY0s3mTTp90h5yIrmqjJddvAZNaTwcrZj3tG1B2ZS66HUB/BhXrGvbk3ZyZ5jvF
	ZPoDjH/XqHZT2ZVm/1yEvVFb5hOEN/T442W20MVd3+ro31KMqGsttt53JBN0v8iYPN7m
	MMFuoO/OmBEz+L3orLcjiSQQJoEF+d0vRmNW7OStyVKqKNaG+Bl7t5g/vud842XAomzq
	i8T27CwQ3IOqFfYjZK8/rcCoR6iJUClwUoCoQwNUJSBqPuQtty/hdLAfpZ2DcdetxS3n
	hrCQ==
X-Gm-Message-State: ALKqPwdoOcnJEdVgmomo6FX+xjp9tql5Y55zmFSH+bxRSE7TViGC/I/P
	ncEqEkbZ7NvpriTg+w1ta9a8fCBc
X-Google-Smtp-Source: 
 AB8JxZrZKJo1Ak5SPo+lSlOsdc4z8391q2p1mSeMqmxBKjdqAeUdRLiAxCXMecn0ZK8oQ+wNVFgIQw==
X-Received: by 2002:adf:8567:: with SMTP id
	94-v6mr3446112wrh.156.1526542633261;
	Thu, 17 May 2018 00:37:13 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.12
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:12 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 4/7] test: py: print_msg refactor
Date: Thu, 17 May 2018 09:36:59 +0200
Message-Id: 
 <c57bfcdd27d2792b5a47ee52e99f2c3f5fc3c0d8.1526542126.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

The errstr attribute was hard-coded to "ERROR:"

errstr has been moved in the parameter list. As print_msg is only
used from the other print_* this is not an issue, and as there is a
print_error function, I don't think that strerr should default to
"ERROR:".

Also this kind of messages now get written to stderr. This can be
beneficial if someone wants to redirect output to a file.

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 tests/py/nft-test.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 88a3b21..2be4700 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -104,23 +104,25 @@ class Obj:
         return self.__dict__ == other.__dict__
 
 
-def print_msg(reason, filename=None, lineno=None, color=None, errstr=None):
+def print_msg(reason, errstr, filename=None, lineno=None, color=None):
     '''
     Prints a message with nice colors, indicating file and line number.
     '''
     if filename and lineno:
-        print filename + ": " + color + "ERROR:" + Colors.ENDC + \
-              " line %d: %s" % (lineno + 1, reason)
+        sys.stderr.write(filename + ": " + color + errstr + Colors.ENDC + \
+              " line %d: %s" % (lineno + 1, reason))
     else:
-        print color + "ERROR:" + Colors.ENDC + " %s" % reason
+        sys.stderr.write(color + errstr + Colors.ENDC + " %s" % reason)
+    sys.stderr.write("\n")
+    sys.stderr.flush() # So that the message stay in the right place.
 
 
 def print_error(reason, filename=None, lineno=None):
-    print_msg(reason, filename, lineno, Colors.RED, "ERROR:")
+    print_msg(reason, "ERROR:", filename, lineno, Colors.RED)
 
 
 def print_warning(reason, filename=None, lineno=None):
-    print_msg(reason, filename, lineno, Colors.YELLOW, "WARNING:")
+    print_msg(reason, "WARNING:", filename, lineno, Colors.YELLOW)
 
 
 def color_differences(rule, other, color):

From patchwork Thu May 17 07:37:00 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915150
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="WY7c8GQV"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjnF3bN8z9s33
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:21 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752312AbeEQHhT (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:19 -0400
Received: from mail-wm0-f67.google.com ([74.125.82.67]:36105 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751468AbeEQHhP (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:15 -0400
Received: by mail-wm0-f67.google.com with SMTP id n10-v6so7072270wmc.1
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=i7XxSdkhzoV27KFih+QYnVEOgUP/vOYNOdzF7qSPTaY=;
	b=WY7c8GQVP0lo9iurc53UEG0F+Bcv0UMPV+g3UCYGBRw6hFk59xhVPCGdOiEhEMg5zb
	JDV//reWds6qcExYxPb1Bsna5wxfjtOHhBAxQcTXrSR6Wi0jswHXzl5a6kCN5DrIF0iW
	w9CNlVTMQcLKDtWDz8TdP55cJo/x/rX2aXr3r/S7CrlubLIQJdgybbo9kbqyIDgRoaCI
	lVmWJOvIFoyVV1cJkZ3sJw4pGc6ixPvava8Of5t1IssvSde6Mu7L5uXSWNUii+Pe6jX4
	9E8XXLp/ZlXFpg17tSL8nXKNyy3HXIMoRBGKsYQxA96w7AhJmTJRvNw3kMuL6AXwSlPC
	FYMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=i7XxSdkhzoV27KFih+QYnVEOgUP/vOYNOdzF7qSPTaY=;
	b=nEdLcY3nDLhAe/MmfYJ014VSD3CJRurHebn0f98rouLPLFZLY/03A7Wph5FMlCbPdV
	q+LLHcC9JokX9wScdqpl3CAtXndVJ9tB6Zt/Qld1uHS8FVG/DhqQnOnTN4tGYDa6Zz+N
	y+ALIHS8F5WOJPrH2LtxbZeFt8hKznlhcNcQplVMt91aWoxwbWRTSOtoQLLBASqLZT+X
	g3fsV1Rb7pHErzlwQInPi23Ehx0Jq5k37ZRh+35Ztxe6AP/jUR52plDwZ1VeTmeBJTG8
	LJ1NJXVrEYquF0rgxfCd2R8zByASiCNWN6I/07CbnEZY8f1jexw4PiWCydjO2WjAuRAl
	rT/A==
X-Gm-Message-State: ALKqPwdg+zZlWPGAlMTg7gFmv0jrfpF7LK/EJJhInu0OpgRE8YLaKA1y
	YxgoCS/Lp8DB8+nL8wfmfaiBUPvj
X-Google-Smtp-Source: 
 AB8JxZr75Nk1m5AEPj6ZoQxDR0gDxj1pN3mFbFcZTtbF0L61biHUF0ldyHIz+u5nFVgCghVeko0zkA==
X-Received: by 2002:a1c:d495:: with SMTP id
	l143-v6mr828072wmg.144.1526542633848;
	Thu, 17 May 2018 00:37:13 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.13
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:13 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 5/7] test: py: print path of the logfile
Date: Thu, 17 May 2018 09:37:00 +0200
Message-Id: 
 <15ac3ddb126f2be13a918558f7c048413b3fcf68.1526542126.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

It is good to know that a log is generated even without browsing the
nft-test.py source code.

Also print_info function is introduced.

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 tests/py/README      | 2 ++
 tests/py/nft-test.py | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/py/README b/tests/py/README
index a156032..0e12dfa 100644
--- a/tests/py/README
+++ b/tests/py/README
@@ -132,6 +132,8 @@ E) Meaning of messages:
 * A warning message means the rule input and output of nft mismatches.
 * An error message means the nft-tool shows an error when we add it or
   the listing is broken after the rule is added.
+* An info message means something that is not necessarily related to any test
+  case and does not indicate faulty behaviour.
 
 F) Acknowledgements
 
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 2be4700..b536e9c 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -124,6 +124,8 @@ def print_error(reason, filename=None, lineno=None):
 def print_warning(reason, filename=None, lineno=None):
     print_msg(reason, "WARNING:", filename, lineno, Colors.YELLOW)
 
+def print_info(reason, filename=None, lineno=None):
+    print_msg(reason, "INFO:", filename, lineno, Colors.GREEN)
 
 def color_differences(rule, other, color):
     rlen = len(rule)
@@ -1350,8 +1352,9 @@ def main():
     global log_file
     try:
         log_file = open(LOGFILE, 'w')
+        print_info("Log will be available at %s" % LOGFILE)
     except IOError:
-        print "Cannot open log file %s" % LOGFILE
+        print_error("Cannot open log file %s" % LOGFILE)
         return
 
     file_list = []

From patchwork Thu May 17 07:37:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915151
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="tbUR13gI"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjnG1YDgz9s3X
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:22 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752318AbeEQHhU (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:20 -0400
Received: from mail-wm0-f68.google.com ([74.125.82.68]:37601 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752176AbeEQHhP (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:15 -0400
Received: by mail-wm0-f68.google.com with SMTP id l1-v6so7111643wmb.2
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=LlolDlY3TcOWKTfniCktXmniEPlJSyV6NZ/nSp+pKyc=;
	b=tbUR13gI+f62dC4olFoNQURC+qpGa99wD543k84IQho/CrR1DoUgIN326/WBEJsSC0
	BIkNGLNE2tOL4JjyLBPy8vh2hmofNCi01HI6GUVxmI/T+Zs1jVLrTwFgA3zvfoZ20M7i
	VF71n7CuNUIksgONSYMmx5DZOEgioZlcFiFWDRsDInZj17yaVKTKaniuN54HSh+0cU3Y
	ncYFH4KjXxMwmV5IfsZ1ZN3z2K/EdovPyc9qUDT9voMRupdlrpnKPCYFJO+NseeI5az9
	F7Klku828PNI1GPlMJSjOdy70uiWo4GAu6sbcdEVW/8+Kw2LwQ1lImIhD+E8y3v2IxBm
	og7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=LlolDlY3TcOWKTfniCktXmniEPlJSyV6NZ/nSp+pKyc=;
	b=dbNfH6Kkp8nk98W9UeQ2xyMvn5ADTmZwXNsfwJOFY8l3UgyzkXAbOKvXotv9v4oJs0
	3TJ4GqEtupycGgQ8nWR6S5GV8B6TT6DPQ/Aee3gED0fxmW6G8uwU0ncOpSbSqNjwh8ET
	1ef6FKXTQSeVtTZsSBDtM5sY8SKTBZdDa5+tWIjs5fQB4OMweKcwrLOz/xemVM7w7Khg
	5JDurQEnKd53i/SgPvVcZ5WU8ZxVHGSsFhfsnAhvkcVetA0WaKKiVREWjZLk3MjNA/rX
	PsVeY2Bk8+Y7Eqveel3WKZKZLD2uYe4PvkWS+wwbkqzWS2MYd8BHvdCsD8erOtmmGtG3
	mCIw==
X-Gm-Message-State: ALKqPwd7VahauIC2X+S+ggEdAnlaXnPz3DkJb6th3jgzQrcLNaJoLI74
	ESpL/SAXZJmFvLyIaLfO7GZzhqU2
X-Google-Smtp-Source: 
 AB8JxZqlT7RFmMHOvsSm/qAv+FbNGXVcHZpXNE0AZCfkW13JooetYXbOaPwSnN3P8ljS9Ia6KPro0g==
X-Received: by 2002:a1c:6ce:: with SMTP id
	197-v6mr824411wmg.141.1526542634584;
	Thu, 17 May 2018 00:37:14 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.13
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:14 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 6/7] test: py: Added paylad file description to README
Date: Thu, 17 May 2018 09:37:01 +0200
Message-Id: 
 <0d3854da6897ef3fdd3f8b1d8d44fab29be5b5b4.1526542126.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 tests/py/README | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/tests/py/README b/tests/py/README
index 0e12dfa..ed5dc58 100644
--- a/tests/py/README
+++ b/tests/py/README
@@ -104,7 +104,30 @@ Line 8 adds two elements into the 'set1' set: "192.168.3.8" and
 
 Line 9 uses the "#" symbol that means that this line is commented out.
 
-D) The test folders
+D) What is a payload file?
+
+A payload file contains info about the netlink message exchanged to achieve the
+transaction.
+
+The output can be generated in two ways. Let's see an example via socket
+matching.
+
+   # generate an empty payload file
+   $ touch inet/socket.t.payload
+
+   $ ./nft-test.py inet/socket.t # this will generate inet/socket.t.payload.got
+
+   $ mv inet/socket.t.payload.got inet/socket.t.payload
+
+The other way is using nft --debug=netlink. This has a drawback over the former
+option, as rules has to be run one by one and also a comment has to be added
+before every rule in the payload file.
+
+   $  nft --debug=netlink add rule ip sockip4 sockchain socket exists
+   ip sockip4 sockchain
+     [ match name socket rev 3 ]
+
+E) The test folders
 
 The test files are divided in several directories: ip, ip6, inet, arp,
 bridge and any.
@@ -127,7 +150,7 @@ bridge and any.
  * "any" folder: Here are the test files are executed in ip, ip6, inet,
    arp and bridge tables.
 
-E) Meaning of messages:
+F) Meaning of messages:
 
 * A warning message means the rule input and output of nft mismatches.
 * An error message means the nft-tool shows an error when we add it or
@@ -135,7 +158,7 @@ E) Meaning of messages:
 * An info message means something that is not necessarily related to any test
   case and does not indicate faulty behaviour.
 
-F) Acknowledgements
+G) Acknowledgements
 
 Thanks to the Outreach Program for Women (OPW) for sponsoring this test
 infrastructure and my mentor Pablo Neira.

From patchwork Thu May 17 07:37:02 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 915152
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="AIYBcirt"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40mjnG6PNpz9s33
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 May 2018 17:37:22 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752321AbeEQHhV (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 17 May 2018 03:37:21 -0400
Received: from mail-wr0-f172.google.com ([209.85.128.172]:38874 "EHLO
	mail-wr0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752257AbeEQHhQ (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 17 May 2018 03:37:16 -0400
Received: by mail-wr0-f172.google.com with SMTP id 94-v6so4539547wrf.5
	for <netfilter-devel@vger.kernel.org>;
	Thu, 17 May 2018 00:37:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=ew3Kmoot1+hQDgxGmfK2ufdaEBLMOF9ZtSD/T1yKtTE=;
	b=AIYBcirtoGHDl7SskLwIqHqt9GQd1HL+U3z+k7emLzgjTfIrXaP/NZP0+gLS4nXt3J
	d0IH+Vif5HT6sPQ/IbJweaLDmLO43z9Ork9/gOFdk7d0N3u95KjQeNt17h9CdACi7ZTV
	RrzOMW3oE+vvf0d4d3yghvfUOzqo37O8rX+fMRKuv26Lw3mm1ZyEdMT9GMFy30DrfWTl
	3dsEkaJchle765kRiXbyW/rtTjJVthMxwC1YZssbvlGJHVLWNfCYAM656M/ogj+C9m2s
	Zt9IJErJY7000lUlRIVPBapCybV55PIdIVTaI4l/TeYEz3FWBcgZ7ezzZrK3wxPqJAsC
	Dv+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=ew3Kmoot1+hQDgxGmfK2ufdaEBLMOF9ZtSD/T1yKtTE=;
	b=re9QpBDvF1O+pQrQMS0Lfs8AJuZWj/LQtjqp2Fy9ll8lmON68eBnjd3CT8jV94V0eH
	Sg7/PTTWFo9b21RJI6QKbDXlUo7moSvWOwXuC/naZndLh/PjiUmg9SqXwAM4BLhd92Wh
	Bfq/K6duCjONdv0awgTWlDlExhtyEcV1R76UQorJ30L+Z0j4xLNaN6s7wRcbpdgEv0eq
	GvHsKH6Puyp2yV5RGEa4CUST4mpJAcG/wNhdmvheTwv0eg2/zLfPA+MgJLhB6//iJwti
	bfqerELQ/jezg9XRF6uAJYpCOr+NDA1LkmGmQBIq2bjEYSRXvFc/hoVXUYqIyy3yGQ6A
	1/rQ==
X-Gm-Message-State: ALKqPweKKlBgAoBwsjqva25u9Wb5V7xYqFo+QmVUzabxTq34GQmxSbFs
	KwdoDmKiNJlJG+3D4jEf4S3lPWdv
X-Google-Smtp-Source: 
 AB8JxZq69KDz2CmtBbekf/F6VQeFJaJ3TTpOCjBNBb5nFuihBn2ArWTAK78iYNBB4UPiuLwBJb8hKA==
X-Received: by 2002:adf:ad94:: with SMTP id
	w20-v6mr3498477wrc.83.1526542635268;
	Thu, 17 May 2018 00:37:15 -0700 (PDT)
Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16])
	by smtp.gmail.com with ESMTPSA id
	123-v6sm5614787wmt.19.2018.05.17.00.37.14
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 17 May 2018 00:37:14 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 7/7] test: py: Make diff functions use print_* functions
Date: Thu, 17 May 2018 09:37:02 +0200
Message-Id: 
 <534773f16df5a64cfe21b34ad1d3a161b61bad17.1526542126.git.ecklm94@gmail.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
In-Reply-To: <cover.1526542126.git.ecklm94@gmail.com>
References: <cover.1526542126.git.ecklm94@gmail.com>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 tests/py/nft-test.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index b536e9c..edc0b4b 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -161,15 +161,13 @@ def color_differences(rule, other, color):
 def print_differences_warning(filename, lineno, rule1, rule2, cmd):
     colored_rule1 = color_differences(rule1, rule2, Colors.YELLOW)
     colored_rule2 = color_differences(rule2, rule1, Colors.YELLOW)
-    reason = "'" + colored_rule1 + "' mismatches '" + colored_rule2 + "'"
-    print filename + ": " + Colors.YELLOW + "WARNING: " + Colors.ENDC + \
-          "line: " + str(lineno + 1) + ": '" + cmd + "': " + reason
+    reason = "'%s': '%s' mismatches '%s'" % (cmd, colored_rule1, colored_rule2)
+    print_warning(reason, filename, lineno)
 
 
 def print_differences_error(filename, lineno, cmd):
-    reason = "Listing is broken."
-    print filename + ": " + Colors.RED + "ERROR: " + Colors.ENDC + "line: " + \
-          str(lineno + 1) + ": '" + cmd + "': " + reason
+    reason = "'%s': Listing is broken." % cmd
+    print_error(reason, filename, lineno)
 
 
 def table_exist(table, filename, lineno):