#
# For some printf debugging, you can also patch this file.
+rc_dump=0
+
array_contains() {
local needle="$1"
local a
printf "<<<<\n"
}
+diff_check_setcount() {
+ local dumpfile="$1"
+ local after="$2"
+
+ if $DIFF -u "$dumpfile" "$after" &> "$NFT_TEST_TESTTMPDIR/ruleset-diff" ; then
+ rm -f "$NFT_TEST_TESTTMPDIR/ruleset-diff"
+ return
+ fi
+
+ if [ $NFT_TEST_HAVE_setcount = n ];then
+ # old kernel or nft binary, expect "size 42", not "size 42 # count 1".
+ sed s/.\#\ count\ .\*//g "$dumpfile" > "$NFT_TEST_TESTTMPDIR/ruleset-diff-postprocess"
+
+ if $DIFF -u "$NFT_TEST_TESTTMPDIR/ruleset-diff-postprocess" "$after" > /dev/null ; then
+ rm -f "$NFT_TEST_TESTTMPDIR/ruleset-diff" "$NFT_TEST_TESTTMPDIR/ruleset-diff-postprocess"
+ return
+ fi
+ fi
+
+ show_file "$NFT_TEST_TESTTMPDIR/ruleset-diff" "Failed \`$DIFF -u \"$dumpfile\" \"$after\"\`" >> "$NFT_TEST_TESTTMPDIR/rc-failed-dump"
+ rc_dump=1
+}
+
json_pretty() {
"$NFT_TEST_BASEDIR/helpers/json-pretty.sh" "$@" 2>&1 || :
}
fi
fi
-rc_dump=0
if [ "$rc_test" -ne 77 -a "$dump_written" != y ] ; then
if [ -f "$DUMPFILE" ] ; then
- if ! $DIFF -u "$DUMPFILE" "$NFT_TEST_TESTTMPDIR/ruleset-after" &> "$NFT_TEST_TESTTMPDIR/ruleset-diff" ; then
- show_file "$NFT_TEST_TESTTMPDIR/ruleset-diff" "Failed \`$DIFF -u \"$DUMPFILE\" \"$NFT_TEST_TESTTMPDIR/ruleset-after\"\`" >> "$NFT_TEST_TESTTMPDIR/rc-failed-dump"
- rc_dump=1
- else
- rm -f "$NFT_TEST_TESTTMPDIR/ruleset-diff"
- fi
+ diff_check_setcount "$DUMPFILE" "$NFT_TEST_TESTTMPDIR/ruleset-after"
fi
if [ "$NFT_TEST_HAVE_json" != n -a -f "$JDUMPFILE" ] ; then
if ! $DIFF -u "$JDUMPFILE" "$NFT_TEST_TESTTMPDIR/ruleset-after.json-pretty" &> "$NFT_TEST_TESTTMPDIR/ruleset-diff.json" ; then
set -e
+if [ $NFT_TEST_HAVE_setcount = y ]; then
+ size="size 65535 # count 1"
+else
+ size="size 65535"
+fi
+
echo "loading ruleset with anonymous set"
$NFT -f - <<EOF
table t {
echo "resetting specific rule"
handle=$($NFT -a list chain t c | sed -n 's/.*accept # handle \([0-9]*\)$/\1/p')
$NFT reset rule t c handle $handle
-EXPECT='table ip t {
+EXPECT="table ip t {
set s {
type ipv4_addr
- size 65535
+ $size
flags dynamic
counter
elements = { 1.1.1.1 counter packets 1 bytes 11 }
counter packets 7 bytes 17 accept
counter packets 8 bytes 18 drop
}
-}'
+}"
$DIFF -u <(echo "$EXPECT") <($NFT list ruleset)
echo "resetting specific chain"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules chain t c2)
echo "resetting specific table"
-EXPECT='table ip t {
+EXPECT="table ip t {
set s {
type ipv4_addr
- size 65535
+ $size
flags dynamic
counter
elements = { 1.1.1.1 counter packets 1 bytes 11 }
counter packets 0 bytes 0 accept
counter packets 0 bytes 0 drop
}
-}'
+}"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules table t)
echo "resetting specific family"
-EXPECT='table ip t {
+EXPECT="table ip t {
set s {
type ipv4_addr
- size 65535
+ $size
flags dynamic
counter
elements = { 1.1.1.1 counter packets 1 bytes 11 }
counter packets 7 bytes 17 accept
counter packets 8 bytes 18 drop
}
-}'
+}"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules ip)
echo "resetting whole ruleset"
-EXPECT='table ip t {
+EXPECT="table ip t {
set s {
type ipv4_addr
- size 65535
+ $size
flags dynamic
counter
elements = { 1.1.1.1 counter packets 1 bytes 11 }
counter packets 0 bytes 0 accept
counter packets 0 bytes 0 drop
}
-}'
+}"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules)
projects / thirdparty / nftables.git / commitdiff
