tests: shell: autogenerate dump verification

Complete the automated shell tests with the verification of
the test file dump, only for positive tests and if the test
execution was successful.

It's able to generate the dump file with the -g option.
Example:

 # ./run-tests.sh -g testcases/chains/0001jumps_0

The dump files are generated in the same path in the folder named
dumps/ with .nft extension.

It has been avoided the dump verification code in every test
file.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tests/shell/README b/tests/shell/README
index 3ffe642cecc522ebc720f5ef16ebc304dc7b3710..e6d83bce42d0346c4977dca17617ce022d7c8088 100644 (file)
--- a/tests/shell/README
+++ b/tests/shell/README
@@ -1,5 +1,5 @@
 This test-suite is intended to perform tests of higher level than
-the other reggresion test-suite.
+the other regression test-suite.
 
 It can run arbitrary executables which can perform any test apart of testing
 the nft syntax or netlink code (which is what the regression tests does).
@@ -15,6 +15,9 @@ test-files can be spread in any sub-directories.
 You can turn on a verbose execution by calling:
  % ./run-tests.sh -v
 
+And generate missing dump files with:
+ % ./run-tests.sh -g <TESTFILE>
+
 Before each call to the test-files, `nft flush ruleset' will be called.
 Also, test-files will receive the environment variable $NFT which contains the
 path to the nftables binary being tested.

diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index 3eee99dfb739bde8c7a2d1aa4cca7c59be4d18b0..d2f3e96b33b24503ad71958692787ed342c60d1b 100755 (executable)
--- a/tests/shell/run-tests.sh
+++ b/tests/shell/run-tests.sh
@@ -4,6 +4,8 @@
 TESTDIR="./$(dirname $0)/"
 RETURNCODE_SEPARATOR="_"
 SRC_NFT="$(dirname $0)/../../src/nft"
+POSITIVE_RET=0
+DIFF=$(which diff)
 
 msg_error() {
        echo "E: $1 ..." >&2
@@ -43,6 +45,16 @@ if [ ! -x "$MODPROBE" ] ; then
        msg_error "no modprobe binary found"
 fi
 
+if [ "$1" == "-v" ] ; then
+       VERBOSE=y
+       shift
+fi
+
+if [ "$1" == "-g" ] ; then
+       DUMPGEN=y
+       shift
+fi
+
 if [ -x "$1" ] ; then
        if grep ^.*${RETURNCODE_SEPARATOR}[0-9]\\+$ <<< $1 >/dev/null ; then
                SINGLE=$1
@@ -50,10 +62,6 @@ if [ -x "$1" ] ; then
        fi
 fi
 
-if [ "$1" == "-v" ] ; then
-       VERBOSE=y
-fi
-
 kernel_cleanup() {
        $NFT flush ruleset
        $MODPROBE -raq \
@@ -97,9 +105,33 @@ do
        echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line
 
        if [ "$rc_got" == "$rc_spec" ] ; then
-               msg_info "[OK]          $testfile"
-               [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output"
-               ((ok++))
+               # check nft dump only for positive tests
+               rc_spec="${POSITIVE_RET}"
+               dumppath="$(dirname ${testfile})/dumps"
+               dumpfile="${dumppath}/$(basename ${testfile}).nft"
+               if [ "$rc_got" == "${POSITIVE_RET}" ] && [ -f ${dumpfile} ]; then
+                       test_output=$(${DIFF} ${dumpfile} <(nft list ruleset) 2>&1)
+                       rc_spec=$?
+               fi
+
+               if [ "$rc_spec" == "${POSITIVE_RET}" ]; then
+                       msg_info "[OK]          $testfile"
+                       [ "$VERBOSE" == "y" ] && [ ! -z "$test_output" ] && echo "$test_output"
+                       ((ok++))
+
+                       if [ "$DUMPGEN" == "y" ] && [ "$rc_got" == "${POSITIVE_RET}" ] && [ ! -f "${dumpfile}" ]; then
+                               mkdir -p "${dumppath}"
+                               nft list ruleset > "${dumpfile}"
+                       fi
+               else
+                       ((failed++))
+                       if [ "$VERBOSE" == "y" ] ; then
+                               msg_warn "[DUMP FAIL]   $testfile: dump diff detected"
+                               [ ! -z "$test_output" ] && echo "$test_output"
+                       else
+                               msg_warn "[DUMP FAIL]   $testfile"
+                       fi
+               fi
        else
                ((failed++))
                if [ "$VERBOSE" == "y" ] ; then

diff --git a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
new file mode 100644 (file)
index 0000000..f6dd654
--- /dev/null
+++ b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
@@ -0,0 +1,12 @@
+table inet test {
+       set test {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+
+       chain test {
+               ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept
+               ip saddr @test counter packets 0 bytes 0 accept
+               ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept
+       }
+}

diff --git a/tests/shell/testcases/cache/dumps/0002_interval_0.nft b/tests/shell/testcases/cache/dumps/0002_interval_0.nft
new file mode 100644 (file)
index 0000000..6a08132
--- /dev/null
+++ b/tests/shell/testcases/cache/dumps/0002_interval_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+       set s {
+               type ipv4_addr
+               flags interval
+               elements = { 192.168.0.0/24 }
+       }
+}

diff --git a/tests/shell/testcases/chains/0016delete_handle_0 b/tests/shell/testcases/chains/0016delete_handle_0
index cf11da8a6c122c450a18de53d5a2e8bd819c7cb5..677fba37e8a5aa0dd37aedfc1d7b024d14a94ab4 100755 (executable)
--- a/tests/shell/testcases/chains/0016delete_handle_0
+++ b/tests/shell/testcases/chains/0016delete_handle_0
@@ -11,26 +11,3 @@ $NFT add chain ip6 test-ip6 y        # should have handle 2
 $NFT add chain ip6 test-ip6 z  # should have handle 3
 $NFT delete chain test-ip handle 2
 $NFT delete chain ip6 test-ip6 handle 3
-
-EXPECTED="table ip test-ip {
-       chain x {
-       }
-
-       chain z {
-       }
-}
-table ip6 test-ip6 {
-       chain x {
-       }
-
-       chain y {
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/chains/dumps/0001jumps_0.nft b/tests/shell/testcases/chains/dumps/0001jumps_0.nft
new file mode 100644 (file)
index 0000000..7054cde
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0001jumps_0.nft
@@ -0,0 +1,64 @@
+table ip t {
+       chain c1 {
+               jump c2
+       }
+
+       chain c2 {
+               jump c3
+       }
+
+       chain c3 {
+               jump c4
+       }
+
+       chain c4 {
+               jump c5
+       }
+
+       chain c5 {
+               jump c6
+       }
+
+       chain c6 {
+               jump c7
+       }
+
+       chain c7 {
+               jump c8
+       }
+
+       chain c8 {
+               jump c9
+       }
+
+       chain c9 {
+               jump c10
+       }
+
+       chain c10 {
+               jump c11
+       }
+
+       chain c11 {
+               jump c12
+       }
+
+       chain c12 {
+               jump c13
+       }
+
+       chain c13 {
+               jump c14
+       }
+
+       chain c14 {
+               jump c15
+       }
+
+       chain c15 {
+               jump c16
+       }
+
+       chain c16 {
+       }
+}

diff --git a/tests/shell/testcases/chains/dumps/0006masquerade_0.nft b/tests/shell/testcases/chains/dumps/0006masquerade_0.nft
new file mode 100644 (file)
index 0000000..e4b9872
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0006masquerade_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+       chain c1 {
+               type nat hook postrouting priority 0; policy accept;
+               masquerade
+       }
+}

diff --git a/tests/shell/testcases/chains/dumps/0013rename_0.nft b/tests/shell/testcases/chains/dumps/0013rename_0.nft
new file mode 100644 (file)
index 0000000..e4e0171
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0013rename_0.nft
@@ -0,0 +1,4 @@
+table ip t {
+       chain c2 {
+       }
+}

diff --git a/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft b/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft
new file mode 100644 (file)
index 0000000..de6ee9c
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0016delete_handle_0.nft
@@ -0,0 +1,20 @@
+table ip test-ip {
+       chain x {
+       }
+
+       chain y {
+       }
+
+       chain z {
+       }
+}
+table ip6 test-ip6 {
+       chain x {
+       }
+
+       chain y {
+       }
+
+       chain z {
+       }
+}

diff --git a/tests/shell/testcases/flowtable/0001flowtable_0 b/tests/shell/testcases/flowtable/0001flowtable_0
index 307f06f62ebdb98a61802fbabca1230e07afb6bf..6d08e254558a1be2231e3d9270a6ea1c8f97a41d 100755 (executable)
--- a/tests/shell/testcases/flowtable/0001flowtable_0
+++ b/tests/shell/testcases/flowtable/0001flowtable_0
@@ -23,11 +23,3 @@ EXPECTED='table inet t {
 echo "$EXPECTED" > $tmpfile
 set -e
 $NFT -f $tmpfile
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
new file mode 100755 (executable)
index 0000000..5188b20
--- /dev/null
+++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
@@ -0,0 +1,10 @@
+table inet t {
+       flowtable f {
+               hook ingress priority 10
+               devices = { eth0, wlan0 }
+       }
+
+       chain c {
+               flow offload @f
+       }
+}

diff --git a/tests/shell/testcases/import/vm_json_import_0 b/tests/shell/testcases/import/vm_json_import_0
index dc367f646140ee087f6d658b7e2aef7ef1733da0..e5ecbcc43e16e4e7f240fd4c5a9d7ecb66e32b56 100755 (executable)
--- a/tests/shell/testcases/import/vm_json_import_0
+++ b/tests/shell/testcases/import/vm_json_import_0
@@ -61,11 +61,3 @@ $NFT -f $tmpfile
 $NFT export vm json > $tmpfile
 $NFT flush ruleset
 cat $tmpfile | $NFT import vm json
-
-RESULT="$($NFT list ruleset)"
-
-
-if [ "$RULESET" != "$RESULT" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$RESULT")
-fi

diff --git a/tests/shell/testcases/include/dumps/0001absolute_0.nft b/tests/shell/testcases/include/dumps/0001absolute_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0001absolute_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/include/dumps/0002relative_0.nft b/tests/shell/testcases/include/dumps/0002relative_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0002relative_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/include/dumps/0003includepath_0.nft b/tests/shell/testcases/include/dumps/0003includepath_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0003includepath_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/include/dumps/0006glob_single_0.nft b/tests/shell/testcases/include/dumps/0006glob_single_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0006glob_single_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/include/dumps/0007glob_double_0.nft b/tests/shell/testcases/include/dumps/0007glob_double_0.nft
new file mode 100644 (file)
index 0000000..f9cb080
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0007glob_double_0.nft
@@ -0,0 +1,4 @@
+table ip y {
+}
+table ip x {
+}

diff --git a/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft
new file mode 100644 (file)
index 0000000..8e818d2
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+       chain y {
+       }
+}

diff --git a/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft
new file mode 100644 (file)
index 0000000..8e818d2
--- /dev/null
+++ b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+       chain y {
+       }
+}

diff --git a/tests/shell/testcases/listing/0001ruleset_0 b/tests/shell/testcases/listing/0001ruleset_0
index 1a3a73b198c81c41b6f1ec971cfd0e115c4ee357..19cb3b04c27a476113219a516472f17e2ee3b043 100755 (executable)
--- a/tests/shell/testcases/listing/0001ruleset_0
+++ b/tests/shell/testcases/listing/0001ruleset_0
@@ -2,17 +2,6 @@
 
 # list ruleset shows a table
 
-EXPECTED="table ip test {
-}"
-
 set -e
 
 $NFT add table test
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi
-

diff --git a/tests/shell/testcases/listing/0002ruleset_0 b/tests/shell/testcases/listing/0002ruleset_0
index 45121fb7abdda0f5189b429a8743527883cffc80..b4a535c4c7d8aada7ca59620b4e507fe2b6023d8 100755 (executable)
--- a/tests/shell/testcases/listing/0002ruleset_0
+++ b/tests/shell/testcases/listing/0002ruleset_0
@@ -5,12 +5,3 @@
 EXPECTED=""
 
 set -e
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi
-

diff --git a/tests/shell/testcases/listing/dumps/0001ruleset_0.nft b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft
new file mode 100644 (file)
index 0000000..1c9f40c
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft
@@ -0,0 +1,2 @@
+table ip test {
+}

diff --git a/tests/shell/testcases/maps/0005interval_map_add_many_elements_0 b/tests/shell/testcases/maps/0005interval_map_add_many_elements_0
index 55f90555a3b9d6c9533592780b959ee0723f9b28..0714963d9d2b3edcc6ab60910241d472ca62c5ed 100755 (executable)
--- a/tests/shell/testcases/maps/0005interval_map_add_many_elements_0
+++ b/tests/shell/testcases/maps/0005interval_map_add_many_elements_0
@@ -56,18 +56,3 @@ n=$HOWMANY
 echo "add element x y { 10.${n}.${n}.0/24 : 10.0.${n}.${n} }" > $tmpfile
 
 $NFT -f $tmpfile
-
-EXPECTED="table ip x {
-       map y {
-               type ipv4_addr : ipv4_addr
-               flags interval
-               elements = { "$(generate_test)" }
-       }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi
-

diff --git a/tests/shell/testcases/maps/0006interval_map_overlap_0 b/tests/shell/testcases/maps/0006interval_map_overlap_0
index 8597639ea2aaac0e5aa2f378d123a828121d00f5..682ac65b0e19a192053c65dcea80489f42469fa8 100755 (executable)
--- a/tests/shell/testcases/maps/0006interval_map_overlap_0
+++ b/tests/shell/testcases/maps/0006interval_map_overlap_0
@@ -25,17 +25,3 @@ echo "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile
 
 $NFT -f $tmpfile
 
-EXPECTED="table ip x {
-       map y {
-               type ipv4_addr : ipv4_addr
-               flags interval
-               elements = { 10.0.1.0/24 : 10.0.0.1, 10.0.2.0/24 : 10.0.0.2 }
-       }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi
-

diff --git a/tests/shell/testcases/maps/0007named_ifname_dtype_0 b/tests/shell/testcases/maps/0007named_ifname_dtype_0
index dcbcf2f07dd1d2abfcd63efd1200fd32da38e781..5e51a605358b5a974ff3858ea5de068347b3b310 100755 (executable)
--- a/tests/shell/testcases/maps/0007named_ifname_dtype_0
+++ b/tests/shell/testcases/maps/0007named_ifname_dtype_0
@@ -26,10 +26,3 @@ set -e
 echo "$EXPECTED" > $tmpfile
 $NFT -f $tmpfile
 
-GET="$($NFT list ruleset)"
-if [ "$EXPECTED" != "$GET" ] ; then
-        DIFF="$(which diff)"
-        [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-        exit 1
-fi
-

diff --git a/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft b/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft
new file mode 100644 (file)
index 0000000..ab992c4
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0005interval_map_add_many_elements_0.nft
@@ -0,0 +1,8 @@
+table ip x {
+       map y {
+               type ipv4_addr : ipv4_addr
+               flags interval
+               elements = { 10.1.1.0/24 : 10.0.1.1, 10.1.2.0/24 : 10.0.1.2,
+                            10.2.1.0/24 : 10.0.2.1, 10.2.2.0/24 : 10.0.2.2 }
+       }
+}

diff --git a/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft b/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft
new file mode 100644 (file)
index 0000000..1f5343f
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0006interval_map_overlap_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+       map y {
+               type ipv4_addr : ipv4_addr
+               flags interval
+               elements = { 10.0.1.0/24 : 10.0.0.1, 10.0.2.0/24 : 10.0.0.2 }
+       }
+}

diff --git a/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft b/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft
new file mode 100644 (file)
index 0000000..878e7c0
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0007named_ifname_dtype_0.nft
@@ -0,0 +1,11 @@
+table inet t {
+       map m1 {
+               type ifname : ipv4_addr
+               elements = { "eth0" : 1.1.1.1 }
+       }
+
+       chain c {
+               ip daddr set iifname map @m1
+               ip daddr set oifname map @m1
+       }
+}

diff --git a/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft b/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft
new file mode 100644 (file)
index 0000000..5009560
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/anonymous_snat_map_0.nft
@@ -0,0 +1,5 @@
+table ip nat {
+       chain postrouting {
+               snat to ip saddr map { 1.1.1.1 : 2.2.2.2 }
+       }
+}

diff --git a/tests/shell/testcases/maps/dumps/map_with_flags_0.nft b/tests/shell/testcases/maps/dumps/map_with_flags_0.nft
new file mode 100644 (file)
index 0000000..c96b1ed
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/map_with_flags_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+       map y {
+               type ipv4_addr : ipv4_addr
+               flags timeout
+       }
+}

diff --git a/tests/shell/testcases/maps/dumps/named_snat_map_0.nft b/tests/shell/testcases/maps/dumps/named_snat_map_0.nft
new file mode 100644 (file)
index 0000000..a7c5751
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/named_snat_map_0.nft
@@ -0,0 +1,10 @@
+table ip nat {
+       map m {
+               type ipv4_addr : ipv4_addr
+               elements = { 1.1.1.1 : 2.2.2.2 }
+       }
+
+       chain postrouting {
+               snat to ip saddr map @m
+       }
+}

diff --git a/tests/shell/testcases/maps/map_with_flags_0 b/tests/shell/testcases/maps/map_with_flags_0
index 8774eb51147fabcaf9a90e9aa46f0543ff7bdeb5..68bd80d243e864e1b12f02dd28b6c62bcd3e0211 100755 (executable)
--- a/tests/shell/testcases/maps/map_with_flags_0
+++ b/tests/shell/testcases/maps/map_with_flags_0
@@ -4,18 +4,3 @@ set -e
 
 $NFT add table x
 $NFT add map x y { type ipv4_addr : ipv4_addr\; flags timeout\; }
-
-EXPECTED="table ip x {
-       map y {
-               type ipv4_addr : ipv4_addr
-               flags timeout
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0
index ddeb5423cc4c31f57d5041077e89af66bc39a9a9..19690544c5be18a92d7c7464397a956d8bad8ac1 100755 (executable)
--- a/tests/shell/testcases/nft-f/0002rollback_rule_0
+++ b/tests/shell/testcases/nft-f/0002rollback_rule_0
@@ -48,13 +48,3 @@ if [ $? -eq 0 ]      ; then
        echo "E: bogus ruleset loaded?" >&2
        exit 1
 fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
-        DIFF="$(which diff)"
-        [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
-        exit 1
-fi
-
-exit 0

diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0
index 6c43df9db5f82fb68f64d7699783950e30c37c66..f53fd23872511c53dd961e8a4ef3441313ea46c3 100755 (executable)
--- a/tests/shell/testcases/nft-f/0003rollback_jump_0
+++ b/tests/shell/testcases/nft-f/0003rollback_jump_0
@@ -48,13 +48,3 @@ if [ $? -eq 0 ]      ; then
        echo "E: bogus ruleset loaded?" >&2
        exit 1
 fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
-        DIFF="$(which diff)"
-        [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
-        exit 1
-fi
-
-exit 0

diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0
index 1dea85ec401adb6901a605d57791f709bb0cde77..7674106fb9e39d4c78e61678ed6e61b30ef857fa 100755 (executable)
--- a/tests/shell/testcases/nft-f/0004rollback_set_0
+++ b/tests/shell/testcases/nft-f/0004rollback_set_0
@@ -48,13 +48,3 @@ if [ $? -eq 0 ]      ; then
        echo "E: bogus ruleset loaded?" >&2
        exit 1
 fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
-        DIFF="$(which diff)"
-        [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
-        exit 1
-fi
-
-exit 0

diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0
index 777cc7175ef1064a0e2f29f1cfc8999ced239a94..ba1fcc5960652175ecc92c70daa66911591ed03f 100755 (executable)
--- a/tests/shell/testcases/nft-f/0005rollback_map_0
+++ b/tests/shell/testcases/nft-f/0005rollback_map_0
@@ -51,13 +51,3 @@ if [ $? -eq 0 ]      ; then
        echo "E: bogus ruleset loaded?" >&2
        exit 1
 fi
-
-KERNEL_RULESET="$($NFT list ruleset -nn)"
-
-if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
-        DIFF="$(which diff)"
-        [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
-        exit 1
-fi
-
-exit 0

diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0
index dd03545b172ac040678eeade4bb5cfc5dbd136bb..b244d14ea70f70785da75bcee8d6ae5193780fe9 100755 (executable)
--- a/tests/shell/testcases/nft-f/0008split_tables_0
+++ b/tests/shell/testcases/nft-f/0008split_tables_0
@@ -29,22 +29,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table inet filter {
-       chain ssh {
-               type filter hook input priority 0; policy accept;
-               tcp dport ssh accept
-       }
-
-       chain input {
-               type filter hook input priority 1; policy accept;
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
new file mode 100644 (file)
index 0000000..f6f2615
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+       set t {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+
+       chain c {
+               ct state new
+               tcp dport { 22222 }
+               ip saddr @t drop
+               jump other
+       }
+
+       chain other {
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
new file mode 100644 (file)
index 0000000..f6f2615
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+       set t {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+
+       chain c {
+               ct state new
+               tcp dport { 22222 }
+               ip saddr @t drop
+               jump other
+       }
+
+       chain other {
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
new file mode 100644 (file)
index 0000000..f6f2615
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+       set t {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+
+       chain c {
+               ct state new
+               tcp dport { 22222 }
+               ip saddr @t drop
+               jump other
+       }
+
+       chain other {
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
new file mode 100644 (file)
index 0000000..f6f2615
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
@@ -0,0 +1,16 @@
+table ip t {
+       set t {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+
+       chain c {
+               ct state new
+               tcp dport { 22222 }
+               ip saddr @t drop
+               jump other
+       }
+
+       chain other {
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft
new file mode 100644 (file)
index 0000000..1211411
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.nft
@@ -0,0 +1,10 @@
+table inet filter {
+       chain ssh {
+               type filter hook input priority 0; policy accept;
+               tcp dport ssh accept
+       }
+
+       chain input {
+               type filter hook input priority 1; policy accept;
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft
new file mode 100644 (file)
index 0000000..a793751
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.nft
@@ -0,0 +1,7 @@
+table inet forward {
+       set concat-set-variable {
+               type ipv4_addr . inet_service
+               elements = { 10.10.10.10 . smtp,
+                            10.10.10.10 . imap2 }
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft
new file mode 100644 (file)
index 0000000..1f3d05e
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.nft
@@ -0,0 +1,6 @@
+table inet filter {
+       set whitelist_v4 {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+}

diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
new file mode 100644 (file)
index 0000000..e9eef4b
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
@@ -0,0 +1,16 @@
+table inet t {
+       chain c {
+               iifname "whatever" oifname "whatever" iif "lo" oif "lo"
+               iifname { "whatever" } iif { "lo" } mark 0x0000007b
+               ct state established,related,new
+               ct state != established | related | new
+               ip saddr 10.0.0.0 ip saddr 10.0.0.0 ip daddr 10.0.0.2
+               ip6 daddr fe0::1 ip6 saddr fe0::2
+               ip saddr vmap { 10.0.0.0 : drop, 10.0.0.2 : accept }
+               ip6 daddr vmap { fe0::1 : drop, fe0::2 : accept }
+               ip6 saddr . ip6 nexthdr { fe0::1 . udp, fe0::2 . tcp }
+               ip daddr . iif vmap { 10.0.0.0 . "lo" : accept }
+               tcp dport 100-222
+               udp dport vmap { 100-222 : accept }
+       }
+}

diff --git a/tests/shell/testcases/optionals/dumps/comments_0.nft b/tests/shell/testcases/optionals/dumps/comments_0.nft
new file mode 100644 (file)
index 0000000..416a07e
--- /dev/null
+++ b/tests/shell/testcases/optionals/dumps/comments_0.nft
@@ -0,0 +1,5 @@
+table ip test {
+       chain test {
+               tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment"
+       }
+}

diff --git a/tests/shell/testcases/optionals/dumps/comments_handles_0.nft b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft
new file mode 100644 (file)
index 0000000..416a07e
--- /dev/null
+++ b/tests/shell/testcases/optionals/dumps/comments_handles_0.nft
@@ -0,0 +1,5 @@
+table ip test {
+       chain test {
+               tcp dport ssh counter packets 0 bytes 0 accept comment "test_comment"
+       }
+}

diff --git a/tests/shell/testcases/optionals/dumps/handles_0.nft b/tests/shell/testcases/optionals/dumps/handles_0.nft
new file mode 100644 (file)
index 0000000..eb0af81
--- /dev/null
+++ b/tests/shell/testcases/optionals/dumps/handles_0.nft
@@ -0,0 +1,5 @@
+table ip test {
+       chain test {
+               tcp dport ssh counter packets 0 bytes 0 accept
+       }
+}

diff --git a/tests/shell/testcases/rule_management/0001addposition_0 b/tests/shell/testcases/rule_management/0001addposition_0
index e66bfff34568827cbc6ed1dffadac2fb2e421f96..ee90d923f2933fed72748063e88dd637cee7b529 100755 (executable)
--- a/tests/shell/testcases/rule_management/0001addposition_0
+++ b/tests/shell/testcases/rule_management/0001addposition_0
@@ -9,19 +9,3 @@ $NFT add chain t c
 $NFT add rule t c accept       # should have handle 2
 $NFT add rule t c accept       # should have handle 3
 $NFT add rule t c position 2 drop
-
-EXPECTED="table ip t {
-       chain c {
-               accept
-               drop
-               accept
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/rule_management/0002insertposition_0 b/tests/shell/testcases/rule_management/0002insertposition_0
index cf8a568dbc7a19b4f901a5d4e62e00b0cc7c06bc..e9f886fbedf8bef5a3729a51ae1a26c42f37c087 100755 (executable)
--- a/tests/shell/testcases/rule_management/0002insertposition_0
+++ b/tests/shell/testcases/rule_management/0002insertposition_0
@@ -9,19 +9,3 @@ $NFT add chain t c
 $NFT add rule t c accept       # should have handle 2
 $NFT add rule t c accept       # should have handle 3
 $NFT insert rule t c position 2 drop
-
-EXPECTED="table ip t {
-       chain c {
-               drop
-               accept
-               accept
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0
index 6691c166cc78133aefee19daca3cb5c692f6bce7..329ccc203ed73c4030ad32b209a5e525513aeaf7 100755 (executable)
--- a/tests/shell/testcases/rule_management/0003insert_0
+++ b/tests/shell/testcases/rule_management/0003insert_0
@@ -9,19 +9,3 @@ $NFT add chain t c
 $NFT insert rule t c accept
 $NFT insert rule t c drop
 $NFT insert rule t c masquerade
-
-EXPECTED="table ip t {
-       chain c {
-               masquerade
-               drop
-               accept
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/rule_management/0004replace_0 b/tests/shell/testcases/rule_management/0004replace_0
index 6a4b9495b54c9aba832f6ac8baaea2998af3bbee..c3329af500d3864354748c95e1937e29d66c88a4 100755 (executable)
--- a/tests/shell/testcases/rule_management/0004replace_0
+++ b/tests/shell/testcases/rule_management/0004replace_0
@@ -8,17 +8,3 @@ $NFT add table t
 $NFT add chain t c
 $NFT add rule t c accept       # should have handle 2
 $NFT replace rule t c handle 2 drop
-
-EXPECTED="table ip t {
-       chain c {
-               drop
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/rule_management/0007delete_0 b/tests/shell/testcases/rule_management/0007delete_0
index 126fe5dd445264eb590347713c60f9963cb37399..11376cc37d781f5e71825a85c1a8870521507585 100755 (executable)
--- a/tests/shell/testcases/rule_management/0007delete_0
+++ b/tests/shell/testcases/rule_management/0007delete_0
@@ -9,17 +9,3 @@ $NFT add chain t c
 $NFT add rule t c accept       # should have handle 2
 $NFT add rule t c drop         # should have handle 3
 $NFT delete rule t c handle 2
-
-EXPECTED="table ip t {
-       chain c {
-               drop
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
new file mode 100644 (file)
index 0000000..e282e13
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       chain c {
+               accept
+               drop
+               accept
+       }
+}

diff --git a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
new file mode 100644 (file)
index 0000000..527d79d
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       chain c {
+               drop
+               accept
+               accept
+       }
+}

diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
new file mode 100644 (file)
index 0000000..9421f4a
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       chain c {
+               masquerade
+               drop
+               accept
+       }
+}

diff --git a/tests/shell/testcases/rule_management/dumps/0004replace_0.nft b/tests/shell/testcases/rule_management/dumps/0004replace_0.nft
new file mode 100644 (file)
index 0000000..e20952e
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0004replace_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+       chain c {
+               drop
+       }
+}

diff --git a/tests/shell/testcases/rule_management/dumps/0007delete_0.nft b/tests/shell/testcases/rule_management/dumps/0007delete_0.nft
new file mode 100644 (file)
index 0000000..e20952e
--- /dev/null
+++ b/tests/shell/testcases/rule_management/dumps/0007delete_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+       chain c {
+               drop
+       }
+}

diff --git a/tests/shell/testcases/sets/0012add_delete_many_elements_0 b/tests/shell/testcases/sets/0012add_delete_many_elements_0
index 7a5f8c6901338b64dc2c17c5c96931ed069220fc..7e7beebd207394503b93b02727605cec278d5e1e 100755 (executable)
--- a/tests/shell/testcases/sets/0012add_delete_many_elements_0
+++ b/tests/shell/testcases/sets/0012add_delete_many_elements_0
@@ -31,16 +31,3 @@ delete element x y $(generate)" > $tmpfile
 
 set -e
 $NFT -f $tmpfile
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-       }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi
-

diff --git a/tests/shell/testcases/sets/0013add_delete_many_elements_0 b/tests/shell/testcases/sets/0013add_delete_many_elements_0
index 265a55409d476582386942d5c2336dc8655598d4..5774317b6b630db197d2d76a4a2df303345e0b45 100755 (executable)
--- a/tests/shell/testcases/sets/0013add_delete_many_elements_0
+++ b/tests/shell/testcases/sets/0013add_delete_many_elements_0
@@ -32,17 +32,3 @@ add element x y $(generate)" > $tmpfile
 $NFT -f $tmpfile
 echo "delete element x y $(generate)" > $tmpfile
 $NFT -f $tmpfile
-
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-       }
-}"
-GET=$($NFT list ruleset)
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi
-

diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0
index 763d9ae1797e6e42e7b83b08c81900fda548eee7..4779f264e8c896125b39baaee45c20bcf484fa32 100755 (executable)
--- a/tests/shell/testcases/sets/0021nesting_0
+++ b/tests/shell/testcases/sets/0021nesting_0
@@ -30,17 +30,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       chain y {
-               ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0
index 8b7ab98205ac1c4ee8867d2e20729e10d9e0182b..92f4a4ad043f0a4ed8e4716ccf5d005776f44e5f 100755 (executable)
--- a/tests/shell/testcases/sets/0029named_ifname_dtype_0
+++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0
@@ -25,11 +25,3 @@ EXPECTED="table inet t {
 set -e
 echo "$EXPECTED" > $tmpfile
 $NFT -f $tmpfile
-
-GET="$($NFT list ruleset)"
-if [ "$EXPECTED" != "$GET" ] ; then
-        DIFF="$(which diff)"
-        [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-        exit 1
-fi
-

diff --git a/tests/shell/testcases/sets/dumps/0001named_interval_0.nft b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
new file mode 100644 (file)
index 0000000..3049aa8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0001named_interval_0.nft
@@ -0,0 +1,34 @@
+table inet t {
+       set s1 {
+               type ipv4_addr
+               flags interval
+               elements = { 10.0.0.0-11.0.0.0, 172.16.0.0/16 }
+       }
+
+       set s2 {
+               type ipv6_addr
+               flags interval
+               elements = { fe00::/64,
+                            fe11::-fe22:: }
+       }
+
+       set s3 {
+               type inet_proto
+               flags interval
+               elements = { 10-20, 50-60 }
+       }
+
+       set s4 {
+               type inet_service
+               flags interval
+               elements = { 0-1024, 8080-8082, 10000-40000 }
+       }
+
+       chain c {
+               ip saddr @s1 accept
+               ip6 daddr @s2 accept
+               ip protocol @s3 accept
+               ip6 nexthdr @s3 accept
+               tcp dport @s4 accept
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
new file mode 100644 (file)
index 0000000..452ee23
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0002named_interval_automerging_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       set s {
+               type ipv4_addr
+               flags interval
+               elements = { 192.168.0.0/24, 192.168.1.0/24 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
new file mode 100644 (file)
index 0000000..70c32a8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0003named_interval_missing_flag_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+       set s {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
new file mode 100644 (file)
index 0000000..940030a
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0004named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+       set s {
+               type ipv6_addr
+               flags interval
+               elements = { fe00::/64 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
new file mode 100644 (file)
index 0000000..4224d9d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0005named_interval_shadow_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+       set s {
+               type ipv6_addr
+               flags interval
+               elements = { fe00::/48 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0006create_set_0.nft b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
new file mode 100644 (file)
index 0000000..70c32a8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0006create_set_0.nft
@@ -0,0 +1,5 @@
+table ip t {
+       set s {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0007create_element_0.nft b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
new file mode 100644 (file)
index 0000000..169be11
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0007create_element_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+       set s {
+               type ipv4_addr
+               elements = { 1.1.1.1 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
new file mode 100644 (file)
index 0000000..5e7a768
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008comments_interval_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       set s {
+               type ipv4_addr
+               flags interval
+               elements = { 1.1.1.1 comment "test" }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
new file mode 100644 (file)
index 0000000..ab0fe80
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0008create_verdict_map_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+       map sourcemap {
+               type ipv4_addr : verdict
+               elements = { 100.123.10.2 : jump c }
+       }
+
+       chain postrouting {
+               ip saddr vmap @sourcemap accept
+       }
+
+       chain c {
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
new file mode 100644 (file)
index 0000000..455ebe3
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0009comments_timeout_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       set s {
+               type ipv4_addr
+               flags timeout
+               elements = { 1.1.1.1 comment "test" }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0010comments_0.nft b/tests/shell/testcases/sets/dumps/0010comments_0.nft
new file mode 100644 (file)
index 0000000..6e42ec4
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0010comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+       set s {
+               type ipv6_addr
+               elements = { ::1 comment "test" }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
new file mode 100644 (file)
index 0000000..e3d4aee
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0012add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       set y {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
new file mode 100644 (file)
index 0000000..e3d4aee
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0013add_delete_many_elements_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       set y {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
new file mode 100644 (file)
index 0000000..f6eddbf
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0015rulesetflush_0.nft
@@ -0,0 +1,11 @@
+table ip t {
+       chain c {
+       }
+}
+table inet filter {
+       set blacklist_v4 {
+               type ipv4_addr
+               flags interval
+               elements = { 192.168.0.0/24 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0016element_leak_0.nft b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
new file mode 100644 (file)
index 0000000..9d2b0af
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0016element_leak_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+       set s {
+               type ipv4_addr
+               size 2
+               elements = { 1.1.1.1 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
new file mode 100644 (file)
index 0000000..9d2b0af
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0017add_after_flush_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+       set s {
+               type ipv4_addr
+               size 2
+               elements = { 1.1.1.1 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
new file mode 100644 (file)
index 0000000..8cd3707
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0019set_check_size_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+       set s {
+               type ipv4_addr
+               size 2
+               elements = { 1.1.1.1, 1.1.1.2 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0020comments_0.nft b/tests/shell/testcases/sets/dumps/0020comments_0.nft
new file mode 100644 (file)
index 0000000..d533084
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0020comments_0.nft
@@ -0,0 +1,6 @@
+table inet t {
+       set s {
+               type inet_service
+               elements = { ssh comment "test" }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0021nesting_0.nft b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
new file mode 100644 (file)
index 0000000..6fd2a44
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0021nesting_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       chain y {
+               ip saddr { 1.1.1.0/24, 2.2.2.0/24, 3.3.3.0/24 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
new file mode 100644 (file)
index 0000000..3dd9760
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
@@ -0,0 +1,13 @@
+table ip t {
+       set s {
+               type ipv4_addr
+       }
+
+       map m {
+               type ipv4_addr : inet_service
+       }
+
+       chain c {
+               tcp dport http meter f { ip saddr limit rate 10/second} 
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
new file mode 100644 (file)
index 0000000..985768b
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0023incomplete_add_set_command_0.nft
@@ -0,0 +1,2 @@
+table ip t {
+}

diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
new file mode 100644 (file)
index 0000000..929c5d9
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
@@ -0,0 +1,28 @@
+table inet x {
+       counter user123 {
+               packets 12 bytes 1433
+       }
+
+       quota user123 {
+               over 2000 bytes
+       }
+
+       quota user124 {
+               over 2000 bytes
+       }
+
+       set y {
+               type ipv4_addr
+       }
+
+       map test {
+               type ipv4_addr : quota
+               elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
+       }
+
+       chain y {
+               type filter hook input priority 0; policy accept;
+               counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
+               quota name ip saddr map @test drop
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
new file mode 100644 (file)
index 0000000..c823ae9
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0025anonymous_set_0.nft
@@ -0,0 +1,7 @@
+table ip t {
+       chain c {
+               type filter hook output priority 0; policy accept;
+               ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 }
+               tcp dport { ssh, telnet } counter packets 0 bytes 0
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0026named_limit_0.nft b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
new file mode 100644 (file)
index 0000000..0d1f125
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0026named_limit_0.nft
@@ -0,0 +1,10 @@
+table ip filter {
+       limit http-traffic {
+               rate 1/second
+       }
+
+       chain input {
+               type filter hook input priority 0; policy accept;
+               limit name tcp dport map { http : "http-traffic", https : "http-traffic" }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
new file mode 100644 (file)
index 0000000..c49eefa
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0027ipv6_maps_ipv4_0.nft
@@ -0,0 +1,7 @@
+table inet t {
+       set s {
+               type ipv6_addr
+               flags interval
+               elements = { ::ffff:0.0.0.0/96 }
+       }
+}

diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
new file mode 100644 (file)
index 0000000..2c82e57
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
@@ -0,0 +1,11 @@
+table inet t {
+       set s {
+               type ifname
+               elements = { "eth0" }
+       }
+
+       chain c {
+               iifname @s accept
+               oifname @s accept
+       }
+}

diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0
index 0bde1018a32253f96ea6edfb2c01795cecd10dcd..83f9fd0d7d6c4ba66c5dc8aa36f6e44b38220341 100755 (executable)
--- a/tests/shell/testcases/transactions/0001table_0
+++ b/tests/shell/testcases/transactions/0001table_0
@@ -21,16 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-}
-table ip y {
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0
index c5f319e47b2b89010d281584b169222a9dc9e0cf..dbd2f4ab8faf2e773038bca30ad7401b2db5bac7 100755 (executable)
--- a/tests/shell/testcases/transactions/0002table_0
+++ b/tests/shell/testcases/transactions/0002table_0
@@ -21,15 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       flags dormant
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0
index f17285e5a39ea7c7343d0acbd8247b75ff548a76..004ce5131296988be9fccecbf4317ff09eb19ed6 100755 (executable)
--- a/tests/shell/testcases/transactions/0003table_0
+++ b/tests/shell/testcases/transactions/0003table_0
@@ -20,13 +20,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED=""
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0
index f4c1fbd1e45646bc761c7c4391d9ca9610759a5f..d191868034297ca7f58415b94cf5fcb726b0849b 100755 (executable)
--- a/tests/shell/testcases/transactions/0010chain_0
+++ b/tests/shell/testcases/transactions/0010chain_0
@@ -22,16 +22,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip w {
-       chain y {
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0
index 71afa6ed123fa1bea15328c10d926c8625c299cf..aac33d566f28d9b210bef7ab1faefc6be1257768 100755 (executable)
--- a/tests/shell/testcases/transactions/0011chain_0
+++ b/tests/shell/testcases/transactions/0011chain_0
@@ -22,17 +22,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       chain y {
-               type filter hook input priority 0; policy drop;
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0
index 757bc75080d74af29dbcc5b3e1e8c06672d26202..c3bfe13016adb8325026fa5b5741fe1e25767bb6 100755 (executable)
--- a/tests/shell/testcases/transactions/0012chain_0
+++ b/tests/shell/testcases/transactions/0012chain_0
@@ -26,17 +26,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip w {
-       chain y {
-               type filter hook output priority 0; policy accept;
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0
index 2c75bd4f4c3cb98ad636e60d7b4fb216f5391d25..67c31c8a785d6109a5549400c8e5258e1cb37e52 100755 (executable)
--- a/tests/shell/testcases/transactions/0013chain_0
+++ b/tests/shell/testcases/transactions/0013chain_0
@@ -27,17 +27,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip w {
-       chain y {
-               type filter hook output priority 0; policy accept;
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0
index 1ad436259ccdbd13da17cd771f95956c0ce80c30..e38634d350aab78423ac0e357a05d86c6702bcd7 100755 (executable)
--- a/tests/shell/testcases/transactions/0020rule_0
+++ b/tests/shell/testcases/transactions/0020rule_0
@@ -21,13 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED=""
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0
index 2467124f2753110b61a2f3fa8ea753549e80976b..284a9e713dc11d2d87a3b0b4021f2873c04f5c9e 100755 (executable)
--- a/tests/shell/testcases/transactions/0021rule_0
+++ b/tests/shell/testcases/transactions/0021rule_0
@@ -24,17 +24,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       chain y {
-               ip saddr 2.2.2.2 counter packets 0 bytes 0
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0
index 1fefb94414360ed5d0d1e33c934825b0a9b3fedf..ad08b7e5bb6bf1ce2f2fdcda0a00d29d69b2082b 100755 (executable)
--- a/tests/shell/testcases/transactions/0030set_0
+++ b/tests/shell/testcases/transactions/0030set_0
@@ -21,14 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0
index 87848b4b969af2d5673e853186db2bc61c6398ba..6c5757cc360d06e7d17ee126e1fe33c293fe5713 100755 (executable)
--- a/tests/shell/testcases/transactions/0031set_0
+++ b/tests/shell/testcases/transactions/0031set_0
@@ -21,17 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0
index d4d7e7ed08515fc87d320417285b2dc801c1ed32..1b41cf092a8429a034181a45abb45c54661cbfd0 100755 (executable)
--- a/tests/shell/testcases/transactions/0032set_0
+++ b/tests/shell/testcases/transactions/0032set_0
@@ -22,17 +22,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip w {
-       set y {
-               type ipv4_addr
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0
index b73b6fc823976562702bf60f4b8e8d634df7596c..19543b3c97f305a2d6ce235eccaac5eaa444daf3 100755 (executable)
--- a/tests/shell/testcases/transactions/0033set_0
+++ b/tests/shell/testcases/transactions/0033set_0
@@ -20,14 +20,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0
index 25e650078c042dbd181afc7df3f201104661393c..4cddb94dce6fc3ec9b6f1a855aa1b292ebd7e1b3 100755 (executable)
--- a/tests/shell/testcases/transactions/0034set_0
+++ b/tests/shell/testcases/transactions/0034set_0
@@ -21,17 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0
index 0788e2fe9489ba5427f7ddea686208f6ae9d3439..9b20746b0e0991ca23bf13a969a113d0d78abc96 100755 (executable)
--- a/tests/shell/testcases/transactions/0035set_0
+++ b/tests/shell/testcases/transactions/0035set_0
@@ -23,18 +23,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-               elements = { 3.3.3.3 }
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0
index 3e48c8018462069e212fa219a4c5de77792633b0..75b1d453785591065f708f19e263ecafd3cea7aa 100755 (executable)
--- a/tests/shell/testcases/transactions/0037set_0
+++ b/tests/shell/testcases/transactions/0037set_0
@@ -21,18 +21,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-               flags interval
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0
index 765507555814d42d24a2630c971953d3def27d20..3120e9162934030f72e321d4a586897c04275993 100755 (executable)
--- a/tests/shell/testcases/transactions/0038set_0
+++ b/tests/shell/testcases/transactions/0038set_0
@@ -23,19 +23,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-               flags interval
-               elements = { 192.168.4.0/24 }
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0
index 765507555814d42d24a2630c971953d3def27d20..3120e9162934030f72e321d4a586897c04275993 100755 (executable)
--- a/tests/shell/testcases/transactions/0039set_0
+++ b/tests/shell/testcases/transactions/0039set_0
@@ -23,19 +23,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-EXPECTED="table ip x {
-       set y {
-               type ipv4_addr
-               flags interval
-               elements = { 192.168.4.0/24 }
-       }
-}"
-
-GET="$($NFT list ruleset)"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0
index 241703d90340052d6fc717f4239ec0594dec85bd..0ffc4416a1a1c37e189dba0ab680d34dd18983d0 100755 (executable)
--- a/tests/shell/testcases/transactions/0040set_0
+++ b/tests/shell/testcases/transactions/0040set_0
@@ -51,26 +51,3 @@ if [ $? -ne 0 ] ; then
         echo "E: unable to load good ruleset" >&2
         exit 1
 fi
-
-GET="$($NFT list ruleset)"
-
-EXPECTED="table ip filter {
-       map client_to_any {
-               type ipv4_addr : verdict
-       }
-
-       chain FORWARD {
-               type filter hook forward priority 0; policy accept;
-               goto client_to_any
-       }
-
-       chain client_to_any {
-               ip saddr vmap @client_to_any
-       }
-}"
-
-if [ "$EXPECTED" != "$GET" ] ; then
-       DIFF="$(which diff)"
-       [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
-       exit 1
-fi

diff --git a/tests/shell/testcases/transactions/dumps/0001table_0.nft b/tests/shell/testcases/transactions/dumps/0001table_0.nft
new file mode 100644 (file)
index 0000000..e4e5f9b
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0001table_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+}
+table ip y {
+}

diff --git a/tests/shell/testcases/transactions/dumps/0002table_0.nft b/tests/shell/testcases/transactions/dumps/0002table_0.nft
new file mode 100644 (file)
index 0000000..6eb7072
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0002table_0.nft
@@ -0,0 +1,3 @@
+table ip x {
+       flags dormant
+}

diff --git a/tests/shell/testcases/transactions/dumps/0010chain_0.nft b/tests/shell/testcases/transactions/dumps/0010chain_0.nft
new file mode 100644 (file)
index 0000000..aa4a521
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0010chain_0.nft
@@ -0,0 +1,4 @@
+table ip w {
+       chain y {
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0011chain_0.nft b/tests/shell/testcases/transactions/dumps/0011chain_0.nft
new file mode 100644 (file)
index 0000000..02cdb23
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0011chain_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       chain y {
+               type filter hook input priority 0; policy drop;
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0012chain_0.nft b/tests/shell/testcases/transactions/dumps/0012chain_0.nft
new file mode 100644 (file)
index 0000000..1fddecb
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0012chain_0.nft
@@ -0,0 +1,5 @@
+table ip w {
+       chain y {
+               type filter hook output priority 0; policy accept;
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0013chain_0.nft b/tests/shell/testcases/transactions/dumps/0013chain_0.nft
new file mode 100644 (file)
index 0000000..1fddecb
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0013chain_0.nft
@@ -0,0 +1,5 @@
+table ip w {
+       chain y {
+               type filter hook output priority 0; policy accept;
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0021rule_0.nft b/tests/shell/testcases/transactions/dumps/0021rule_0.nft
new file mode 100644 (file)
index 0000000..a6c4130
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0021rule_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       chain y {
+               ip saddr 2.2.2.2 counter packets 0 bytes 0
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0030set_0.nft b/tests/shell/testcases/transactions/dumps/0030set_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0030set_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/transactions/dumps/0031set_0.nft b/tests/shell/testcases/transactions/dumps/0031set_0.nft
new file mode 100644 (file)
index 0000000..e3d4aee
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0031set_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       set y {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0032set_0.nft b/tests/shell/testcases/transactions/dumps/0032set_0.nft
new file mode 100644 (file)
index 0000000..7d11892
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0032set_0.nft
@@ -0,0 +1,5 @@
+table ip w {
+       set y {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0033set_0.nft b/tests/shell/testcases/transactions/dumps/0033set_0.nft
new file mode 100644 (file)
index 0000000..5d4d2ca
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0033set_0.nft
@@ -0,0 +1,2 @@
+table ip x {
+}

diff --git a/tests/shell/testcases/transactions/dumps/0034set_0.nft b/tests/shell/testcases/transactions/dumps/0034set_0.nft
new file mode 100644 (file)
index 0000000..e3d4aee
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0034set_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+       set y {
+               type ipv4_addr
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0035set_0.nft b/tests/shell/testcases/transactions/dumps/0035set_0.nft
new file mode 100644 (file)
index 0000000..e111494
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0035set_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+       set y {
+               type ipv4_addr
+               elements = { 3.3.3.3 }
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0037set_0.nft b/tests/shell/testcases/transactions/dumps/0037set_0.nft
new file mode 100644 (file)
index 0000000..ca69cee
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0037set_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+       set y {
+               type ipv4_addr
+               flags interval
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0038set_0.nft b/tests/shell/testcases/transactions/dumps/0038set_0.nft
new file mode 100644 (file)
index 0000000..651a11b
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0038set_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+       set y {
+               type ipv4_addr
+               flags interval
+               elements = { 192.168.4.0/24 }
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0039set_0.nft b/tests/shell/testcases/transactions/dumps/0039set_0.nft
new file mode 100644 (file)
index 0000000..651a11b
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0039set_0.nft
@@ -0,0 +1,7 @@
+table ip x {
+       set y {
+               type ipv4_addr
+               flags interval
+               elements = { 192.168.4.0/24 }
+       }
+}

diff --git a/tests/shell/testcases/transactions/dumps/0040set_0.nft b/tests/shell/testcases/transactions/dumps/0040set_0.nft
new file mode 100644 (file)
index 0000000..fe86405
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0040set_0.nft
@@ -0,0 +1,14 @@
+table ip filter {
+       map client_to_any {
+               type ipv4_addr : verdict
+       }
+
+       chain FORWARD {
+               type filter hook forward priority 0; policy accept;
+               goto client_to_any
+       }
+
+       chain client_to_any {
+               ip saddr vmap @client_to_any
+       }
+}