tests/shell: Extend rule_management/0001addposition_0

Combine it with 0002insertposition_0 due to the many similarities,
extend it to test 'handle' and 'index' parameters as well and rename the
testcase accordingly.

Also add a new 0002addinsertlocation_1 which tests that wrong argument
to all of the location parameters fails.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tests/shell/testcases/rule_management/0001addinsertposition_0 b/tests/shell/testcases/rule_management/0001addinsertposition_0
new file mode 100755 (executable)
index 0000000..bb3fda5
--- /dev/null
+++ b/tests/shell/testcases/rule_management/0001addinsertposition_0
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+# tests for Netfilter bug #965 and the related fix
+# (regarding rule management with a given position/handle spec)
+
+set -e
+
+RULESET="flush ruleset
+table ip t {
+       chain c {
+               accept
+               accept
+       }
+}"
+
+EXPECTED="table ip t {
+       chain c {
+               accept
+               drop
+               accept
+       }
+}"
+
+for arg in "position 2" "handle 2" "index 0"; do
+       $NFT -f - <<< "$RULESET"
+       $NFT add rule t c $arg drop || {
+               $NFT list ruleset
+               exit 1
+       }
+
+       GET="$($NFT list ruleset)"
+       if [ "$EXPECTED" != "$GET" ] ; then
+               DIFF="$(which diff)"
+               [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+               exit 1
+       fi
+done
+
+for arg in "position 3" "handle 3" "index 1"; do
+       $NFT -f - <<< "$RULESET"
+       $NFT insert rule t c $arg drop
+
+       GET="$($NFT list ruleset)"
+       if [ "$EXPECTED" != "$GET" ] ; then
+               DIFF="$(which diff)"
+               [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+               exit 1
+       fi
+done
+
+EXPECTED="table ip t {
+       chain c {
+               accept
+               accept
+               drop
+       }
+}"
+
+for arg in "position 3" "handle 3" "index 1"; do
+       $NFT -f - <<< "$RULESET"
+       $NFT add rule t c $arg drop
+
+       GET="$($NFT list ruleset)"
+       if [ "$EXPECTED" != "$GET" ] ; then
+               DIFF="$(which diff)"
+               [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+               exit 1
+       fi
+done
+
+EXPECTED="table ip t {
+       chain c {
+               drop
+               accept
+               accept
+       }
+}"
+
+for arg in "position 2" "handle 2" "index 0"; do
+       $NFT -f - <<< "$RULESET"
+       $NFT insert rule t c $arg drop
+
+       GET="$($NFT list ruleset)"
+       if [ "$EXPECTED" != "$GET" ] ; then
+               DIFF="$(which diff)"
+               [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+               exit 1
+       fi
+done

diff --git a/tests/shell/testcases/rule_management/0001addposition_0 b/tests/shell/testcases/rule_management/0001addposition_0
deleted file mode 100755 (executable)
index ee90d92..0000000
--- a/tests/shell/testcases/rule_management/0001addposition_0
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-# tests for Netfilter bug #965 and the related fix
-# (regarding rule management with a given position/handle spec)
-
-set -e
-$NFT add table t
-$NFT add chain t c
-$NFT add rule t c accept       # should have handle 2
-$NFT add rule t c accept       # should have handle 3
-$NFT add rule t c position 2 drop

diff --git a/tests/shell/testcases/rule_management/0002addinsertlocation_1 b/tests/shell/testcases/rule_management/0002addinsertlocation_1
new file mode 100755 (executable)
index 0000000..b48d3d6
--- /dev/null
+++ b/tests/shell/testcases/rule_management/0002addinsertlocation_1
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# test rule adding with invalid position/handle/index value
+
+RULESET="flush ruleset
+table ip t {
+       chain c {
+               accept
+               accept
+       }
+}"
+
+$NFT -f - <<< "$RULESET"
+
+for cmd in add insert; do
+       for keyword in position handle index; do
+               $NFT $cmd rule t c $keyword 5 drop 2>/dev/null || continue
+
+               echo "E: invalid $keyword value allowed in $cmd command" >&2
+               exit 0
+       done
+done
+exit 1

diff --git a/tests/shell/testcases/rule_management/0002insertposition_0 b/tests/shell/testcases/rule_management/0002insertposition_0
deleted file mode 100755 (executable)
index e9f886f..0000000
--- a/tests/shell/testcases/rule_management/0002insertposition_0
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-# tests for Netfilter bug #965 and the related fix
-# (regarding rule management with a given position/handle spec)
-
-set -e
-$NFT add table t
-$NFT add chain t c
-$NFT add rule t c accept       # should have handle 2
-$NFT add rule t c accept       # should have handle 3
-$NFT insert rule t c position 2 drop

diff --git a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft b/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
deleted file mode 100644 (file)
index e282e13..0000000
--- a/tests/shell/testcases/rule_management/dumps/0001addposition_0.nft
+++ /dev/null
@@ -1,7 +0,0 @@
-table ip t {
-       chain c {
-               accept
-               drop
-               accept
-       }
-}

diff --git a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft b/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
deleted file mode 100644 (file)
index 527d79d..0000000
--- a/tests/shell/testcases/rule_management/dumps/0002insertposition_0.nft
+++ /dev/null
@@ -1,7 +0,0 @@
-table ip t {
-       chain c {
-               drop
-               accept
-               accept
-       }
-}