From: Florian Westphal Date: Sun, 29 Jun 2025 08:50:01 +0000 (+0200) Subject: tests: shell: add sets dumps X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8986c922c921d02a7e00f0df09ec14941526ffb;p=thirdparty%2Fnftables.git tests: shell: add sets dumps add nodump file for inerval_size_random test, it has no stable output. Signed-off-by: Florian Westphal --- diff --git a/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.json-nft b/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.json-nft new file mode 100644 index 00000000..422186ac --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.json-nft @@ -0,0 +1,316 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "nt", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "nt", + "name": "nc", + "handle": 0 + } + }, + { + "set": { + "family": "netdev", + "name": "vlanidset", + "table": "nt", + "type": { + "typeof": { + "payload": { + "protocol": "vlan", + "field": "id" + } + } + }, + "handle": 0, + "size": 1024, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "set": { + "family": "netdev", + "name": "macset", + "table": "nt", + "type": { + "typeof": { + "concat": [ + { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "vlan", + "field": "id" + } + } + ] + } + }, + "handle": 0, + "size": 1024, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "set": { + "family": "netdev", + "name": "ipset", + "table": "nt", + "type": { + "typeof": { + "concat": [ + { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + } + ] + } + }, + "handle": 0, + "size": 1024, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "nt", + "chain": "nc", + "handle": 0, + "expr": [ + { + "set": { + "op": "update", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "vlan", + "field": "id" + } + } + ] + }, + "timeout": 5 + } + }, + "set": "@macset" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "nt", + "chain": "nc", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "vlan", + "field": "id" + } + } + ] + }, + "right": "@macset" + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "nt", + "chain": "nc", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "vlan", + "field": "pcp" + } + }, + "right": 1 + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "nt", + "chain": "nc", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + "right": "0a:0b:0c:0d:0e:0f" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + "right": 42 + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "nt", + "chain": "nc", + "handle": 0, + "expr": [ + { + "set": { + "op": "update", + "elem": { + "elem": { + "val": { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + "timeout": 5 + } + }, + "set": "@vlanidset" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "nt", + "chain": "nc", + "handle": 0, + "expr": [ + { + "set": { + "op": "update", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + } + ] + }, + "timeout": 5 + } + }, + "set": "@ipset" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/concat_nlmsg_overrun.json-nft b/tests/shell/testcases/sets/dumps/concat_nlmsg_overrun.json-nft new file mode 100644 index 00000000..2a8d233e --- /dev/null +++ b/tests/shell/testcases/sets/dumps/concat_nlmsg_overrun.json-nft @@ -0,0 +1,46 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "test_set", + "table": "filter", + "type": [ + "iface_index", + "ether_addr", + "ipv4_addr" + ], + "handle": 0, + "flags": "interval", + "elem": [ + { + "elem": { + "val": { + "concat": [ + "lo", + "00:11:22:33:44:55", + "10.1.2.3" + ] + }, + "comment": "123456789012345678901234567890" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/elem_limit_0.json-nft b/tests/shell/testcases/sets/dumps/elem_limit_0.json-nft new file mode 100644 index 00000000..20e3ea01 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/elem_limit_0.json-nft @@ -0,0 +1,61 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "filter", + "handle": 0 + } + }, + { + "set": { + "family": "netdev", + "name": "test123", + "table": "filter", + "type": { + "typeof": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + } + }, + "handle": 0, + "elem": [ + { + "elem": { + "val": "1.2.3.4", + "limit": { + "rate": 1, + "burst": 0, + "per": "second", + "inv": true, + "rate_unit": "mbytes", + "burst_unit": "bytes" + } + } + } + ], + "stmt": [ + { + "limit": { + "rate": 1, + "burst": 0, + "per": "second", + "inv": true, + "rate_unit": "mbytes", + "burst_unit": "bytes" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/interval_size.json-nft b/tests/shell/testcases/sets/dumps/interval_size.json-nft new file mode 100644 index 00000000..96fc54fc --- /dev/null +++ b/tests/shell/testcases/sets/dumps/interval_size.json-nft @@ -0,0 +1,66 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "x", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "x", + "table": "x", + "type": { + "typeof": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + } + }, + "handle": 0, + "size": 1, + "flags": "interval", + "auto-merge": true, + "elem": [ + { + "prefix": { + "addr": "255.255.255.0", + "len": 24 + } + } + ] + } + }, + { + "set": { + "family": "inet", + "name": "y", + "table": "x", + "type": { + "typeof": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + } + }, + "handle": 0, + "size": 1, + "flags": "interval", + "elem": [ + "0.0.0.0" + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/interval_size.nft b/tests/shell/testcases/sets/dumps/interval_size.nft new file mode 100644 index 00000000..bd7fd73f --- /dev/null +++ b/tests/shell/testcases/sets/dumps/interval_size.nft @@ -0,0 +1,16 @@ +table inet x { + set x { + typeof ip saddr + size 1 # count 1 + flags interval + auto-merge + elements = { 255.255.255.0/24 } + } + + set y { + typeof ip saddr + size 1 # count 1 + flags interval + elements = { 0.0.0.0 } + } +} diff --git a/tests/shell/testcases/sets/dumps/interval_size_random.nodump b/tests/shell/testcases/sets/dumps/interval_size_random.nodump new file mode 100644 index 00000000..e69de29b diff --git a/tests/shell/testcases/sets/dumps/set_stmt.json-nft b/tests/shell/testcases/sets/dumps/set_stmt.json-nft new file mode 100644 index 00000000..644413bd --- /dev/null +++ b/tests/shell/testcases/sets/dumps/set_stmt.json-nft @@ -0,0 +1,439 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y0", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y2", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y3", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y4", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "y0", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + { + "elem": { + "val": "2.2.2.0", + "counter": { + "packets": 3, + "bytes": 4 + } + } + }, + { + "elem": { + "val": "3.3.3.0", + "counter": { + "packets": 1, + "bytes": 2 + } + } + }, + { + "elem": { + "val": "5.5.5.0", + "counter": { + "packets": 1, + "bytes": 2 + } + } + }, + { + "elem": { + "val": "6.6.6.0", + "counter": { + "packets": 3, + "bytes": 4 + } + } + } + ], + "stmt": [ + { + "counter": null + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "y1", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + { + "elem": { + "val": "2.2.2.1", + "limit": { + "rate": 5, + "burst": 5, + "per": "second" + } + } + }, + { + "elem": { + "val": "3.3.3.1", + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + } + }, + { + "elem": { + "val": "5.5.5.1", + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + } + }, + { + "elem": { + "val": "6.6.6.1", + "limit": { + "rate": 5, + "burst": 5, + "per": "second" + } + } + } + ], + "stmt": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "y2", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + { + "elem": { + "val": "2.2.2.2", + "ct count": { + "val": 5, + "inv": true + } + } + }, + { + "elem": { + "val": "3.3.3.2", + "ct count": { + "val": 2, + "inv": true + } + } + }, + { + "elem": { + "val": "5.5.5.2", + "ct count": { + "val": 2, + "inv": true + } + } + }, + { + "elem": { + "val": "6.6.6.2", + "ct count": { + "val": 5, + "inv": true + } + } + } + ], + "stmt": [ + { + "ct count": { + "val": 2, + "inv": true + } + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "y3", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + { + "elem": { + "val": "2.2.2.3", + "last": null + } + }, + { + "elem": { + "val": "3.3.3.3", + "last": null + } + }, + { + "elem": { + "val": "5.5.5.3", + "last": null + } + }, + { + "elem": { + "val": "6.6.6.3", + "last": null + } + } + ], + "stmt": [ + { + "last": null + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "y4", + "table": "x", + "type": "ipv4_addr", + "handle": 0, + "elem": [ + { + "elem": { + "val": "2.2.2.4", + "quota": { + "val": 30000, + "val_unit": "bytes", + "inv": true, + "used": 1000, + "used_unit": "bytes" + } + } + }, + { + "elem": { + "val": "3.3.3.4", + "quota": { + "val": 1000, + "val_unit": "bytes", + "inv": true + } + } + }, + { + "elem": { + "val": "5.5.5.4", + "quota": { + "val": 1000, + "val_unit": "bytes", + "inv": true + } + } + }, + { + "elem": { + "val": "6.6.6.4", + "quota": { + "val": 30000, + "val_unit": "bytes", + "inv": true, + "used": 1000, + "used_unit": "bytes" + } + } + } + ], + "stmt": [ + { + "quota": { + "val": 1000, + "val_unit": "bytes", + "inv": true + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y0", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "@y0" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y1", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "@y1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y2", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "@y2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y3", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "@y3" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "x", + "chain": "y4", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "@y4" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/typeof_raw_0.json-nft b/tests/shell/testcases/sets/dumps/typeof_raw_0.json-nft new file mode 100644 index 00000000..12cdad1f --- /dev/null +++ b/tests/shell/testcases/sets/dumps/typeof_raw_0.json-nft @@ -0,0 +1,148 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "t", + "name": "y", + "handle": 0 + } + }, + { + "set": { + "family": "inet", + "name": "y", + "table": "t", + "type": { + "typeof": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + { + "payload": { + "base": "ih", + "offset": 32, + "len": 32 + } + } + ] + } + }, + "handle": 0, + "elem": [ + { + "concat": [ + "1.1.1.1", + 20 + ] + }, + { + "concat": [ + "2.2.2.2", + 32 + ] + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "t", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "payload": { + "base": "nh", + "offset": 32, + "len": 32 + } + } + ] + }, + "right": { + "set": [ + { + "concat": [ + "1.1.1.1", + 20 + ] + }, + { + "concat": [ + "2.2.2.2", + 30 + ] + } + ] + } + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "t", + "chain": "y", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + { + "payload": { + "base": "nh", + "offset": 32, + "len": 32 + } + } + ] + }, + "right": "@y" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/typeof_sets_1.json-nft b/tests/shell/testcases/sets/dumps/typeof_sets_1.json-nft new file mode 100644 index 00000000..3dbb1797 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/typeof_sets_1.json-nft @@ -0,0 +1,193 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "bridge", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "bridge", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "bridge", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "set": { + "family": "bridge", + "name": "nodhcpvlan", + "table": "t", + "type": { + "typeof": { + "payload": { + "protocol": "vlan", + "field": "id" + } + } + }, + "handle": 0, + "elem": [ + 1 + ] + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + "right": "@nodhcpvlan" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "vlan", + "field": "type" + } + }, + "right": "arp" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + "right": "@nodhcpvlan" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "vlan", + "field": "type" + } + }, + "right": "ip" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + "right": { + "set": [ + 1, + 2 + ] + } + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "vlan", + "field": "type" + } + }, + "right": "ip6" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "c2" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/sets/dumps/typeof_sets_concat.json-nft b/tests/shell/testcases/sets/dumps/typeof_sets_concat.json-nft new file mode 100644 index 00000000..ffb97f77 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/typeof_sets_concat.json-nft @@ -0,0 +1,234 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "set": { + "family": "netdev", + "name": "s", + "table": "t", + "type": { + "typeof": { + "concat": [ + { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "vlan", + "field": "id" + } + } + ] + } + }, + "handle": 0, + "size": 2048, + "flags": [ + "timeout", + "dynamic" + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "ether", + "field": "type" + } + }, + "right": "8021q" + } + }, + { + "set": { + "op": "add", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + 0 + ] + }, + "timeout": 5 + } + }, + "set": "@s" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "return": null + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "ether", + "field": "type" + } + }, + "right": "8021q" + } + }, + { + "set": { + "op": "update", + "elem": { + "elem": { + "val": { + "concat": [ + { + "payload": { + "protocol": "ether", + "field": "daddr" + } + }, + 123 + ] + }, + "timeout": 60 + } + }, + "set": "@s" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "return": null + } + ] + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "s", + "table": "t", + "type": { + "typeof": { + "concat": [ + { + "ipsec": { + "key": "reqid", + "dir": "in", + "spnum": 0 + } + }, + { + "meta": { + "key": "iif" + } + } + ] + } + }, + "handle": 0, + "size": 16, + "flags": "interval" + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c2", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "ipsec": { + "key": "reqid", + "dir": "in", + "spnum": 0 + } + }, + "lo" + ] + }, + "right": "@s" + } + } + ] + } + } + ] +}