tests: shell: permit use of host-endian constant values in set lookup keys

extend an existing test case with the afl input to cover in/output.

A new test case is added to test linearization, delinearization and
matching

Fixes: c0080feb0d03 ("evaluate: permit use of host-endian constant values in set lookup keys")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tests/shell/testcases/packetpath/dumps/set_lookups.nft b/tests/shell/testcases/packetpath/dumps/set_lookups.nft
new file mode 100644 (file)
index 0000000..7566f55
--- /dev/null
+++ b/tests/shell/testcases/packetpath/dumps/set_lookups.nft
@@ -0,0 +1,51 @@
+table ip t {
+       set s {
+               type ipv4_addr . iface_index
+               flags interval
+               elements = { 127.0.0.1 . "lo",
+                            127.0.0.2 . "lo" }
+       }
+
+       set s2 {
+               typeof ip saddr . iif
+               elements = { 127.0.0.1 . "lo",
+                            127.0.0.2 . "lo" }
+       }
+
+       set s3 {
+               type iface_index
+               elements = { "lo" }
+       }
+
+       set s4 {
+               type iface_index
+               flags interval
+               elements = { "lo" }
+       }
+
+       set nomatch {
+               typeof ip saddr . iif
+               elements = { 127.0.0.3 . "lo" }
+       }
+
+       set nomatch2 {
+               type ipv4_addr . iface_index
+               elements = { 127.0.0.2 . 90000 }
+       }
+
+       chain c {
+               type filter hook input priority filter; policy accept;
+               icmp type echo-request ip saddr . iif @s counter packets 1 bytes 84
+               icmp type echo-request ip saddr . "lo" @s counter packets 1 bytes 84
+               icmp type echo-request ip saddr . "lo" @s counter packets 1 bytes 84
+               icmp type echo-request ip saddr . iif @s2 counter packets 1 bytes 84
+               icmp type echo-request ip saddr . "lo" @s2 counter packets 1 bytes 84
+               icmp type echo-request ip saddr . "lo" @s2 counter packets 1 bytes 84
+               icmp type echo-request ip daddr . "lo" @s counter packets 1 bytes 84
+               icmp type echo-request ip daddr . "lo" @s2 counter packets 1 bytes 84
+               icmp type echo-request iif @s3 counter packets 1 bytes 84
+               icmp type echo-request iif @s4 counter packets 1 bytes 84
+               ip daddr . "lo" @nomatch counter packets 0 bytes 0 drop
+               ip daddr . iif @nomatch2 counter packets 0 bytes 0 drop
+       }
+}

diff --git a/tests/shell/testcases/packetpath/set_lookups b/tests/shell/testcases/packetpath/set_lookups
new file mode 100755 (executable)
index 0000000..84a0000
--- /dev/null
+++ b/tests/shell/testcases/packetpath/set_lookups
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -e
+
+$NFT -f /dev/stdin <<"EOF"
+table ip t {
+       set s {
+               type ipv4_addr . iface_index
+               flags interval
+               elements = { 127.0.0.1 . 1 }
+       }
+
+       set s2 {
+               typeof ip saddr . meta iif
+               elements = { 127.0.0.1 . 1 }
+       }
+
+       set s3 {
+               type iface_index
+               elements = { "lo" }
+       }
+
+       set s4 {
+               type iface_index
+               flags interval
+               elements = { "lo" }
+       }
+
+       set nomatch {
+               typeof ip saddr . meta iif
+               elements = { 127.0.0.3 . 1 }
+       }
+
+       set nomatch2 {
+               type ipv4_addr . iface_index
+               elements = { 127.0.0.2 . 90000 }
+       }
+
+       chain c {
+               type filter hook input priority filter;
+               icmp type echo-request ip saddr . meta iif @s counter
+               icmp type echo-request ip saddr . 1 @s counter
+               icmp type echo-request ip saddr . "lo" @s counter
+               icmp type echo-request ip saddr . meta iif @s2 counter
+               icmp type echo-request ip saddr . 1 @s2 counter
+               icmp type echo-request ip saddr . "lo" @s2 counter
+
+               icmp type echo-request ip daddr . "lo" @s counter
+               icmp type echo-request ip daddr . "lo" @s2 counter
+
+               icmp type echo-request meta iif @s3 counter
+               icmp type echo-request meta iif @s4 counter
+
+               ip daddr . 1 @nomatch counter drop
+               ip daddr . meta iif @nomatch2 counter drop
+       }
+}
+EOF
+
+$NFT add element t s { 127.0.0.2 . 1 }
+$NFT add element t s2 { 127.0.0.2 . "lo" }
+
+ip link set lo up
+ping -q -c 1 127.0.0.2 > /dev/null

diff --git a/tests/shell/testcases/sets/dumps/typeof_sets_concat.nft b/tests/shell/testcases/sets/dumps/typeof_sets_concat.nft
index dbaf7cdc2d7d770ee812df2ba1c4af9d97cb4f7d..348b58487d5c554e848edf95e9cb7f51f8f2f5ec 100644 (file)
--- a/tests/shell/testcases/sets/dumps/typeof_sets_concat.nft
+++ b/tests/shell/testcases/sets/dumps/typeof_sets_concat.nft
@@ -10,3 +10,14 @@ table netdev t {
                ether type != 8021q update @s { ether daddr . 123 timeout 1m } counter packets 0 bytes 0 return
        }
 }
+table ip t {
+       set s {
+               typeof ipsec in reqid . iif
+               size 16
+               flags interval
+       }
+
+       chain c2 {
+               ipsec in reqid . "lo" @s
+       }
+}