In my mechain, port 12345 is mapped to italk in /etc/services:
italk 12345/tcp # Italk Chat System
So when we add nft rule with udp port "12345", nft list ruleset
will displayed it as "italk", that cause the result is not same
with expected, then testcase fail.
Add "-nn" option when dump the rulesets from the kernel, make
testcases which using tcp/udp port more rubost.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
exit 1
fi
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
}
}"
-KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
+KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
$IP netns del $NETNS_NAME
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
exit 1
fi
- KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
+ KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset -nn)"
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2
DIFF="$(which diff)"
exit 1
fi
-KERNEL_RULESET="$($NFT list ruleset)"
+KERNEL_RULESET="$($NFT list ruleset -nn)"
if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
exit 1
fi
-KERNEL_RULESET="$($NFT list ruleset)"
+KERNEL_RULESET="$($NFT list ruleset -nn)"
if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
exit 1
fi
-KERNEL_RULESET="$($NFT list ruleset)"
+KERNEL_RULESET="$($NFT list ruleset -nn)"
if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
exit 1
fi
-KERNEL_RULESET="$($NFT list ruleset)"
+KERNEL_RULESET="$($NFT list ruleset -nn)"
if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
DIFF="$(which diff)"
projects / thirdparty / nftables.git / commitdiff
