From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 28 Jan 2026 02:12:19 +0000 (+0100)
Subject: tests: shell: add open interval overlap tests
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1097a785d26a86382a942f034bd89799af32f765;p=thirdparty%2Fnftables.git

tests: shell: add open interval overlap tests

Extend coverage with corner cases with open interval overlaps.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/tests/shell/testcases/maps/open-interval-anonymous_0 b/tests/shell/testcases/maps/open-interval-anonymous_0
new file mode 100755
index 00000000..0d7972ee
--- /dev/null
+++ b/tests/shell/testcases/maps/open-interval-anonymous_0
@@ -0,0 +1,33 @@
+#/bin/bash
+
+RULESET="table ip x {
+	chain y {
+		type filter hook output priority 0;
+	}
+}"
+
+$NFT -f - <<< $RULESET
+
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.255 : 1}
+[ $? -ne 0 ] && echo "failed to add rule with open interval" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.254 : 2}
+[ $? -ne 0 ] && echo "failed to add rule without open interval" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.1 : 1, 255.255.255.2-255.255.255.254 : 2}
+[ $? -ne 0 ] && echo "failed to add adjacent intervals" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.1 : 1, 255.255.255.2-255.255.255.255 : 2}
+[ $? -ne 0 ] && echo "failed to add adjacent intervals with open interval" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.2-255.255.255.255 : 1, 255.255.255.0-255.255.255.1 : 2}
+[ $? -ne 0 ] && echo "failed to add adjacent intervals with open interval (different order)" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.255 : 1, 255.255.255.0-255.255.255.254 : 2}
+[ $? -eq 0 ] && echo "unexpected open interval overlap with multiple intervals" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.254 : 1, 255.255.255.0-255.255.255.255 : 2}
+[ $? -eq 0 ] && echo "unexpected open interval overlap with multiple intervals (different order)" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.3 : 1, 255.255.255.0-255.255.255.2 : 2}
+[ $? -eq 0 ] && echo "unexpected overlapping interval on start" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.0-255.255.255.3 : 1, 255.255.255.1-255.255.255.3 : 2}
+[ $? -eq 0 ] && echo "unexpected overlapping interval on end" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.1-255.255.255.3 : 1, 255.255.255.0-255.255.255.4 : 2}
+[ $? -eq 0 ] && echo "unexpected overlapping interval" && exit 1
+$NFT add rule ip x y meta mark set ip saddr map { 255.255.255.1-255.255.255.5 : 1, 255.255.255.2-255.255.255.3 : 2}
+[ $? -eq 0 ] && echo "unexpected overlapping interval again" && exit 1
+exit 0
diff --git a/tests/shell/testcases/sets/open-interval_0 b/tests/shell/testcases/sets/open-interval_0
new file mode 100755
index 00000000..1be926ae
--- /dev/null
+++ b/tests/shell/testcases/sets/open-interval_0
@@ -0,0 +1,65 @@
+#/bin/bash
+
+RULESET="table ip x {
+	set y {
+		type ipv4_addr
+		flags interval
+		counter
+	}
+
+	chain y {
+		type filter hook output priority 0;
+		ip daddr @y
+	}
+}"
+
+$NFT -f - <<< $RULESET
+
+# validate same interval
+$NFT add element ip x y { 1.1.1.1-2.2.2.2, 3.3.3.3-4.4.4.4 }
+[ $? -ne 0 ] && echo "failed to add simple intervals" && exit 1
+$NFT add element ip x y { 1.1.1.1-4.4.4.4 }
+[ $? -eq 0 ] && echo "unexpected add simple interval" && exit 1
+$NFT delete element ip x y { 1.1.1.1-4.4.4.4 }
+[ $? -eq 0 ] && echo "unexpected delete simple interval" && exit 1
+$NFT add element ip x y { 1.1.1.1-2.2.2.2 }
+[ $? -ne 0 ] && echo "failed to re-add simple interval" && exit 1
+$NFT delete element ip x y { 1.1.1.1-2.2.2.2 }
+[ $? -ne 0 ] && echo "failed to delete simple interval" && exit 1
+$NFT add element ip x y { 1.1.1.1-2.2.2.2 }
+[ $? -ne 0 ] && echo "failed to add simple interval again" && exit 1
+
+# now validate open interval
+$NFT add element ip x y { 255.255.255.0-255.255.255.255 }
+[ $? -ne 0 ] && echo "failed to add open interval" && exit 1
+$NFT add element ip x y { 255.255.255.0-255.255.255.255 }
+[ $? -ne 0 ] && echo "failed to re-add open interval" && exit 1
+# try add overlap on open interval
+$NFT add element ip x y { 255.255.255.0-255.255.255.254 }
+[ $? -eq 0 ] && echo "unexpected open interval overlap" && exit 1
+# try add overlap on open interval in one command
+$NFT add element ip x y { 255.255.255.0-255.255.255.255, 255.255.255.0-255.255.255.254 }
+[ $? -eq 0 ] && echo "unexpected open interval overlap with multiple intervals" && exit 1
+$NFT add element ip x y { 255.255.255.0-255.255.255.254, 255.255.255.0-255.255.255.255 }
+[ $? -eq 0 ] && echo "unexpected open interval overlap with multiple intervals (different order)" && exit 1
+# try more overlaps on existing open interval
+$NFT add element ip x y { 255.255.255.1-255.255.255.255 }
+[ $? -eq 0 ] && echo "unexpected inner open interval overlap" && exit 1
+$NFT add element ip x y { 255.255.255.1-255.255.255.254 }
+[ $? -eq 0 ] && echo "unexpected inner interval overlap" && exit 1
+$NFT flush set ip x y
+$NFT add element ip x y { 255.255.255.0-255.255.255.254 }
+[ $? -ne 0 ] && echo "failed to add interval" && exit 1
+$NFT add element ip x y { 255.255.255.0-255.255.255.254 }
+[ $? -ne 0 ] && echo "failed to re-add interval" && exit 1
+# try open interval overlap on existing interval
+$NFT add element ip x y { 255.255.255.0-255.255.255.255 }
+[ $? -eq 0 ] && echo "unexpected open interval over interval" && exit 1
+# try open interval overlap on existing interval
+$NFT add element ip x y { 255.255.255.1-255.255.255.255 }
+[ $? -eq 0 ] && echo "unexpected inner open interval over interval" && exit 1
+$NFT add element ip x y { 255.255.255.0-255.255.255.254, 255.255.255.0-255.255.255.255 }
+[ $? -eq 0 ] && echo "unexpected inner open interval over with multiple intervals" && exit 1
+$NFT add element ip x y { 255.255.255.0-255.255.255.255, 255.255.255.0-255.255.255.254 }
+[ $? -eq 0 ] && echo "unexpected inner open interval over with multiple intervals (different order)" && exit 1
+exit 0