From: Phil Sutter Date: Thu, 29 Jan 2026 18:23:35 +0000 (+0100) Subject: tests: shell: Review nft-only/0009-needless-bitwise_0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=412d5659d398e419f45ae490caba41e978483f95;p=thirdparty%2Fiptables.git tests: shell: Review nft-only/0009-needless-bitwise_0 - Avoid calling host's nft binary, use double-verbose mode with *tables tools instead - Update expected payloads to match new byteorder-aware libnftnl output - Drop '-x' flag from shell Signed-off-by: Phil Sutter --- diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 index bfceed49..a8068964 100755 --- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 +++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash [[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } set -e @@ -52,287 +52,287 @@ ff:00:00:00:00:00 echo "COMMIT" ) | $XT_MULTI ebtables-restore -EXPECT="ip filter OUTPUT 4 +EXPECT_IP4="ip filter OUTPUT 4 [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0302010a ] + [ cmp eq reg 1 0x0a010203 ] [ counter pkts 0 bytes 0 ] ip filter OUTPUT 5 4 [ payload load 4b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0302010a ] + [ cmp eq reg 1 0x0a010203 ] [ counter pkts 0 bytes 0 ] ip filter OUTPUT 6 5 [ payload load 4b @ network header + 16 => reg 1 ] - [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002010a ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0a010200 ] [ counter pkts 0 bytes 0 ] ip filter OUTPUT 7 6 [ payload load 3b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0002010a ] + [ cmp eq reg 1 0x0a0102 ] [ counter pkts 0 bytes 0 ] ip filter OUTPUT 8 7 [ payload load 2b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000010a ] + [ cmp eq reg 1 0x0a01 ] [ counter pkts 0 bytes 0 ] ip filter OUTPUT 9 8 [ payload load 1b @ network header + 16 => reg 1 ] - [ cmp eq reg 1 0x0000000a ] + [ cmp eq reg 1 0x0a ] [ counter pkts 0 bytes 0 ] ip filter OUTPUT 10 9 [ counter pkts 0 bytes 0 ] - -ip6 filter OUTPUT 4 +" +EXPECT_IP6="ip6 filter OUTPUT 4 [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x0a090807 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x03040506 0x0708090a ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 5 4 [ payload load 16b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x0a090807 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x03040506 0x0708090a ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 6 5 [ payload load 16b @ network header + 24 => reg 1 ] - [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xffffffff 0xffffffff 0xf0ffffff ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00090807 ] + [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xffffffff 0xffffffff 0xfffffff0 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x03040506 0x07080900 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 7 6 [ payload load 15b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00090807 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x03040506 0x070809 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 8 7 [ payload load 14b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00000807 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x03040506 0x0708 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 9 8 [ payload load 11b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x00050403 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x030405 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 10 9 [ payload load 10b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x00000403 ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 0x0304 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 11 10 [ payload load 8b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x020100ee ] + [ cmp eq reg 1 0xfeedc0ff 0xee000102 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 12 11 [ payload load 6b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0xffc0edfe 0x000000ee ] + [ cmp eq reg 1 0xfeedc0ff 0xee00 ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 13 12 [ payload load 2b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x0000edfe ] + [ cmp eq reg 1 0xfeed ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 14 13 [ payload load 1b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x000000fe ] + [ cmp eq reg 1 0xfe ] [ counter pkts 0 bytes 0 ] ip6 filter OUTPUT 15 14 [ counter pkts 0 bytes 0 ] - -arp filter OUTPUT 3 +" +EXPECT_ARP="arp filter OUTPUT 3 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 4b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x0302010a ] + [ cmp eq reg 1 0x0a010203 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 4 3 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 4b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x0302010a ] + [ cmp eq reg 1 0x0a010203 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 5 4 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 4b @ network header + 24 => reg 1 ] - [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ] - [ cmp eq reg 1 0x0002010a ] + [ bitwise reg 1 = ( reg 1 & 0xfffffffc ) ^ 0x00000000 ] + [ cmp eq reg 1 0x0a010200 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 6 5 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 3b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x0002010a ] + [ cmp eq reg 1 0x0a0102 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 7 6 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 2b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x0000010a ] + [ cmp eq reg 1 0x0a01 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 8 7 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 1b @ network header + 24 => reg 1 ] - [ cmp eq reg 1 0x0000000a ] + [ cmp eq reg 1 0x0a ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 9 8 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 10 9 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 6b @ network header + 18 => reg 1 ] - [ cmp eq reg 1 0xc000edfe 0x0000eeff ] + [ cmp eq reg 1 0xfeed00c0 0xffee ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 11 10 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 6b @ network header + 18 => reg 1 ] - [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ] - [ cmp eq reg 1 0xc000edfe 0x0000e0ff ] + [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xfff0 ) ^ 0x00000000 0x0000 ] + [ cmp eq reg 1 0xfeed00c0 0xffe0 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 12 11 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 5b @ network header + 18 => reg 1 ] - [ cmp eq reg 1 0xc000edfe 0x000000ff ] + [ cmp eq reg 1 0xfeed00c0 0xff ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 13 12 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 4b @ network header + 18 => reg 1 ] - [ cmp eq reg 1 0xc000edfe ] + [ cmp eq reg 1 0xfeed00c0 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 14 13 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 3b @ network header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000edfe ] + [ cmp eq reg 1 0xfeed00 ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 15 14 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 2b @ network header + 18 => reg 1 ] - [ cmp eq reg 1 0x0000edfe ] + [ cmp eq reg 1 0xfeed ] [ counter pkts 0 bytes 0 ] arp filter OUTPUT 16 15 [ payload load 2b @ network header + 0 => reg 1 ] - [ cmp eq reg 1 0x00000100 ] + [ cmp eq reg 1 0x0001 ] [ payload load 1b @ network header + 4 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] + [ cmp eq reg 1 0x06 ] [ payload load 1b @ network header + 5 => reg 1 ] - [ cmp eq reg 1 0x00000004 ] + [ cmp eq reg 1 0x04 ] [ payload load 1b @ network header + 18 => reg 1 ] - [ cmp eq reg 1 0x000000fe ] + [ cmp eq reg 1 0xfe ] [ counter pkts 0 bytes 0 ] - -bridge filter OUTPUT 4 +" +EXPECT_EBT="bridge filter OUTPUT 4 [ payload load 6b @ link header + 0 => reg 1 ] - [ cmp eq reg 1 0xc000edfe 0x0000eeff ] + [ cmp eq reg 1 0xfeed00c0 0xffee ] [ counter pkts 0 bytes 0 ] bridge filter OUTPUT 5 4 [ payload load 6b @ link header + 0 => reg 1 ] - [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ] - [ cmp eq reg 1 0xc000edfe 0x0000e0ff ] + [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xfff0 ) ^ 0x00000000 0x0000 ] + [ cmp eq reg 1 0xfeed00c0 0xffe0 ] [ counter pkts 0 bytes 0 ] bridge filter OUTPUT 6 5 [ payload load 5b @ link header + 0 => reg 1 ] - [ cmp eq reg 1 0xc000edfe 0x000000ff ] + [ cmp eq reg 1 0xfeed00c0 0xff ] [ counter pkts 0 bytes 0 ] bridge filter OUTPUT 7 6 [ payload load 4b @ link header + 0 => reg 1 ] - [ cmp eq reg 1 0xc000edfe ] + [ cmp eq reg 1 0xfeed00c0 ] [ counter pkts 0 bytes 0 ] bridge filter OUTPUT 8 7 [ payload load 3b @ link header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000edfe ] + [ cmp eq reg 1 0xfeed00 ] [ counter pkts 0 bytes 0 ] bridge filter OUTPUT 9 8 [ payload load 2b @ link header + 0 => reg 1 ] - [ cmp eq reg 1 0x0000edfe ] + [ cmp eq reg 1 0xfeed ] [ counter pkts 0 bytes 0 ] bridge filter OUTPUT 10 9 [ payload load 1b @ link header + 0 => reg 1 ] - [ cmp eq reg 1 0x000000fe ] + [ cmp eq reg 1 0xfe ] [ counter pkts 0 bytes 0 ] " @@ -340,7 +340,14 @@ bridge filter OUTPUT 10 9 # - lines with bytecode (starting with ' [') # - empty lines (so printed diff is not a complete mess) filter() { - awk '/^table /{exit} /^( \[|$)/{print}' + awk '/^(table|-P) /{exit} /^( \[|$)/{print}' } -diff -u -Z -B <(filter <<< "$EXPECT") <(nft --debug=netlink list ruleset | filter) +do_check() { # (expect, ipt) + diff -u -Z -B --label "$2 expected" --label "$2 got" \ + <(filter <<< "$1") <($XT_MULTI $2 -vvS | filter) +} +do_check "$EXPECT_IP4" iptables +do_check "$EXPECT_IP6" ip6tables +do_check "$EXPECT_ARP" arptables +do_check "$EXPECT_EBT" ebtables