From: Florian Westphal Date: Sun, 7 Jun 2026 18:56:27 +0000 (+0200) Subject: tests: shell: add two missing dump files X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3003f3681287b86ccaf2dd7c39d28cd133ab7962;p=thirdparty%2Fnftables.git tests: shell: add two missing dump files tools/check-tree.sh reports: ERR: "tests/shell/testcases/parsing/exclusive_start_cond" has no "tests/shell/testcases/parsing/dumps/exclusive_start_cond.{nft,nodump}" file Dump files are useful to test the bison and json input parsers and because they can be used as inputs for nft-afl fuzzing. Signed-off-by: Florian Westphal --- diff --git a/tests/shell/testcases/parsing/dumps/exclusive_start_cond.json-nft b/tests/shell/testcases/parsing/dumps/exclusive_start_cond.json-nft new file mode 100644 index 00000000..b0fffef2 --- /dev/null +++ b/tests/shell/testcases/parsing/dumps/exclusive_start_cond.json-nft @@ -0,0 +1,2882 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "set": { + "family": "ip", + "name": "foo", + "table": "t", + "type": "ipv4_addr", + "handle": 0, + "size": 65535, + "flags": [ + "dynamic" + ] + } + }, + { + "flowtable": { + "family": "ip", + "name": "ft", + "table": "t", + "handle": 0, + "hook": "ingress", + "prio": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "continue": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "jump": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "goto": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "return": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "set": { + "op": "add", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@foo", + "stmt": [ + { + "counter": null + } + ] + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "day" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "quota": { + "val": 1, + "val_unit": "bytes" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "ct count": { + "val": 1 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "notrack": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "flow": { + "op": "add", + "flowtable": "@ft" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "mangle": { + "key": { + "meta": { + "key": "nftrace" + } + }, + "value": 1 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "log": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "reject": { + "type": "icmp", + "expr": "port-unreachable" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "snat": { + "addr": "0.0.0.1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "dnat": { + "addr": "0.0.0.1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "queue": { + "num": 1 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "mangle": { + "key": { + "ct": { + "key": "mark" + } + }, + "value": 1 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "masquerade": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "redirect": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "set": { + "op": "add", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "set": { + "op": "add", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "set": { + "op": "update", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "set": { + "op": "delete", + "elem": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "set": "@foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "synproxy": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "reset": { + "tcp option": { + "name": "timestamp" + } + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "version" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ether", + "field": "saddr" + } + }, + "right": "00:00:00:00:00:00" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "vlan", + "field": "id" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "0.0.0.0" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-reply" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "igmp", + "field": "type" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmpv6", + "field": "type" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ah", + "field": "spi" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "esp", + "field": "spi" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "comp", + "field": "cpi" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "udp", + "field": "sport" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "udplite", + "field": "sport" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "tcp", + "field": "sport" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "dccp", + "field": "sport" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "sctp", + "field": "sport" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "th", + "field": "sport" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "gre", + "field": "flags" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "tunnel": "gretap", + "protocol": "ip", + "field": "saddr" + } + }, + "right": "0.0.0.0" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "length" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "mark" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iif" + } + }, + "right": "0" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iiftype" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oif" + } + }, + "right": "0" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oiftype" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "skuid" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "skgid" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "rtclassid" + } + }, + "right": "cosmos" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "pkttype" + } + }, + "right": "host" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "cpu" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifgroup" + } + }, + "right": "default" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifgroup" + } + }, + "right": "default" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "cgroup" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "ipsec" + } + }, + "right": false + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "time" + } + }, + "right": "1970-01-01 01:00:00" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "day" + } + }, + "right": "Sunday" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "hour" + } + }, + "right": "02:00" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "socket": { + "key": "mark" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "numgen": { + "mode": "inc", + "mod": 3, + "offset": 0 + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "jhash": { + "mod": 3, + "seed": 1, + "expr": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + } + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "symhash": { + "mod": 3 + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "fib": { + "result": "oif", + "flags": [ + "daddr", + "iif" + ] + } + }, + "right": true + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "osf": { + "key": "name" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "ipsec": { + "key": "spi", + "dir": "in", + "spnum": 0 + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "tproxy": { + "addr": "0.0.0.1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "udp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "tunnel": "vxlan", + "protocol": "vxlan", + "field": "vni" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "udp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "tunnel": "geneve", + "protocol": "geneve", + "field": "vni" + } + }, + "right": 0 + } + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip6", + "field": "saddr" + } + }, + "right": "::" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "hbh", + "field": "nexthdr" + } + }, + "right": "ip" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "rt", + "field": "nexthdr" + } + }, + "right": "ip" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "srh", + "field": "last-entry" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "srh", + "field": "sid[1]" + } + }, + "right": "::" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "srh", + "field": "tag" + } + }, + "right": 0 + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "frag", + "field": "nexthdr" + } + }, + "right": "ip" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "dst", + "field": "nexthdr" + } + }, + "right": "ip" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "mh", + "field": "nexthdr" + } + }, + "right": "ip" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "exthdr": { + "name": "hbh" + } + }, + "right": false + } + } + ] + } + }, + { + "table": { + "family": "arp", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "arp", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "rule": { + "family": "arp", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "arp", + "field": "htype" + } + }, + "right": 0 + } + } + ] + } + }, + { + "table": { + "family": "bridge", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "bridge", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "ibrname" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "ibrname" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "obrname" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "rule": { + "family": "bridge", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "obrname" + } + }, + "right": "foo" + } + } + ] + } + }, + { + "table": { + "family": "netdev", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "t", + "name": "c", + "handle": 0 + } + }, + { + "rule": { + "family": "netdev", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "dup": { + "addr": "lo" + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "fwd": { + "dev": "lo" + } + } + ] + } + }, + { + "rule": { + "family": "netdev", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "l4proto" + } + }, + "right": "tcp" + } + }, + { + "limit": { + "rate": 1, + "burst": 5, + "per": "second" + } + }, + { + "match": { + "op": "==", + "left": { + "tunnel": { + "key": "id" + } + }, + "right": 0 + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/parsing/dumps/exclusive_start_cond.nft b/tests/shell/testcases/parsing/dumps/exclusive_start_cond.nft new file mode 100644 index 00000000..5cd2d1b3 --- /dev/null +++ b/tests/shell/testcases/parsing/dumps/exclusive_start_cond.nft @@ -0,0 +1,127 @@ +table ip t { + set foo { + type ipv4_addr + size 65535 + flags dynamic + } + + flowtable ft { + hook ingress priority filter + } + + chain c { + limit rate 1/second burst 5 packets accept + limit rate 1/second burst 5 packets drop + limit rate 1/second burst 5 packets continue + limit rate 1/second burst 5 packets jump c2 + limit rate 1/second burst 5 packets goto c2 + limit rate 1/second burst 5 packets return + limit rate 1/second burst 5 packets add @foo { ip saddr counter } + limit rate 1/second burst 5 packets counter packets 0 bytes 0 + limit rate 1/second burst 5 packets limit rate 1/day burst 5 packets + limit rate 1/second burst 5 packets quota 1 bytes + limit rate 1/second burst 5 packets ct count 1 + limit rate 1/second burst 5 packets notrack + limit rate 1/second burst 5 packets flow add @ft + limit rate 1/second burst 5 packets meta nftrace set 1 + limit rate 1/second burst 5 packets log + limit rate 1/second burst 5 packets reject + limit rate 1/second burst 5 packets snat to 0.0.0.1 + limit rate 1/second burst 5 packets dnat to 0.0.0.1 + limit rate 1/second burst 5 packets queue to 1 + limit rate 1/second burst 5 packets ct mark set 0x00000001 + limit rate 1/second burst 5 packets masquerade + limit rate 1/second burst 5 packets redirect + limit rate 1/second burst 5 packets add @foo { ip saddr } + limit rate 1/second burst 5 packets add @foo { ip saddr } + limit rate 1/second burst 5 packets update @foo { ip saddr } + limit rate 1/second burst 5 packets delete @foo { ip saddr } + limit rate 1/second burst 5 packets synproxy + limit rate 1/second burst 5 packets reset tcp option timestamp + limit rate 1/second burst 5 packets ip version 0 + limit rate 1/second burst 5 packets ether saddr 00:00:00:00:00:00 + limit rate 1/second burst 5 packets vlan id 0 + limit rate 1/second burst 5 packets ip saddr 0.0.0.0 + limit rate 1/second burst 5 packets icmp type echo-reply + limit rate 1/second burst 5 packets igmp type 0 + limit rate 1/second burst 5 packets icmpv6 type 0 + limit rate 1/second burst 5 packets ah spi 0 + limit rate 1/second burst 5 packets esp spi 0 + limit rate 1/second burst 5 packets comp cpi 0 + limit rate 1/second burst 5 packets udp sport 0 + limit rate 1/second burst 5 packets udplite sport 0 + limit rate 1/second burst 5 packets tcp sport 0 + limit rate 1/second burst 5 packets dccp sport 0 + limit rate 1/second burst 5 packets sctp sport 0 + limit rate 1/second burst 5 packets th sport 0 + limit rate 1/second burst 5 packets gre flags 0 + limit rate 1/second burst 5 packets gretap ip saddr 0.0.0.0 + limit rate 1/second burst 5 packets meta length 0 + limit rate 1/second burst 5 packets meta mark 0x00000000 + limit rate 1/second burst 5 packets iif 0 + limit rate 1/second burst 5 packets iifname "foo" + limit rate 1/second burst 5 packets meta iiftype 0 + limit rate 1/second burst 5 packets oif 0 + limit rate 1/second burst 5 packets oifname "foo" + limit rate 1/second burst 5 packets meta oiftype 0 + limit rate 1/second burst 5 packets meta skuid 0 + limit rate 1/second burst 5 packets meta skgid 0 + limit rate 1/second burst 5 packets meta rtclassid "cosmos" + limit rate 1/second burst 5 packets meta pkttype host + limit rate 1/second burst 5 packets meta cpu 0 + limit rate 1/second burst 5 packets iifgroup "default" + limit rate 1/second burst 5 packets oifgroup "default" + limit rate 1/second burst 5 packets meta cgroup 0 + limit rate 1/second burst 5 packets meta ipsec missing + limit rate 1/second burst 5 packets meta time "1970-01-01 01:00:00" + limit rate 1/second burst 5 packets meta day "Sunday" + limit rate 1/second burst 5 packets meta hour "02:00" + limit rate 1/second burst 5 packets socket mark 0x00000000 + limit rate 1/second burst 5 packets numgen inc mod 3 0 + limit rate 1/second burst 5 packets jhash ip saddr mod 3 seed 0x1 0 + limit rate 1/second burst 5 packets symhash mod 3 0 + limit rate 1/second burst 5 packets fib daddr . iif check exists + limit rate 1/second burst 5 packets osf name "foo" + limit rate 1/second burst 5 packets ipsec in spi 0 + meta l4proto tcp limit rate 1/second burst 5 packets tproxy to 0.0.0.1 + meta l4proto udp limit rate 1/second burst 5 packets vxlan vni 0 + meta l4proto udp limit rate 1/second burst 5 packets geneve vni 0 + } + + chain c2 { + } +} +table ip6 t { + chain c { + meta l4proto tcp limit rate 1/second burst 5 packets ip6 saddr :: + meta l4proto tcp limit rate 1/second burst 5 packets hbh nexthdr ip + meta l4proto tcp limit rate 1/second burst 5 packets rt nexthdr ip + meta l4proto tcp limit rate 1/second burst 5 packets srh last-entry 0 + meta l4proto tcp limit rate 1/second burst 5 packets srh sid[1] :: + meta l4proto tcp limit rate 1/second burst 5 packets srh tag 0 + meta l4proto tcp limit rate 1/second burst 5 packets frag nexthdr ip + meta l4proto tcp limit rate 1/second burst 5 packets dst nexthdr ip + meta l4proto tcp limit rate 1/second burst 5 packets mh nexthdr ip + meta l4proto tcp limit rate 1/second burst 5 packets exthdr hbh missing + } +} +table arp t { + chain c { + meta l4proto tcp limit rate 1/second burst 5 packets arp htype 0 + } +} +table bridge t { + chain c { + meta l4proto tcp limit rate 1/second burst 5 packets meta ibrname "foo" + meta l4proto tcp limit rate 1/second burst 5 packets meta ibrname "foo" + meta l4proto tcp limit rate 1/second burst 5 packets meta obrname "foo" + meta l4proto tcp limit rate 1/second burst 5 packets meta obrname "foo" + } +} +table netdev t { + chain c { + meta l4proto tcp limit rate 1/second burst 5 packets dup to "lo" + meta l4proto tcp limit rate 1/second burst 5 packets fwd to "lo" + meta l4proto tcp limit rate 1/second burst 5 packets tunnel id 0 + } +} diff --git a/tests/shell/testcases/parsing/exclusive_start_cond b/tests/shell/testcases/parsing/exclusive_start_cond index 12375af4..9ad22767 100755 --- a/tests/shell/testcases/parsing/exclusive_start_cond +++ b/tests/shell/testcases/parsing/exclusive_start_cond @@ -164,5 +164,11 @@ for stmt in "${netdev_stmts[@]}"; do RC=1 } done + +# Delete the 'last' rule, because it has variable output ('last used 997ms') that breaks +# dump-compare. +HANDLE=$($NFT --handle list table ip t | grep last | cut -d \# -f 2) +$NFT "delete rule ip t c $HANDLE" || RC=2 + exit $RC