diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
| commit | 971e619d8602fa52b1bfcb3ea65b7ab96be85318 (patch) | |
| tree | 26feb2498c72b796e07b86349d17f544046de279 /tests/shell/testcases/include | |
| parent | Initial commit. (diff) | |
| download | nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.tar.xz nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.zip | |
Adding upstream version 1.0.9.upstream/1.0.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/shell/testcases/include')
42 files changed, 808 insertions, 0 deletions
diff --git a/tests/shell/testcases/include/0001absolute_0 b/tests/shell/testcases/include/0001absolute_0 new file mode 100755 index 0000000..4ad874f --- /dev/null +++ b/tests/shell/testcases/include/0001absolute_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile1 $tmpfile2" EXIT # cleanup if aborted + +RULESET1="add table x" +RULESET2="include \"$tmpfile1\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 + +$NFT -f $tmpfile2 +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0002relative_0 b/tests/shell/testcases/include/0002relative_0 new file mode 100755 index 0000000..a91cd8f --- /dev/null +++ b/tests/shell/testcases/include/0002relative_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e + +tmpfile1=$(mktemp -p .) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp -p .) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile1 $tmpfile2" EXIT # cleanup if aborted + +RULESET1="add table x" +RULESET2="include \"$tmpfile1\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 + +$NFT -f $tmpfile2 +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0003includepath_0 b/tests/shell/testcases/include/0003includepath_0 new file mode 100755 index 0000000..20037a8 --- /dev/null +++ b/tests/shell/testcases/include/0003includepath_0 @@ -0,0 +1,31 @@ +#!/bin/bash + +set -e + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile3="$(basename "$tmpfile1")" + +tmpfile2=$(mktemp) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile1 $tmpfile2" EXIT # cleanup if aborted + +RULESET1="add table x" +RULESET2="include \"$tmpfile3\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 + +$NFT -I "$(dirname "$tmpfile1")" -f $tmpfile2 +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0004endlessloop_1 b/tests/shell/testcases/include/0004endlessloop_1 new file mode 100755 index 0000000..3e6789d --- /dev/null +++ b/tests/shell/testcases/include/0004endlessloop_1 @@ -0,0 +1,19 @@ +#!/bin/bash + +set -e + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile" EXIT # cleanup if aborted + +RULESET="include \"$tmpfile\"" + +echo "$RULESET" > $tmpfile + +$NFT -f $tmpfile 2>/dev/null || exit 0 +echo "E: endless include loop" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0005glob_empty_0 b/tests/shell/testcases/include/0005glob_empty_0 new file mode 100755 index 0000000..0743d0d --- /dev/null +++ b/tests/shell/testcases/include/0005glob_empty_0 @@ -0,0 +1,31 @@ +#!/bin/bash + +# Including files in an empty directory must not fail. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 && rmdir $tmpdir" EXIT + +RULESET1="include \"$tmpdir/*\"" + +echo "$RULESET1" > $tmpfile1 + +$NFT -f $tmpfile1 + +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0006glob_single_0 b/tests/shell/testcases/include/0006glob_single_0 new file mode 100755 index 0000000..754db6f --- /dev/null +++ b/tests/shell/testcases/include/0006glob_single_0 @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1=$(mktemp -p $tmpdir) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 $tmpfile2 && rmdir $tmpdir" EXIT + +RULESET1="add table x" +RULESET2="include \"$tmpdir/*\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 + +$NFT -f $tmpfile2 +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0007glob_double_0 b/tests/shell/testcases/include/0007glob_double_0 new file mode 100755 index 0000000..00c3efc --- /dev/null +++ b/tests/shell/testcases/include/0007glob_double_0 @@ -0,0 +1,33 @@ +#!/bin/bash + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpdir $tmpfile" EXIT + +RULESET1="add table x" +RULESET2="add table y" +RULESET3="include \"$tmpdir/*\"" + +echo "$RULESET1" > $tmpdir/table_x +echo "$RULESET2" > $tmpdir/table_y +echo "$RULESET3" > $tmpfile + +$NFT -f $tmpfile + +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0008glob_nofile_wildcard_0 b/tests/shell/testcases/include/0008glob_nofile_wildcard_0 new file mode 100755 index 0000000..f9c0aa1 --- /dev/null +++ b/tests/shell/testcases/include/0008glob_nofile_wildcard_0 @@ -0,0 +1,33 @@ +#!/bin/bash + +# When using wildcards, not having any match is not an error. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +# remove the directory +rmdir $tmpdir + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1" EXIT + +RULESET1="include \"$tmpdir/non_existent_file*.nft\"" + +echo "$RULESET1" > $tmpfile1 + +$NFT -f $tmpfile1 +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0009glob_nofile_1 b/tests/shell/testcases/include/0009glob_nofile_1 new file mode 100755 index 0000000..d769155 --- /dev/null +++ b/tests/shell/testcases/include/0009glob_nofile_1 @@ -0,0 +1,31 @@ +#!/bin/bash + +# When not using wildcards, not having any match is an error. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +# remove the directory +rmdir $tmpdir + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1" EXIT + +RULESET1="include \"$tmpdir/non_existent_file.nft\"" + +echo "$RULESET1" > $tmpfile1 + +$NFT -f $tmpfile1 || exit 0 +echo "E: Failed to catch a missing include directory/file" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0010glob_broken_file_1 b/tests/shell/testcases/include/0010glob_broken_file_1 new file mode 100755 index 0000000..a00babf --- /dev/null +++ b/tests/shell/testcases/include/0010glob_broken_file_1 @@ -0,0 +1,46 @@ +#!/bin/bash + +# Loading broken files must fail. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1=$(mktemp -p $tmpdir) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp -p $tmpdir) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile3=$(mktemp) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 $tmpfile2 $tmpfile3 && rmdir $tmpdir" EXIT + +RULESET1="add table x" + +# do an error in a file +RULESET2="intentionally broken file" +RULESET3="include \"$tmpdir/*\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 +echo "$RULESET3" > $tmpfile3 + +$NFT -f $tmpfile3 || exit 0 +echo "E: didn't catch a broken file in directory" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0011glob_dependency_0 b/tests/shell/testcases/include/0011glob_dependency_0 new file mode 100755 index 0000000..8786850 --- /dev/null +++ b/tests/shell/testcases/include/0011glob_dependency_0 @@ -0,0 +1,50 @@ +#!/bin/bash + +# Files are included in alphabetical order. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1="$tmpdir/01_file.nft" +touch $tmpfile1 +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2="$tmpdir/02_file.nft" +touch $tmpfile2 +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile3=$(mktemp) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 $tmpfile2 $tmpfile3 && rmdir $tmpdir" EXIT + +# add interdependent rulesets +RULESET1="add table x" +RULESET2="add chain x y" +RULESET3="include \"$tmpdir/*\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 +echo "$RULESET3" > $tmpfile3 + +$NFT -f $tmpfile3 + +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0012glob_dependency_1 b/tests/shell/testcases/include/0012glob_dependency_1 new file mode 100755 index 0000000..e4e12e2 --- /dev/null +++ b/tests/shell/testcases/include/0012glob_dependency_1 @@ -0,0 +1,49 @@ +#!/bin/bash + +# Files are included in alphabetical order. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1="$tmpdir/01_file.nft" +touch $tmpfile1 +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2="$tmpdir/02_file.nft" +touch $tmpfile2 +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile3=$(mktemp) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 $tmpfile2 $tmpfile3 && rmdir $tmpdir" EXIT + +# add interdependent rulesets +RULESET1="add table x" +RULESET2="add chain x y" +RULESET3="include \"$tmpdir/*\"" + +# Note different order when compared with 0011dir_dependency_0. The idea +# here is to introduce wrong order to get the loading fail. +echo "$RULESET1" > $tmpfile2 +echo "$RULESET2" > $tmpfile1 +echo "$RULESET3" > $tmpfile3 + +$NFT -f $tmpfile3 || exit 0 +echo "E: did not catch wrong file order in include directory" >&2 +exit 1 diff --git a/tests/shell/testcases/include/0013glob_dotfile_0 b/tests/shell/testcases/include/0013glob_dotfile_0 new file mode 100755 index 0000000..36cfe1c --- /dev/null +++ b/tests/shell/testcases/include/0013glob_dotfile_0 @@ -0,0 +1,49 @@ +#!/bin/bash + +# Must not load a dot file in globbed directory. + +set -e + +tmpdir=$(mktemp -d) +if [ ! -d $tmpdir ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1=$(mktemp -p $tmpdir) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp -p $tmpdir ".XXXXXXXX") +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile3=$(mktemp) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 $tmpfile2 $tmpfile3 && rmdir $tmpdir" EXIT + +RULESET1="add table x" + +# an error in a dot file +RULESET2="intentionally broken file" +RULESET3="include \"$tmpdir/*\"" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 +echo "$RULESET3" > $tmpfile3 + +$NFT -f $tmpfile3 + +if [ $? -ne 0 ] ; then + echo "E: tried to load a .dot file" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0013input_descriptors_included_files_0 b/tests/shell/testcases/include/0013input_descriptors_included_files_0 new file mode 100755 index 0000000..03de50b --- /dev/null +++ b/tests/shell/testcases/include/0013input_descriptors_included_files_0 @@ -0,0 +1,52 @@ +#!/bin/bash + +# This test the changes made in commit id "b14572f72aac". +# When the commit was not applied, nft pointed to wrong files name. +# As the commit only fixes the error messages and hence does not change the +# return value so, we need to compare the "file name" in the error message +# instead of return value of nft. + + +tmpfile1=$(mktemp -p .) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp -p .) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile3=$(mktemp -p .) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile4=$(mktemp -p .) +if [ ! -w $tmpfile4 ]; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile1 $tmpfile2 $tmpfile3 $tmpfile4" EXIT # cleanup if aborted + +RULESET1="include \"$tmpfile2\"" +RULESET2="include \"$tmpfile3\"" +RULESET3="add rule x y anything everything" # wrong nft syntax + + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" >> $tmpfile1 +echo "$RULESET3" > $tmpfile2 + +$NFT -f $tmpfile1 2> $tmpfile4 + +var=$(awk -F: '$4==" Error"{print $1;exit;}' $tmpfile4) + +if [ $var == "$tmpfile3" ]; then + echo "E: Test failed" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0014glob_directory_0 b/tests/shell/testcases/include/0014glob_directory_0 new file mode 100755 index 0000000..9a2443a --- /dev/null +++ b/tests/shell/testcases/include/0014glob_directory_0 @@ -0,0 +1,43 @@ +#!/bin/bash + +# Must not be confused in matched subdirectories. + +set -e + +tmpdir1=$(mktemp -d) +if [ ! -d $tmpdir1 ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1=$(mktemp -p $tmpdir1) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpdir2=$(mktemp -p $tmpdir1 -d) +if [ ! -w $tmpdir2 ] ; then + echo "Failed to create the second tmp directory" >&2 + exit 0 +fi + +tmpdir3=$(mktemp -p $tmpdir2 -d) +if [ ! -w $tmpdir3 ] ; then + echo "Failed to create the third tmp directory" >&2 + exit 0 +fi + +# cleanup if aborted +trap "rm -rf $tmpfile1 && rmdir $tmpdir3 && rmdir $tmpdir2 && rmdir $tmpdir1" EXIT + +RULESET1="include \"$tmpdir2/*\"" + +echo "$RULESET1" > $tmpfile1 + +$NFT -f $tmpfile1 + +if [ $? -ne 0 ] ; then + echo "E: tried to include a matched directory" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0015doubleincludepath_0 b/tests/shell/testcases/include/0015doubleincludepath_0 new file mode 100755 index 0000000..db70346 --- /dev/null +++ b/tests/shell/testcases/include/0015doubleincludepath_0 @@ -0,0 +1,52 @@ +#!/bin/bash + +set -e + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpdir1=$(mktemp -d) +if [ ! -d $tmpdir1 ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpdir2=$(mktemp -d) +if [ ! -d $tmpdir2 ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfile1=$(mktemp -p $tmpdir1) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpfile2=$(mktemp -p $tmpdir2) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpdfile $tmpfile1 $tmpfile2 && rmdir $tmpdir1 && rmdir $tmpdir2" EXIT # cleanup if aborted + +RULESET1="add table x" +RULESET2="add chain x y" +RULESET3=" \ +include \"$(basename $tmpfile1)\" +include \"$(basename $tmpfile2)\" +" + +echo "$RULESET1" > $tmpfile1 +echo "$RULESET2" > $tmpfile2 +echo "$RULESET3" > $tmpfile + +$NFT -I $tmpdir1 -I $tmpdir2 -f $tmpfile +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0016maxdepth_0 b/tests/shell/testcases/include/0016maxdepth_0 new file mode 100755 index 0000000..89eb13c --- /dev/null +++ b/tests/shell/testcases/include/0016maxdepth_0 @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +tmpfile=$(mktemp) + +echo 'include "/tmp/rules.nft"' > $tmpfile +$NFT -f $tmpfile || exit 0 diff --git a/tests/shell/testcases/include/0017glob_more_than_maxdepth_1 b/tests/shell/testcases/include/0017glob_more_than_maxdepth_1 new file mode 100755 index 0000000..6499bcc --- /dev/null +++ b/tests/shell/testcases/include/0017glob_more_than_maxdepth_1 @@ -0,0 +1,39 @@ +#!/bin/bash + +set -e + +tmpfile=$(mktemp) +if [ ! -w $tmpfile ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +tmpdir1=$(mktemp -d) +if [ ! -d $tmpdir1 ] ; then + echo "Failed to create tmp directory" >&2 + exit 0 +fi + +tmpfiles="" +for i in `seq -w 1 32`; do + tmpfile2=$(mktemp -p $tmpdir1) + if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 + fi + tmpfiles="$tmpfiles $tmpfile2" +done + +trap "rm -rf $tmpfile $tmpfiles && rmdir $tmpdir1" EXIT # cleanup if aborted + +RULESET=" \ +include \"$tmpdir1/*\" +" + +echo "$RULESET" > $tmpfile + +$NFT -f $tmpfile +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi diff --git a/tests/shell/testcases/include/0018include_error_0 b/tests/shell/testcases/include/0018include_error_0 new file mode 100755 index 0000000..ae2dba3 --- /dev/null +++ b/tests/shell/testcases/include/0018include_error_0 @@ -0,0 +1,34 @@ +#!/bin/bash + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +touch $tmpfile1 + +RULESET="include \"$tmpfile1\" +) +" + +tmpfile2=$(mktemp) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +tmpfile3=$(mktemp) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +echo "/dev/stdin:2:1-1: Error: syntax error, unexpected ')' +) +^" > $tmpfile3 + +$NFT -I/tmp/ -f - <<< "$RULESET" 2> $tmpfile2 +$DIFF -u $tmpfile2 $tmpfile3 + +rm $tmpfile1 $tmpfile2 $tmpfile3 diff --git a/tests/shell/testcases/include/0019include_error_0 b/tests/shell/testcases/include/0019include_error_0 new file mode 100755 index 0000000..4b84a57 --- /dev/null +++ b/tests/shell/testcases/include/0019include_error_0 @@ -0,0 +1,63 @@ +#!/bin/bash + +tmpfile1=$(mktemp) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +tmpfile2=$(mktemp) +if [ ! -w $tmpfile2 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +echo "(" >> $tmpfile2 + +tmpdir=$(mktemp -d) + +echo "include \"$tmpfile2\" +include \"$tmpdir/*.nft\" +x" > $tmpfile1 + +echo "=" > $tmpdir/1.nft +echo ")" > $tmpdir/2.nft +echo "-" > $tmpdir/3.nft + +tmpfile3=$(mktemp) +if [ ! -w $tmpfile3 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +echo "In file included from $tmpfile1:1:1-30: +$tmpfile2:1:1-1: Error: syntax error, unexpected '(' +( +^ +In file included from $tmpfile1:2:1-36: +$tmpdir/1.nft:1:1-1: Error: syntax error, unexpected '=' += +^ +In file included from $tmpfile1:2:1-36: +$tmpdir/2.nft:1:1-1: Error: syntax error, unexpected ')' +) +^ +In file included from $tmpfile1:2:1-36: +$tmpdir/3.nft:1:1-1: Error: syntax error, unexpected - +- +^ +$tmpfile1:3:2-2: Error: syntax error, unexpected newline, expecting string +x + ^" > $tmpfile3 + +tmpfile4=$(mktemp) +if [ ! -w $tmpfile4 ] ; then + echo "Failed to create tmp file" >&2 + exit 1 +fi + +$NFT -I/tmp/ -f $tmpfile1 2> $tmpfile4 +$DIFF -u $tmpfile3 $tmpfile4 + +rm $tmpfile1 $tmpfile2 $tmpfile3 $tmpfile4 +rm -r $tmpdir diff --git a/tests/shell/testcases/include/0020include_chain_0 b/tests/shell/testcases/include/0020include_chain_0 new file mode 100755 index 0000000..8f78e8c --- /dev/null +++ b/tests/shell/testcases/include/0020include_chain_0 @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e + +tmpfile1=$(mktemp -p .) +if [ ! -w $tmpfile1 ] ; then + echo "Failed to create tmp file" >&2 + exit 0 +fi + +trap "rm -rf $tmpfile1" EXIT # cleanup if aborted + +RULESET="table inet filter { } +include \"$tmpfile1\"" + +RULESET2="chain inet filter input2 { + type filter hook input priority filter; policy accept; + ip saddr 1.2.3.4 tcp dport { 22, 443, 123 } drop +}" + +echo "$RULESET2" > $tmpfile1 + +$NFT -o -f - <<< $RULESET diff --git a/tests/shell/testcases/include/dumps/0001absolute_0.nft b/tests/shell/testcases/include/dumps/0001absolute_0.nft new file mode 100644 index 0000000..5d4d2ca --- /dev/null +++ b/tests/shell/testcases/include/dumps/0001absolute_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0002relative_0.nft b/tests/shell/testcases/include/dumps/0002relative_0.nft new file mode 100644 index 0000000..5d4d2ca --- /dev/null +++ b/tests/shell/testcases/include/dumps/0002relative_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0003includepath_0.nft b/tests/shell/testcases/include/dumps/0003includepath_0.nft new file mode 100644 index 0000000..5d4d2ca --- /dev/null +++ b/tests/shell/testcases/include/dumps/0003includepath_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0004endlessloop_1.nft b/tests/shell/testcases/include/dumps/0004endlessloop_1.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0004endlessloop_1.nft diff --git a/tests/shell/testcases/include/dumps/0005glob_empty_0.nft b/tests/shell/testcases/include/dumps/0005glob_empty_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0005glob_empty_0.nft diff --git a/tests/shell/testcases/include/dumps/0006glob_single_0.nft b/tests/shell/testcases/include/dumps/0006glob_single_0.nft new file mode 100644 index 0000000..5d4d2ca --- /dev/null +++ b/tests/shell/testcases/include/dumps/0006glob_single_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0007glob_double_0.nft b/tests/shell/testcases/include/dumps/0007glob_double_0.nft new file mode 100644 index 0000000..e4e5f9b --- /dev/null +++ b/tests/shell/testcases/include/dumps/0007glob_double_0.nft @@ -0,0 +1,4 @@ +table ip x { +} +table ip y { +} diff --git a/tests/shell/testcases/include/dumps/0008glob_nofile_wildcard_0.nft b/tests/shell/testcases/include/dumps/0008glob_nofile_wildcard_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0008glob_nofile_wildcard_0.nft diff --git a/tests/shell/testcases/include/dumps/0009glob_nofile_1.nft b/tests/shell/testcases/include/dumps/0009glob_nofile_1.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0009glob_nofile_1.nft diff --git a/tests/shell/testcases/include/dumps/0010glob_broken_file_1.nft b/tests/shell/testcases/include/dumps/0010glob_broken_file_1.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0010glob_broken_file_1.nft diff --git a/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft new file mode 100644 index 0000000..8e818d2 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0011glob_dependency_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} diff --git a/tests/shell/testcases/include/dumps/0012glob_dependency_1.nft b/tests/shell/testcases/include/dumps/0012glob_dependency_1.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0012glob_dependency_1.nft diff --git a/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft new file mode 100644 index 0000000..5d4d2ca --- /dev/null +++ b/tests/shell/testcases/include/dumps/0013glob_dotfile_0.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/include/dumps/0013input_descriptors_included_files_0.nft b/tests/shell/testcases/include/dumps/0013input_descriptors_included_files_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0013input_descriptors_included_files_0.nft diff --git a/tests/shell/testcases/include/dumps/0014glob_directory_0.nft b/tests/shell/testcases/include/dumps/0014glob_directory_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0014glob_directory_0.nft diff --git a/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft new file mode 100644 index 0000000..8e818d2 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0015doubleincludepath_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} diff --git a/tests/shell/testcases/include/dumps/0016maxdepth_0.nft b/tests/shell/testcases/include/dumps/0016maxdepth_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0016maxdepth_0.nft diff --git a/tests/shell/testcases/include/dumps/0017glob_more_than_maxdepth_1.nft b/tests/shell/testcases/include/dumps/0017glob_more_than_maxdepth_1.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0017glob_more_than_maxdepth_1.nft diff --git a/tests/shell/testcases/include/dumps/0018include_error_0.nft b/tests/shell/testcases/include/dumps/0018include_error_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0018include_error_0.nft diff --git a/tests/shell/testcases/include/dumps/0019include_error_0.nft b/tests/shell/testcases/include/dumps/0019include_error_0.nft new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0019include_error_0.nft diff --git a/tests/shell/testcases/include/dumps/0020include_chain_0.nft b/tests/shell/testcases/include/dumps/0020include_chain_0.nft new file mode 100644 index 0000000..3ad6db1 --- /dev/null +++ b/tests/shell/testcases/include/dumps/0020include_chain_0.nft @@ -0,0 +1,6 @@ +table inet filter { + chain input2 { + type filter hook input priority filter; policy accept; + ip saddr 1.2.3.4 tcp dport { 22, 123, 443 } drop + } +} |