diff options
Diffstat (limited to 'tests/shell/testcases/transactions/0051map_0')
| -rwxr-xr-x | tests/shell/testcases/transactions/0051map_0 | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/tests/shell/testcases/transactions/0051map_0 b/tests/shell/testcases/transactions/0051map_0 new file mode 100755 index 0000000..9ea5cd4 --- /dev/null +++ b/tests/shell/testcases/transactions/0051map_0 @@ -0,0 +1,122 @@ +#!/bin/bash + +rnd=$(mktemp -u XXXXXXXX) +ns1="nft1trans-$rnd" + +# +# dependency tracking for implicit set +# +RULESET="table ip x { + chain w {} + chain m {} + + chain y { + ip saddr vmap { 1.1.1.1 : jump w, 2.2.2.2 : accept, 3.3.3.3 : goto m } + } +}" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 +ip netns add $ns1 +ip netns exec $ns1 $NFT -f - <<< "$RULESET" >/dev/null || exit 0 +ip netns del $ns1 + +RULESET="flush chain ip x y +delete chain ip x w" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 + +# +# dependency tracking for map in implicit chain +# +RULESET="table ip x { + chain w {} + chain m {} + + chain y { + meta iifname \"eno1\" jump { + ip saddr vmap { 1.1.1.1 : jump w, 3.3.3.3 : goto m } + } + } +}" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 +ip netns add $ns1 +ip netns exec $ns1 $NFT -f - <<< "$RULESET" >/dev/null || exit 0 +ip netns del $ns1 + +RULESET="flush chain ip x y +delete chain ip x w" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 + +# +# dependency tracking for explicit map +# +RULESET="table ip x { + chain w {} + chain m {} + + map y { + type ipv4_addr : verdict + elements = { 1.1.1.1 : jump w, 2.2.2.2 : accept, 3.3.3.3 : goto m } + } +}" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 +ip netns add $ns1 +ip netns exec $ns1 $NFT -f - <<< "$RULESET" >/dev/null || exit 0 +ip netns del $ns1 + +RULESET="delete set ip x y +delete chain ip x w" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 + +# +# error path for implicit set +# +RULESET="table inet filter { + chain w { + jump z + } + chain z { + jump w + } + + chain test { + ip protocol { tcp, udp } ip saddr vmap { 1.1.1.1 : jump z } counter flow add @nonexisting + ip6 nexthdr { tcp, udp } ct mark and 2 == 2 counter + } +}" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 + +# +# error path for implicit set +# +RULESET="table inet filter { + chain w { + jump z + } + chain z { + jump w + } + + chain test { + ip protocol { tcp, udp } jump { + ip saddr vmap { 1.1.1.1 : jump z } + } + ip6 nexthdr { tcp, udp } ct mark and 2 == 2 counter + } +}" + +$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT -f - <<< "$RULESET" >/dev/null || exit 0 +$NFT flush table inet filter || exit 0 |