rpms/nftables
7
0
Fork 0
Code Issues Pull Requests Releases Activity
d9ac6410dc
nftables/SOURCES/0006-tests-monitor-Test-JSON-output-as-well.patch

369 lines
16 KiB
Diff
Raw Normal View History

import nftables-0.9.0-8.el8
2019-08-02 16:21:10 +00:00
From 24b0395e8d26ed9f7eb1716249a8e07f9f84571d Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 11 Oct 2018 17:49:01 +0200
Subject: [PATCH] tests: monitor: Test JSON output as well
Enhance monitor test suite to test check JSON output as well. Note that
for now there is no support for --echo output testing with JSON.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 16694bdd4c01ae001b60fbc18d45200fffc84de5)
Conflicts:
tests/monitor/testcases/object.t
-> Missing ct timeout support
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
tests/monitor/README | 27 +++++++++++-----
tests/monitor/run-tests.sh | 45 ++++++++++++++++++++++++--
tests/monitor/testcases/object.t | 11 +++++++
tests/monitor/testcases/set-maps.t | 4 +++
tests/monitor/testcases/set-mixed.t | 7 ++++
tests/monitor/testcases/set-multiple.t | 5 +++
tests/monitor/testcases/set-simple.t | 19 +++++++++++
tests/monitor/testcases/simple.t | 8 +++++
8 files changed, 115 insertions(+), 11 deletions(-)
diff --git a/tests/monitor/README b/tests/monitor/README
index 9c5e37f5c75c9..39096a7fae078 100644
--- a/tests/monitor/README
+++ b/tests/monitor/README
@@ -15,13 +15,14 @@ to be established manually, i.e. in order to test monitor output when adding a
chain, the table containing it has to be created first. In between each
testcase, rule set is flushed completely.
-Input and output lines are prefixed by 'I' and 'O', respectively. The prefix has
-to be separated from the rest of the line by whitespace. Consecutive input lines
-are passed to 'nft' together, hence lead to a single transaction.
+Input lines are prefixed by 'I'. Multiple consecutive input lines are passed to
+'nft' together, hence lead to a single transaction.
-Since in most cases output should be equal to input, there is a shortcut: If a
-line consists of 'O -' only, the test script uses all previous input lines as
-expected output directly.
+There are two types of output lines: Those for standard syntax, prefixed by 'O'
+and those for JSON output, prefixed by 'J'. For standard syntax output lines,
+there is a shortcut: If a line consists of 'O -' only, the test script uses all
+previous input lines as expected output directly. Of course this is not
+available for JSON output lines.
Empty lines and those starting with '#' are ignored.
@@ -29,8 +30,8 @@ Test Script Semantics
---------------------
The script iterates over all test case files, reading them line by line. It
-assumes that sections of 'I' lines alternate with sections of 'O' lines. After
-stripping the prefix, each line is appended to a temporary file. There are
+assumes that sections of 'I' lines alternate with sections of 'O'/'J' lines.
+After stripping the prefix, each line is appended to a temporary file. There are
separate files for input and output lines.
If a set of input and output lines is complete (i.e. upon encountering either a
@@ -46,3 +47,13 @@ Note: Running 'nft monitor' in background is prone to race conditions. Hence
an artificial delay is introduced before calling 'nft -f' to allow for 'nft
monitor' to complete initialization and another one before comparing the output
to allow for 'nft monitor' to process the netlink events.
+
+By default, only standard syntax is being tested for, i.e. 'J'-prefixed lines
+are simply ignored. If JSON testing was requested (by passing '-j' flag to the
+test script), 'O'-prefixed lines in turn are ignored.
+
+There is one caveat with regards to JSON output: Since it always contains handle
+properties (if the given object possesses such) which is supposed to be
+arbitrary, there is a filter script which normalizes all handle values in
+monitor output to zero before comparison. Therefore expected output must have
+all handle properties present but with a value of zero.
diff --git a/tests/monitor/run-tests.sh b/tests/monitor/run-tests.sh
index 1adabda193949..f4089887b69aa 100755
--- a/tests/monitor/run-tests.sh
+++ b/tests/monitor/run-tests.sh
@@ -3,6 +3,7 @@
cd $(dirname $0)
nft=../../src/nft
debug=false
+test_json=false
mydiff() {
diff -w -I '^# ' "$@"
@@ -47,9 +48,16 @@ echo_output_append() {
}
[[ "$*" =~ ^add|replace|insert ]] && echo "$*" >>$output_file
}
+json_output_filter() { # (filename)
+ # unify handle values
+ sed -i -e 's/\("handle":\) [0-9][0-9]*/\1 0/g' "$1"
+}
monitor_run_test() {
monitor_output=$(mktemp -p $testdir)
- $nft -nn monitor >$monitor_output &
+ monitor_args=""
+ $test_json && monitor_args="vm json"
+
+ $nft -nn monitor $monitor_args >$monitor_output &
monitor_pid=$!
sleep 0.5
@@ -67,6 +75,7 @@ monitor_run_test() {
sleep 0.5
kill $monitor_pid
wait >/dev/null 2>&1
+ $test_json && json_output_filter $monitor_output
if ! mydiff -q $monitor_output $output_file >/dev/null 2>&1; then
echo "monitor output differs!"
mydiff -u $output_file $monitor_output
@@ -99,7 +108,33 @@ echo_run_test() {
touch $output_file
}
-for variant in monitor echo; do
+while [ -n "$1" ]; do
+ case "$1" in
+ -d|--debug)
+ debug=true
+ shift
+ ;;
+ -j|--json)
+ test_json=true
+ shift
+ ;;
+ *)
+ echo "unknown option '$1'"
+ ;&
+ -h|--help)
+ echo "Usage: $(basename $0) [-j|--json] [-d|--debug]"
+ exit 1
+ ;;
+ esac
+done
+
+if $test_json; then
+ variants="monitor"
+else
+ variants="monitor echo"
+fi
+
+for variant in $variants; do
run_test=${variant}_run_test
output_append=${variant}_output_append
@@ -124,7 +159,11 @@ for variant in monitor echo; do
;;
O)
input_complete=true
- $output_append "$line"
+ $test_json || $output_append "$line"
+ ;;
+ J)
+ input_complete=true
+ $test_json && $output_append "$line"
;;
'#'|'')
# ignore comments and empty lines
diff --git a/tests/monitor/testcases/object.t b/tests/monitor/testcases/object.t
index 7b88409775796..e9a6d56ac546c 100644
--- a/tests/monitor/testcases/object.t
+++ b/tests/monitor/testcases/object.t
@@ -1,27 +1,38 @@
# first the setup
I add table ip t
O -
+J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}}
I add counter ip t c
O add counter ip t c { packets 0 bytes 0 }
+J {"add": {"counter": {"family": "ip", "name": "c", "table": "t", "handle": 0, "packets": 0, "bytes": 0}}}
I delete counter ip t c
O -
+J {"delete": {"counter": {"family": "ip", "name": "c", "table": "t", "handle": 0, "packets": 0, "bytes": 0}}}
+# FIXME: input/output shouldn't be asynchronous here
I add quota ip t q 25 mbytes
O add quota ip t q { 25 mbytes }
+J {"add": {"quota": {"family": "ip", "name": "q", "table": "t", "handle": 0, "bytes": 26214400, "used": 0, "inv": false}}}
I delete quota ip t q
O -
+J {"delete": {"quota": {"family": "ip", "name": "q", "table": "t", "handle": 0, "bytes": 26214400, "used": 0, "inv": false}}}
+# FIXME: input/output shouldn't be asynchronous here
I add limit ip t l rate 1/second
O add limit ip t l { rate 1/second }
+J {"add": {"limit": {"family": "ip", "name": "l", "table": "t", "handle": 0, "rate": 1, "per": "second", "burst": 5}}}
I delete limit ip t l
O -
+J {"delete": {"limit": {"family": "ip", "name": "l", "table": "t", "handle": 0, "rate": 1, "per": "second", "burst": 5}}}
I add ct helper ip t cth { type "sip" protocol tcp; l3proto ip; }
O -
+J {"add": {"ct helper": {"family": "ip", "name": "cth", "table": "t", "handle": 0, "type": "sip", "protocol": "tcp", "l3proto": "ip"}}}
I delete ct helper ip t cth
O -
+J {"delete": {"ct helper": {"family": "ip", "name": "cth", "table": "t", "handle": 0, "type": "sip", "protocol": "tcp", "l3proto": "ip"}}}
diff --git a/tests/monitor/testcases/set-maps.t b/tests/monitor/testcases/set-maps.t
index 3d86720ec8136..acda480d86dbb 100644
--- a/tests/monitor/testcases/set-maps.t
+++ b/tests/monitor/testcases/set-maps.t
@@ -2,9 +2,13 @@
I add table ip t
I add map ip t portip { type inet_service: ipv4_addr; flags interval; }
O -
+J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}}
+J {"add": {"map": {"family": "ip", "name": "portip", "table": "t", "type": "inet_service", "handle": 0, "map": "ipv4_addr", "flags": ["interval"]}}}
I add element ip t portip { 80-100: 10.0.0.1 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portip", "elem": {"set": [[{"range": [80, 100]}, "10.0.0.1"]]}}}}
I add element ip t portip { 1024-65535: 10.0.0.1 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portip", "elem": {"set": [[{"range": [1024, 65535]}, "10.0.0.1"]]}}}}
diff --git a/tests/monitor/testcases/set-mixed.t b/tests/monitor/testcases/set-mixed.t
index 9c1c5323f2e4e..08c20116de92f 100644
--- a/tests/monitor/testcases/set-mixed.t
+++ b/tests/monitor/testcases/set-mixed.t
@@ -3,13 +3,20 @@ I add table ip t
I add set ip t portrange { type inet_service; flags interval; }
I add set ip t ports { type inet_service; }
O -
+J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}}
+J {"add": {"set": {"family": "ip", "name": "portrange", "table": "t", "type": "inet_service", "handle": 0, "flags": ["interval"]}}}
+J {"add": {"set": {"family": "ip", "name": "ports", "table": "t", "type": "inet_service", "handle": 0}}}
# make sure concurrent adds work
I add element ip t portrange { 1024-65535 }
I add element ip t ports { 10 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
+J {"add": {"element": {"family": "ip", "table": "t", "name": "ports", "elem": {"set": [10]}}}}
# delete items again
I delete element ip t portrange { 1024-65535 }
I delete element ip t ports { 10 }
O -
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "ports", "elem": {"set": [10]}}}}
diff --git a/tests/monitor/testcases/set-multiple.t b/tests/monitor/testcases/set-multiple.t
index ad91fac047fe8..bd7a6246a46b4 100644
--- a/tests/monitor/testcases/set-multiple.t
+++ b/tests/monitor/testcases/set-multiple.t
@@ -3,8 +3,13 @@ I add table ip t
I add set ip t portrange { type inet_service; flags interval; }
I add set ip t portrange2 { type inet_service; flags interval; }
O -
+J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}}
+J {"add": {"set": {"family": "ip", "name": "portrange", "table": "t", "type": "inet_service", "handle": 0, "flags": ["interval"]}}}
+J {"add": {"set": {"family": "ip", "name": "portrange2", "table": "t", "type": "inet_service", "handle": 0, "flags": ["interval"]}}}
# make sure concurrent adds work
I add element ip t portrange { 1024-65535 }
I add element ip t portrange2 { 10-20 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange2", "elem": {"set": [{"range": [10, 20]}]}}}}
diff --git a/tests/monitor/testcases/set-simple.t b/tests/monitor/testcases/set-simple.t
index ebff7cbda0c8b..8ca4f32463fd7 100644
--- a/tests/monitor/testcases/set-simple.t
+++ b/tests/monitor/testcases/set-simple.t
@@ -2,15 +2,21 @@
I add table ip t
I add set ip t portrange { type inet_service; flags interval; }
O -
+J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}}
+J {"add": {"set": {"family": "ip", "name": "portrange", "table": "t", "type": "inet_service", "handle": 0, "flags": ["interval"]}}}
# adding some ranges
I add element ip t portrange { 1-10 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1, 10]}]}}}}
I add element ip t portrange { 1024-65535 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
I add element ip t portrange { 20-30, 40-50 }
O add element ip t portrange { 20-30 }
O add element ip t portrange { 40-50 }
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [20, 30]}]}}}}
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [40, 50]}]}}}}
# test flushing -> elements are removed in reverse
I flush set ip t portrange
@@ -18,25 +24,38 @@ O delete element ip t portrange { 1024-65535 }
O delete element ip t portrange { 40-50 }
O delete element ip t portrange { 20-30 }
O delete element ip t portrange { 1-10 }
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [40, 50]}]}}}}
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [20, 30]}]}}}}
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1, 10]}]}}}}
# make sure lower scope boundary works
I add element ip t portrange { 0-10 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [0, 10]}]}}}}
# make sure half open before other element works
I add element ip t portrange { 1024-65535 }
I add element ip t portrange { 100-200 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [100, 200]}]}}}}
# make sure deletion of elements works
I delete element ip t portrange { 0-10 }
O -
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [0, 10]}]}}}}
I delete element ip t portrange { 100-200 }
I delete element ip t portrange { 1024-65535 }
O -
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [100, 200]}]}}}}
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
# make sure mixed add/delete works
I add element ip t portrange { 10-20 }
I add element ip t portrange { 1024-65535 }
I delete element ip t portrange { 10-20 }
O -
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [10, 20]}]}}}}
+J {"add": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [1024, 65535]}]}}}}
+J {"delete": {"element": {"family": "ip", "table": "t", "name": "portrange", "elem": {"set": [{"range": [10, 20]}]}}}}
diff --git a/tests/monitor/testcases/simple.t b/tests/monitor/testcases/simple.t
index e4dc073e14b65..78d8f8b04bd36 100644
--- a/tests/monitor/testcases/simple.t
+++ b/tests/monitor/testcases/simple.t
@@ -2,19 +2,27 @@
I add table ip t
I add chain ip t c
O -
+J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}}
+J {"add": {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0}}}
I add rule ip t c accept
O -
+J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"accept": null}]}}}
I add rule ip t c tcp dport { 22, 80, 443 } accept
O -
+J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22, 80, 443]}}}, {"accept": null}]}}}
I insert rule ip t c counter accept
O add rule ip t c counter packets 0 bytes 0 accept
+J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}}
I replace rule ip t c handle 2 accept comment "foo bar"
O delete rule ip t c handle 2
O add rule ip t c accept comment "foo bar"
+J {"delete": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"accept": null}]}}}
+J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "comment": "foo bar", "expr": [{"accept": null}]}}}
I add counter ip t cnt
O add counter ip t cnt { packets 0 bytes 0 }
+J {"add": {"counter": {"family": "ip", "name": "cnt", "table": "t", "handle": 0, "packets": 0, "bytes": 0}}}
--
2.19.0
Reference in New Issue Copy Permalink