In libnftables, detect if given filename is '-' and treat it as the common way of requesting to read from stdin, then open /dev/stdin instead. (Calling 'nft -f /dev/stdin' worked before as well, but this makes it official.) With this in place and bash's support for here strings, review all tests in tests/shell for needless use of temp files. Note that two categories of test cases were intentionally left unchanged: - Tests creating potentially large rulesets to avoid running into shell parameter length limits. - Tests for 'include' directive for obvious reasons. Signed-off-by: Phil Sutter <phil@xxxxxx> --- doc/nft.xml | 2 +- src/libnftables.c | 3 +++ tests/shell/testcases/cache/0001_cache_handling_0 | 16 ++++---------- tests/shell/testcases/cache/0002_interval_0 | 13 ++--------- tests/shell/testcases/flowtable/0001flowtable_0 | 12 +---------- tests/shell/testcases/import/vm_json_import_0 | 16 +++----------- .../testcases/maps/0006interval_map_overlap_0 | 19 ++++------------ .../shell/testcases/maps/0007named_ifname_dtype_0 | 11 +--------- tests/shell/testcases/netns/0001nft-f_0 | 11 +--------- tests/shell/testcases/netns/0003many_0 | 12 +---------- tests/shell/testcases/nft-f/0001define_slash_0 | 14 +++--------- tests/shell/testcases/nft-f/0002rollback_rule_0 | 14 ++---------- tests/shell/testcases/nft-f/0003rollback_jump_0 | 14 ++---------- tests/shell/testcases/nft-f/0004rollback_set_0 | 14 ++---------- tests/shell/testcases/nft-f/0005rollback_map_0 | 14 ++---------- tests/shell/testcases/nft-f/0006action_object_0 | 25 +++++++--------------- .../nft-f/0007action_object_set_segfault_1 | 14 +++--------- tests/shell/testcases/nft-f/0008split_tables_0 | 11 +--------- tests/shell/testcases/nft-f/0009variable_0 | 11 +--------- tests/shell/testcases/nft-f/0010variable_0 | 11 +--------- .../shell/testcases/nft-f/0012different_defines_0 | 14 +++--------- tests/shell/testcases/nft-f/0013defines_1 | 14 +++--------- tests/shell/testcases/nft-f/0014defines_1 | 14 +++--------- tests/shell/testcases/nft-f/0015defines_1 | 14 +++--------- tests/shell/testcases/nft-f/0016redefines_1 | 14 +++--------- tests/shell/testcases/sets/0001named_interval_0 | 14 +++--------- .../shell/testcases/sets/0008create_verdict_map_0 | 14 +++--------- .../sets/0014malformed_set_is_not_defined_0 | 14 +++--------- tests/shell/testcases/sets/0015rulesetflush_0 | 16 ++++---------- tests/shell/testcases/sets/0021nesting_0 | 11 +--------- .../testcases/sets/0022type_selective_flush_0 | 17 ++++----------- tests/shell/testcases/sets/0024named_objects_0 | 14 +++--------- tests/shell/testcases/sets/0026named_limit_0 | 14 +++--------- tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 | 14 +++--------- .../shell/testcases/sets/0029named_ifname_dtype_0 | 11 +--------- tests/shell/testcases/sets/0031set_timeout_size_0 | 14 +++--------- tests/shell/testcases/transactions/0001table_0 | 11 +--------- tests/shell/testcases/transactions/0002table_0 | 11 +--------- tests/shell/testcases/transactions/0003table_0 | 11 +--------- tests/shell/testcases/transactions/0010chain_0 | 11 +--------- tests/shell/testcases/transactions/0011chain_0 | 11 +--------- tests/shell/testcases/transactions/0012chain_0 | 11 +--------- tests/shell/testcases/transactions/0013chain_0 | 11 +--------- tests/shell/testcases/transactions/0014chain_1 | 11 +--------- tests/shell/testcases/transactions/0020rule_0 | 11 +--------- tests/shell/testcases/transactions/0021rule_0 | 11 +--------- tests/shell/testcases/transactions/0022rule_1 | 11 +--------- tests/shell/testcases/transactions/0023rule_1 | 11 +--------- tests/shell/testcases/transactions/0030set_0 | 11 +--------- tests/shell/testcases/transactions/0031set_0 | 11 +--------- tests/shell/testcases/transactions/0032set_0 | 11 +--------- tests/shell/testcases/transactions/0033set_0 | 11 +--------- tests/shell/testcases/transactions/0034set_0 | 11 +--------- tests/shell/testcases/transactions/0035set_0 | 11 +--------- tests/shell/testcases/transactions/0036set_1 | 11 +--------- tests/shell/testcases/transactions/0037set_0 | 11 +--------- tests/shell/testcases/transactions/0038set_0 | 11 +--------- tests/shell/testcases/transactions/0039set_0 | 11 +--------- tests/shell/testcases/transactions/0040set_0 | 14 ++---------- 59 files changed, 116 insertions(+), 620 deletions(-) diff --git a/doc/nft.xml b/doc/nft.xml index fb57c2b6db8a7..7800890d20e9c 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -167,7 +167,7 @@ vi:ts=4 sw=4 <term><option>-f, --file <replaceable>filename</replaceable></option></term> <listitem> <para> - Read input from <replaceable>filename</replaceable>. + Read input from <replaceable>filename</replaceable>. If <replaceable>filename</replaceable> is <literal>-</literal>, read from <literal>stdin</literal>. </para> <para> nft scripts must start <command>#!/usr/sbin/nft -f</command> diff --git a/src/libnftables.c b/src/libnftables.c index 9b2f65aed7593..6e271209d87ec 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -313,6 +313,9 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename) if (rc < 0) return -1; + if (!strcmp(filename, "-")) + filename = "/dev/stdin"; + parser_init(nft->nf_sock, &nft->cache, &state, &msgs, nft->debug_mask, &nft->output); scanner = scanner_init(&state); diff --git a/tests/shell/testcases/cache/0001_cache_handling_0 b/tests/shell/testcases/cache/0001_cache_handling_0 index 3693f15a952f7..20c19117033d1 100755 --- a/tests/shell/testcases/cache/0001_cache_handling_0 +++ b/tests/shell/testcases/cache/0001_cache_handling_0 @@ -1,14 +1,6 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=' table inet test { set test { type ipv4_addr @@ -19,12 +11,12 @@ table inet test { ip saddr @test counter accept ip daddr { 2.2.2.2} counter accept } -}" > $tmpfile +}' set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET rule_handle=$($NFT list ruleset -a | awk '/saddr/{print $NF}') $NFT delete rule inet test test handle $rule_handle $NFT delete set inet test test -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/cache/0002_interval_0 b/tests/shell/testcases/cache/0002_interval_0 index f500911ac2dc6..0c010c1f5f07f 100755 --- a/tests/shell/testcases/cache/0002_interval_0 +++ b/tests/shell/testcases/cache/0002_interval_0 @@ -5,14 +5,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="flush ruleset table inet t { set s { type ipv4_addr; flags interval; } @@ -22,6 +14,5 @@ add element inet t s { 192.168.0.1/24, }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/flowtable/0001flowtable_0 b/tests/shell/testcases/flowtable/0001flowtable_0 index 6d08e254558a1..95b193dc90603 100755 --- a/tests/shell/testcases/flowtable/0001flowtable_0 +++ b/tests/shell/testcases/flowtable/0001flowtable_0 @@ -1,14 +1,5 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - - EXPECTED='table inet t { flowtable f { hook ingress priority 10 @@ -20,6 +11,5 @@ EXPECTED='table inet t { } }' -echo "$EXPECTED" > $tmpfile set -e -$NFT -f $tmpfile +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/import/vm_json_import_0 b/tests/shell/testcases/import/vm_json_import_0 index e5ecbcc43e16e..a8d546ff956eb 100755 --- a/tests/shell/testcases/import/vm_json_import_0 +++ b/tests/shell/testcases/import/vm_json_import_0 @@ -1,14 +1,5 @@ #!/bin/bash -tmpfile=$(mktemp) - -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table ip mangle { set blackhole { type ipv4_addr @@ -56,8 +47,7 @@ table ip6 x { } }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile -$NFT export vm json > $tmpfile +$NFT -f - <<< $RULESET +RULESET_JSON=$($NFT export vm json) $NFT flush ruleset -cat $tmpfile | $NFT import vm json +$NFT import vm json <<< $RULESET_JSON diff --git a/tests/shell/testcases/maps/0006interval_map_overlap_0 b/tests/shell/testcases/maps/0006interval_map_overlap_0 index 682ac65b0e19a..d63a396d30ee8 100755 --- a/tests/shell/testcases/maps/0006interval_map_overlap_0 +++ b/tests/shell/testcases/maps/0006interval_map_overlap_0 @@ -4,24 +4,13 @@ # shows how disjoint intervals are seen as overlaps # NOTE this is only an issue with two separate nft calls -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - n=1 -echo "add table x +RULESET="add table x add map x y { type ipv4_addr : ipv4_addr; flags interval; } -add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile +add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET n=2 -echo "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile - -$NFT -f $tmpfile - +$NFT "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" diff --git a/tests/shell/testcases/maps/0007named_ifname_dtype_0 b/tests/shell/testcases/maps/0007named_ifname_dtype_0 index 5e51a605358b5..4c7e7895a5ce3 100755 --- a/tests/shell/testcases/maps/0007named_ifname_dtype_0 +++ b/tests/shell/testcases/maps/0007named_ifname_dtype_0 @@ -2,14 +2,6 @@ # support for ifname in named maps -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - EXPECTED="table inet t { map m1 { type ifname : ipv4_addr @@ -23,6 +15,5 @@ EXPECTED="table inet t { }" set -e -echo "$EXPECTED" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0 index 435275233f75d..a6c854d25c2c6 100755 --- a/tests/shell/testcases/netns/0001nft-f_0 +++ b/tests/shell/testcases/netns/0001nft-f_0 @@ -8,14 +8,6 @@ if [ ! -x "$IP" ] ; then exit 1 fi -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table ip t { set s { type ipv4_addr @@ -91,8 +83,7 @@ if [ $? -ne 0 ] ; then exit 1 fi -echo "$RULESET" > $tmpfile -$IP netns exec $NETNS_NAME $NFT -f $tmpfile +$IP netns exec $NETNS_NAME $NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load ruleset in netns" >&2 $IP netns del $NETNS_NAME diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0 index 03da6eec85973..c3595de8e5d56 100755 --- a/tests/shell/testcases/netns/0003many_0 +++ b/tests/shell/testcases/netns/0003many_0 @@ -11,14 +11,6 @@ if [ ! -x "$IP" ] ; then exit 1 fi -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table ip t { set s { type ipv4_addr @@ -86,8 +78,6 @@ table arp t { } }" -echo "$RULESET" > $tmpfile - function test_netns() { local NETNS_NAME=$1 @@ -97,7 +87,7 @@ function test_netns() exit 1 fi - $IP netns exec $NETNS_NAME $NFT -f $tmpfile + $IP netns exec $NETNS_NAME $NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load ruleset in netns" >&2 $IP netns del $NETNS_NAME diff --git a/tests/shell/testcases/nft-f/0001define_slash_0 b/tests/shell/testcases/nft-f/0001define_slash_0 index bf0763d4bd7c3..8712fbf88ef34 100755 --- a/tests/shell/testcases/nft-f/0001define_slash_0 +++ b/tests/shell/testcases/nft-f/0001define_slash_0 @@ -2,18 +2,10 @@ # tests for commit 85d6803 (parser_bison: initializer_expr must use rhs_expr) -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" define net = 1.1.1.1/24 -" > $tmpfile +" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0 index 19690544c5be1..da3cdc0bc1619 100755 --- a/tests/shell/testcases/nft-f/0002rollback_rule_0 +++ b/tests/shell/testcases/nft-f/0002rollback_rule_0 @@ -3,14 +3,6 @@ # test a kernel rollback operation # fail reason: rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - GOOD_RULESET="table ip t { set t { type ipv4_addr @@ -35,15 +27,13 @@ table ip t2 { } }" -echo "$GOOD_RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $GOOD_RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi -echo "$BAD_RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $BAD_RULESET 2>/dev/null if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0 index f53fd23872511..1238f1504c96b 100755 --- a/tests/shell/testcases/nft-f/0003rollback_jump_0 +++ b/tests/shell/testcases/nft-f/0003rollback_jump_0 @@ -3,14 +3,6 @@ # test a kernel rollback operation # fail reason: invalid jump -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - GOOD_RULESET="table ip t { set t { type ipv4_addr @@ -35,15 +27,13 @@ table ip t2 { } }" -echo "$GOOD_RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $GOOD_RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi -echo "$BAD_RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $BAD_RULESET 2>/dev/null if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0 index 7674106fb9e39..25fc870c67421 100755 --- a/tests/shell/testcases/nft-f/0004rollback_set_0 +++ b/tests/shell/testcases/nft-f/0004rollback_set_0 @@ -3,14 +3,6 @@ # test a kernel rollback operation # fail reason: invalid set -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - GOOD_RULESET="table ip t { set t { type ipv4_addr @@ -35,15 +27,13 @@ table ip t2 { } }" -echo "$GOOD_RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $GOOD_RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi -echo "$BAD_RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $BAD_RULESET 2>/dev/null if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0 index ba1fcc5960652..90108e729d59b 100755 --- a/tests/shell/testcases/nft-f/0005rollback_map_0 +++ b/tests/shell/testcases/nft-f/0005rollback_map_0 @@ -3,14 +3,6 @@ # test a kernel rollback operation # fail reason: invalid map -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - GOOD_RULESET="table ip t { set t { type ipv4_addr @@ -38,15 +30,13 @@ table ip t2 { } }" -echo "$GOOD_RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $GOOD_RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi -echo "$BAD_RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $BAD_RULESET 2>/dev/null if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 diff --git a/tests/shell/testcases/nft-f/0006action_object_0 b/tests/shell/testcases/nft-f/0006action_object_0 index f4ec41d5ddc5e..6e3b0b2e58256 100755 --- a/tests/shell/testcases/nft-f/0006action_object_0 +++ b/tests/shell/testcases/nft-f/0006action_object_0 @@ -2,14 +2,6 @@ # test loading a ruleset with the 'action object' pattern -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -f $tmpfile" EXIT # cleanup if aborted - set -e FAMILIES="ip ip6 inet arp bridge" @@ -29,7 +21,7 @@ generate1() add element $family t m {10080:drop} insert rule $family t c meta l4proto tcp tcp dport vmap @m add rule $family t c meta l4proto udp udp sport vmap {1111:accept} - " >> $tmpfile + " } generate2() @@ -41,25 +33,24 @@ generate2() delete element $family t s {8080} delete chain $family t c delete table $family t - " >> $tmpfile + " } -for family in $FAMILIES ; do +RULESET=$(for family in $FAMILIES ; do generate1 $family -done +done) -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load ruleset 1" >&2 exit 1 fi -echo "" > $tmpfile -for family in $FAMILIES ; do +RULESET=$(for family in $FAMILIES ; do generate2 $family -done +done) -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load ruleset 2" >&2 exit 1 diff --git a/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 b/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 index 3a4183bbb441f..7649a49608183 100755 --- a/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 +++ b/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 @@ -3,19 +3,11 @@ # test for a segfault if bad syntax was used in set declaration # and the set is referenced in the same batch -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -f $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" add table t add chain t c add set t s {type ipv4_addr\;} add rule t c ip saddr @s -" > $tmpfile +" -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0 index b244d14ea70f7..14cdd49977a26 100755 --- a/tests/shell/testcases/nft-f/0008split_tables_0 +++ b/tests/shell/testcases/nft-f/0008split_tables_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table inet filter { chain ssh { type filter hook input priority 0; policy accept; @@ -23,8 +15,7 @@ table inet filter { } }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/nft-f/0009variable_0 b/tests/shell/testcases/nft-f/0009variable_0 index 4d387074d8a54..8ff6b7cf20bcd 100755 --- a/tests/shell/testcases/nft-f/0009variable_0 +++ b/tests/shell/testcases/nft-f/0009variable_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="define concat-set-variable = { 10.10.10.10 . 25, 10.10.10.10 . 143 } table inet forward { @@ -19,5 +11,4 @@ table inet forward { } }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0010variable_0 b/tests/shell/testcases/nft-f/0010variable_0 index 2df71b1347410..be02c6bf41628 100755 --- a/tests/shell/testcases/nft-f/0010variable_0 +++ b/tests/shell/testcases/nft-f/0010variable_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="define whitelist_v4 = { 1.1.1.1 } table inet filter { @@ -18,5 +10,4 @@ table inet filter { add element inet filter whitelist_v4 \$whitelist_v4 " -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0 index 9c496d5932755..c17b06b18d236 100755 --- a/tests/shell/testcases/nft-f/0012different_defines_0 +++ b/tests/shell/testcases/nft-f/0012different_defines_0 @@ -2,15 +2,7 @@ # tests different spots, datatypes and usages for nft defines -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" define d_iifname = whatever define d_oifname = \$d_iifname define d_iif = lo @@ -38,7 +30,7 @@ table inet t { tcp dport \$d_ports udp dport vmap { \$d_ports : accept } } -}" >> $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0013defines_1 b/tests/shell/testcases/nft-f/0013defines_1 index 053700348c0be..b6d575c93452d 100755 --- a/tests/shell/testcases/nft-f/0013defines_1 +++ b/tests/shell/testcases/nft-f/0013defines_1 @@ -4,15 +4,7 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" define var2 = \$var1 define var1 = lo @@ -20,6 +12,6 @@ table ip t { chain c { iif \$var2 } -}" >> $tmpfile +}" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0014defines_1 b/tests/shell/testcases/nft-f/0014defines_1 index de5615e96727e..77d766ec5215c 100755 --- a/tests/shell/testcases/nft-f/0014defines_1 +++ b/tests/shell/testcases/nft-f/0014defines_1 @@ -4,15 +4,7 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" define var1 = lo define var1 = lo @@ -20,6 +12,6 @@ table ip t { chain c { iif \$var1 } -}" >> $tmpfile +}" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0015defines_1 b/tests/shell/testcases/nft-f/0015defines_1 index 9c1a7013e62fa..8aaa7bb10d592 100755 --- a/tests/shell/testcases/nft-f/0015defines_1 +++ b/tests/shell/testcases/nft-f/0015defines_1 @@ -4,21 +4,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" define var1 = \$var1 table ip t { chain c { iif \$var1 } -}" >> $tmpfile +}" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/nft-f/0016redefines_1 b/tests/shell/testcases/nft-f/0016redefines_1 index da303607b0cb2..9a6a764a3d974 100755 --- a/tests/shell/testcases/nft-f/0016redefines_1 +++ b/tests/shell/testcases/nft-f/0016redefines_1 @@ -2,15 +2,7 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table ip x { chain y { define unused = 4.4.4.4 @@ -20,7 +12,7 @@ table ip x { ip saddr $address undefine unused } -}" >> $tmpfile +}" EXPECTED="table ip x { chain y { @@ -29,7 +21,7 @@ EXPECTED="table ip x { } }" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET GET="$($NFT list ruleset)" diff --git a/tests/shell/testcases/sets/0001named_interval_0 b/tests/shell/testcases/sets/0001named_interval_0 index 8d08b755094c7..740981252f868 100755 --- a/tests/shell/testcases/sets/0001named_interval_0 +++ b/tests/shell/testcases/sets/0001named_interval_0 @@ -4,15 +4,7 @@ # * creating a valid interval set # * referencing it from a valid rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table inet t { set s1 { type ipv4_addr @@ -41,7 +33,7 @@ table inet t { ip6 nexthdr @s3 accept tcp dport @s4 accept } -}" > $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0008create_verdict_map_0 b/tests/shell/testcases/sets/0008create_verdict_map_0 index 8ebb450969625..1188e977c96ed 100755 --- a/tests/shell/testcases/sets/0008create_verdict_map_0 +++ b/tests/shell/testcases/sets/0008create_verdict_map_0 @@ -1,14 +1,6 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table ip t { map sourcemap { type ipv4_addr : verdict; @@ -19,7 +11,7 @@ table ip t { } add chain t c add element t sourcemap { 100.123.10.2 : jump c } -" > $tmpfile +" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 index 5d1a2daba1fc1..61d6b49ceeac2 100755 --- a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 +++ b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 @@ -7,22 +7,14 @@ # In this case, nft should error out because the set doesn't exist instead of # segfaulting -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" add table t add chain t c add set t s {type ipv4_addr\;} add rule t c ip saddr @s -" >$tmpfile +" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET ret=$? trap - EXIT diff --git a/tests/shell/testcases/sets/0015rulesetflush_0 b/tests/shell/testcases/sets/0015rulesetflush_0 index 27242b36c3c51..3bfab97cf1c45 100755 --- a/tests/shell/testcases/sets/0015rulesetflush_0 +++ b/tests/shell/testcases/sets/0015rulesetflush_0 @@ -1,14 +1,6 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo "flush ruleset +RULESET="flush ruleset add table t add chain t c @@ -18,9 +10,9 @@ table inet filter { add element inet filter blacklist_v4 { 192.168.0.1/24, -}" >$tmpfile +}" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET # make sure flush ruleset works right -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0 index 4779f264e8c89..c0ac396f8b31a 100755 --- a/tests/shell/testcases/sets/0021nesting_0 +++ b/tests/shell/testcases/sets/0021nesting_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -#trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET=' define set1 = { 2.2.2.0/24, @@ -24,8 +16,7 @@ table ip x { } }' -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/sets/0022type_selective_flush_0 b/tests/shell/testcases/sets/0022type_selective_flush_0 index 659bf70c05bfc..0c39cbad9352a 100755 --- a/tests/shell/testcases/sets/0022type_selective_flush_0 +++ b/tests/shell/testcases/sets/0022type_selective_flush_0 @@ -3,23 +3,15 @@ # This tests the selectiveness of flush command on structures that use the # generic set infrastructure (sets, maps and meters). -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" add table t add chain t c add set t s {type ipv4_addr;} add map t m {type ipv4_addr : inet_service;} add rule t c tcp dport 80 meter f {ip saddr limit rate 10/second} -" >$tmpfile +" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET # Commands that should be invalid @@ -31,8 +23,7 @@ declare -a cmds=( for i in "${cmds[@]}" do - echo "$i" >$tmpfile - $NFT -f $tmpfile &>/dev/null + $NFT "$i" &>/dev/null ret=$? if [ $ret -eq 0 ]; then diff --git a/tests/shell/testcases/sets/0024named_objects_0 b/tests/shell/testcases/sets/0024named_objects_0 index 19dd1cd54fcc5..772247e0994d5 100755 --- a/tests/shell/testcases/sets/0024named_objects_0 +++ b/tests/shell/testcases/sets/0024named_objects_0 @@ -4,15 +4,7 @@ # * creating valid named objects # * referencing them from a valid rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table inet x { counter user123 { packets 12 bytes 1433 @@ -35,7 +27,7 @@ table inet x { counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"} quota name ip saddr map @test drop } -}" > $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0026named_limit_0 b/tests/shell/testcases/sets/0026named_limit_0 index 91553f34088b8..23bc0b02b8e8a 100755 --- a/tests/shell/testcases/sets/0026named_limit_0 +++ b/tests/shell/testcases/sets/0026named_limit_0 @@ -4,15 +4,7 @@ # * creating valid named limits # * referencing them from a valid rule -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table ip filter { limit http-traffic { rate 1/second @@ -21,7 +13,7 @@ table ip filter { type filter hook input priority 0; policy accept; limit name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"} } -}" > $tmpfile +}" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 b/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 index 7ac271a09cefe..846e3226ae05d 100755 --- a/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 +++ b/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 @@ -4,15 +4,7 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo " +RULESET=" table inet t { set s { type ipv6_addr @@ -20,6 +12,6 @@ table inet t { elements = { ::ffff:0.0.0.0/96 } } } -" > $tmpfile +" -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0 index 92f4a4ad043f0..532d892739f4d 100755 --- a/tests/shell/testcases/sets/0029named_ifname_dtype_0 +++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0 @@ -2,14 +2,6 @@ # support for ifname in named sets -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - EXPECTED="table inet t { set s { type ifname @@ -23,5 +15,4 @@ EXPECTED="table inet t { }" set -e -echo "$EXPECTED" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/sets/0031set_timeout_size_0 b/tests/shell/testcases/sets/0031set_timeout_size_0 index 89af58f35d144..3d3f919ab97a3 100755 --- a/tests/shell/testcases/sets/0031set_timeout_size_0 +++ b/tests/shell/testcases/sets/0031set_timeout_size_0 @@ -1,15 +1,7 @@ #!/bin/bash -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - -echo "add table x -add set x y { type ipv4_addr; size 128; timeout 30s; }" > $tmpfile +RULESET="add table x +add set x y { type ipv4_addr; size 128; timeout 30s; }" set -e -$NFT -f $tmpfile +$NFT -f - <<< $RULESET diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0 index 83f9fd0d7d6c4..1a8ecb8663c7b 100755 --- a/tests/shell/testcases/transactions/0001table_0 +++ b/tests/shell/testcases/transactions/0001table_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x delete table x add table x add table y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0 index dbd2f4ab8faf2..290ea436dc9b8 100755 --- a/tests/shell/testcases/transactions/0002table_0 +++ b/tests/shell/testcases/transactions/0002table_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x delete table x add table x add table x { flags dormant; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0 index 004ce51312969..c5a87d3f04173 100755 --- a/tests/shell/testcases/transactions/0003table_0 +++ b/tests/shell/testcases/transactions/0003table_0 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add table y flush ruleset" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0 index d191868034297..39a5fe9eb9ca7 100755 --- a/tests/shell/testcases/transactions/0010chain_0 +++ b/tests/shell/testcases/transactions/0010chain_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y flush ruleset add table w add chain w y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0 index aac33d566f28d..7dca12874a7e2 100755 --- a/tests/shell/testcases/transactions/0011chain_0 +++ b/tests/shell/testcases/transactions/0011chain_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y add chain x y { type filter hook input priority 0; } add chain x y { policy drop; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0 index c3bfe13016adb..7ebfad42bfed1 100755 --- a/tests/shell/testcases/transactions/0012chain_0 +++ b/tests/shell/testcases/transactions/0012chain_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y flush ruleset @@ -20,8 +12,7 @@ flush ruleset add table w add chain w y { type filter hook output priority 0; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0 index 67c31c8a785d6..383e834771aa3 100755 --- a/tests/shell/testcases/transactions/0013chain_0 +++ b/tests/shell/testcases/transactions/0013chain_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y @@ -21,8 +13,7 @@ flush ruleset add table w add chain w y { type filter hook output priority 0; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0014chain_1 b/tests/shell/testcases/transactions/0014chain_1 index 955860d0c7f4b..40cea8b214484 100755 --- a/tests/shell/testcases/transactions/0014chain_1 +++ b/tests/shell/testcases/transactions/0014chain_1 @@ -2,19 +2,10 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y delete chain x y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing double-removal of chain" >&2 diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0 index e38634d350aab..b8e4cff56c2de 100755 --- a/tests/shell/testcases/transactions/0020rule_0 +++ b/tests/shell/testcases/transactions/0020rule_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y ip saddr 1.1.1.1 counter flush ruleset" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0 index 284a9e713dc11..f5f6eb8bb82e9 100755 --- a/tests/shell/testcases/transactions/0021rule_0 +++ b/tests/shell/testcases/transactions/0021rule_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y ip saddr 1.1.1.1 counter @@ -18,8 +10,7 @@ add table x add chain x y add rule x y ip saddr 2.2.2.2 counter" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0022rule_1 b/tests/shell/testcases/transactions/0022rule_1 index 5b937acd4a1e9..83c72af13f826 100755 --- a/tests/shell/testcases/transactions/0022rule_1 +++ b/tests/shell/testcases/transactions/0022rule_1 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y delete chain x y add rule x y jump y" -echo "$RULESET" > $tmpfile # kernel must return ENOENT -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing jump loop to unexisting chain" diff --git a/tests/shell/testcases/transactions/0023rule_1 b/tests/shell/testcases/transactions/0023rule_1 index 4c4e24cdcdf72..b43a0cce83197 100755 --- a/tests/shell/testcases/transactions/0023rule_1 +++ b/tests/shell/testcases/transactions/0023rule_1 @@ -2,19 +2,10 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add chain x y add rule x y jump y" -echo "$RULESET" > $tmpfile # kernel must return ELOOP -$NFT -f $tmpfile 2>/dev/null +$NFT -f - <<< $RULESET 2>/dev/null echo "E: allowing jump to chain loop" diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0 index ad08b7e5bb6bf..464bc2b32aa30 100755 --- a/tests/shell/testcases/transactions/0030set_0 +++ b/tests/shell/testcases/transactions/0030set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } flush ruleset add table x" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0 index 6c5757cc360d0..0bab49933f06b 100755 --- a/tests/shell/testcases/transactions/0031set_0 +++ b/tests/shell/testcases/transactions/0031set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } delete set x y add set x y { type ipv4_addr; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0 index 1b41cf092a842..126f37e5ae166 100755 --- a/tests/shell/testcases/transactions/0032set_0 +++ b/tests/shell/testcases/transactions/0032set_0 @@ -2,22 +2,13 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } flush ruleset add table w add set w y { type ipv4_addr; }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0 index 19543b3c97f30..f7a31e8c42f69 100755 --- a/tests/shell/testcases/transactions/0033set_0 +++ b/tests/shell/testcases/transactions/0033set_0 @@ -2,20 +2,11 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } delete set x y" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0 index 4cddb94dce6fc..882610322f721 100755 --- a/tests/shell/testcases/transactions/0034set_0 +++ b/tests/shell/testcases/transactions/0034set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0 index 9b20746b0e099..d442b68efe09d 100755 --- a/tests/shell/testcases/transactions/0035set_0 +++ b/tests/shell/testcases/transactions/0035set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } @@ -17,8 +9,7 @@ delete element x y { 1.1.1.1 } delete element x y { 2.2.2.2 } add element x y { 3.3.3.3 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0036set_1 b/tests/shell/testcases/transactions/0036set_1 index 46f94573d2d55..a0deb7a032633 100755 --- a/tests/shell/testcases/transactions/0036set_1 +++ b/tests/shell/testcases/transactions/0036set_1 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; } add element x y { 1.1.1.1, 2.2.2.2 } delete element x y { 1.1.1.1 } delete element x y { 1.1.1.1 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile 2> /dev/null +$NFT -f - <<< $RULESET 2> /dev/null # Kernel must return ENOENT echo "E: allowing double-removal of element" diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0 index 75b1d45378559..4aef63f1795f2 100755 --- a/tests/shell/testcases/transactions/0037set_0 +++ b/tests/shell/testcases/transactions/0037set_0 @@ -2,21 +2,12 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 1.1.1.0/24 } delete element x y { 1.1.1.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0 index 3120e91629340..fc9f1ca4dcd84 100755 --- a/tests/shell/testcases/transactions/0038set_0 +++ b/tests/shell/testcases/transactions/0038set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 192.168.0.0/24, 192.168.2.0/24 } @@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 } delete element x y { 192.168.2.0/24 } add element x y { 192.168.4.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0 index 3120e91629340..fc9f1ca4dcd84 100755 --- a/tests/shell/testcases/transactions/0039set_0 +++ b/tests/shell/testcases/transactions/0039set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="add table x add set x y { type ipv4_addr; flags interval;} add element x y { 192.168.0.0/24, 192.168.2.0/24 } @@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 } delete element x y { 192.168.2.0/24 } add element x y { 192.168.4.0/24 }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0 index 0ffc4416a1a1c..7386ecfb9a2ae 100755 --- a/tests/shell/testcases/transactions/0040set_0 +++ b/tests/shell/testcases/transactions/0040set_0 @@ -2,14 +2,6 @@ set -e -tmpfile=$(mktemp) -if [ ! -w $tmpfile ] ; then - echo "Failed to create tmp file" >&2 - exit 0 -fi - -trap "rm -rf $tmpfile" EXIT # cleanup if aborted - RULESET="table ip filter { map client_to_any { type ipv4_addr : verdict @@ -28,8 +20,7 @@ RULESET="table ip filter { chain CIn_1 { } }" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 @@ -45,8 +36,7 @@ fi RULESET="delete element ip filter client_to_any { 1.2.3.4 : goto CIn_1 } delete chain ip filter CIn_1" -echo "$RULESET" > $tmpfile -$NFT -f $tmpfile +$NFT -f - <<< $RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 -- 2.16.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html