In libnftables, detect if given filename is '-' and treat it as the
common way of requesting to read from stdin, then open /dev/stdin
instead. (Calling 'nft -f /dev/stdin' worked before as well, but this
makes it official.)
With this in place and bash's support for here strings, review all tests
in tests/shell for needless use of temp files. Note that two categories
of test cases were intentionally left unchanged:
- Tests creating potentially large rulesets to avoid running into shell
parameter length limits.
- Tests for 'include' directive for obvious reasons.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
doc/nft.xml | 2 +-
src/libnftables.c | 3 +++
tests/shell/testcases/cache/0001_cache_handling_0 | 16 ++++----------
tests/shell/testcases/cache/0002_interval_0 | 13 ++---------
tests/shell/testcases/flowtable/0001flowtable_0 | 12 +----------
tests/shell/testcases/import/vm_json_import_0 | 16 +++-----------
.../testcases/maps/0006interval_map_overlap_0 | 19 ++++------------
.../shell/testcases/maps/0007named_ifname_dtype_0 | 11 +---------
tests/shell/testcases/netns/0001nft-f_0 | 11 +---------
tests/shell/testcases/netns/0003many_0 | 12 +----------
tests/shell/testcases/nft-f/0001define_slash_0 | 14 +++---------
tests/shell/testcases/nft-f/0002rollback_rule_0 | 14 ++----------
tests/shell/testcases/nft-f/0003rollback_jump_0 | 14 ++----------
tests/shell/testcases/nft-f/0004rollback_set_0 | 14 ++----------
tests/shell/testcases/nft-f/0005rollback_map_0 | 14 ++----------
tests/shell/testcases/nft-f/0006action_object_0 | 25 +++++++---------------
.../nft-f/0007action_object_set_segfault_1 | 14 +++---------
tests/shell/testcases/nft-f/0008split_tables_0 | 11 +---------
tests/shell/testcases/nft-f/0009variable_0 | 11 +---------
tests/shell/testcases/nft-f/0010variable_0 | 11 +---------
.../shell/testcases/nft-f/0012different_defines_0 | 14 +++---------
tests/shell/testcases/nft-f/0013defines_1 | 14 +++---------
tests/shell/testcases/nft-f/0014defines_1 | 14 +++---------
tests/shell/testcases/nft-f/0015defines_1 | 14 +++---------
tests/shell/testcases/nft-f/0016redefines_1 | 14 +++---------
tests/shell/testcases/sets/0001named_interval_0 | 14 +++---------
.../shell/testcases/sets/0008create_verdict_map_0 | 14 +++---------
.../sets/0014malformed_set_is_not_defined_0 | 14 +++---------
tests/shell/testcases/sets/0015rulesetflush_0 | 16 ++++----------
tests/shell/testcases/sets/0021nesting_0 | 11 +---------
.../testcases/sets/0022type_selective_flush_0 | 17 ++++-----------
tests/shell/testcases/sets/0024named_objects_0 | 14 +++---------
tests/shell/testcases/sets/0026named_limit_0 | 14 +++---------
tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 | 14 +++---------
.../shell/testcases/sets/0029named_ifname_dtype_0 | 11 +---------
tests/shell/testcases/sets/0031set_timeout_size_0 | 14 +++---------
tests/shell/testcases/transactions/0001table_0 | 11 +---------
tests/shell/testcases/transactions/0002table_0 | 11 +---------
tests/shell/testcases/transactions/0003table_0 | 11 +---------
tests/shell/testcases/transactions/0010chain_0 | 11 +---------
tests/shell/testcases/transactions/0011chain_0 | 11 +---------
tests/shell/testcases/transactions/0012chain_0 | 11 +---------
tests/shell/testcases/transactions/0013chain_0 | 11 +---------
tests/shell/testcases/transactions/0014chain_1 | 11 +---------
tests/shell/testcases/transactions/0020rule_0 | 11 +---------
tests/shell/testcases/transactions/0021rule_0 | 11 +---------
tests/shell/testcases/transactions/0022rule_1 | 11 +---------
tests/shell/testcases/transactions/0023rule_1 | 11 +---------
tests/shell/testcases/transactions/0030set_0 | 11 +---------
tests/shell/testcases/transactions/0031set_0 | 11 +---------
tests/shell/testcases/transactions/0032set_0 | 11 +---------
tests/shell/testcases/transactions/0033set_0 | 11 +---------
tests/shell/testcases/transactions/0034set_0 | 11 +---------
tests/shell/testcases/transactions/0035set_0 | 11 +---------
tests/shell/testcases/transactions/0036set_1 | 11 +---------
tests/shell/testcases/transactions/0037set_0 | 11 +---------
tests/shell/testcases/transactions/0038set_0 | 11 +---------
tests/shell/testcases/transactions/0039set_0 | 11 +---------
tests/shell/testcases/transactions/0040set_0 | 14 ++----------
59 files changed, 116 insertions(+), 620 deletions(-)
diff --git a/doc/nft.xml b/doc/nft.xml
index fb57c2b6db8a7..7800890d20e9c 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -167,7 +167,7 @@ vi:ts=4 sw=4
<term><option>-f, --file <replaceable>filename</replaceable></option></term>
<listitem>
<para>
- Read input from <replaceable>filename</replaceable>.
+ Read input from <replaceable>filename</replaceable>. If <replaceable>filename</replaceable> is <literal>-</literal>, read from <literal>stdin</literal>.
</para>
<para>
nft scripts must start <command>#!/usr/sbin/nft -f</command>
diff --git a/src/libnftables.c b/src/libnftables.c
index 9b2f65aed7593..6e271209d87ec 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -313,6 +313,9 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
if (rc < 0)
return -1;
+ if (!strcmp(filename, "-"))
+ filename = "/dev/stdin";
+
parser_init(nft->nf_sock, &nft->cache, &state,
&msgs, nft->debug_mask, &nft->output);
scanner = scanner_init(&state);
diff --git a/tests/shell/testcases/cache/0001_cache_handling_0 b/tests/shell/testcases/cache/0001_cache_handling_0
index 3693f15a952f7..20c19117033d1 100755
--- a/tests/shell/testcases/cache/0001_cache_handling_0
+++ b/tests/shell/testcases/cache/0001_cache_handling_0
@@ -1,14 +1,6 @@
#!/bin/bash
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET='
table inet test {
set test {
type ipv4_addr
@@ -19,12 +11,12 @@ table inet test {
ip saddr @test counter accept
ip daddr { 2.2.2.2} counter accept
}
-}" > $tmpfile
+}'
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
rule_handle=$($NFT list ruleset -a | awk '/saddr/{print $NF}')
$NFT delete rule inet test test handle $rule_handle
$NFT delete set inet test test
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/cache/0002_interval_0 b/tests/shell/testcases/cache/0002_interval_0
index f500911ac2dc6..0c010c1f5f07f 100755
--- a/tests/shell/testcases/cache/0002_interval_0
+++ b/tests/shell/testcases/cache/0002_interval_0
@@ -5,14 +5,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="flush ruleset
table inet t {
set s { type ipv4_addr; flags interval; }
@@ -22,6 +14,5 @@ add element inet t s {
192.168.0.1/24,
}"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/flowtable/0001flowtable_0 b/tests/shell/testcases/flowtable/0001flowtable_0
index 6d08e254558a1..95b193dc90603 100755
--- a/tests/shell/testcases/flowtable/0001flowtable_0
+++ b/tests/shell/testcases/flowtable/0001flowtable_0
@@ -1,14 +1,5 @@
#!/bin/bash
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-
EXPECTED='table inet t {
flowtable f {
hook ingress priority 10
@@ -20,6 +11,5 @@ EXPECTED='table inet t {
}
}'
-echo "$EXPECTED" > $tmpfile
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $EXPECTED
diff --git a/tests/shell/testcases/import/vm_json_import_0 b/tests/shell/testcases/import/vm_json_import_0
index e5ecbcc43e16e..a8d546ff956eb 100755
--- a/tests/shell/testcases/import/vm_json_import_0
+++ b/tests/shell/testcases/import/vm_json_import_0
@@ -1,14 +1,5 @@
#!/bin/bash
-tmpfile=$(mktemp)
-
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="table ip mangle {
set blackhole {
type ipv4_addr
@@ -56,8 +47,7 @@ table ip6 x {
}
}"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
-$NFT export vm json > $tmpfile
+$NFT -f - <<< $RULESET
+RULESET_JSON=$($NFT export vm json)
$NFT flush ruleset
-cat $tmpfile | $NFT import vm json
+$NFT import vm json <<< $RULESET_JSON
diff --git a/tests/shell/testcases/maps/0006interval_map_overlap_0 b/tests/shell/testcases/maps/0006interval_map_overlap_0
index 682ac65b0e19a..d63a396d30ee8 100755
--- a/tests/shell/testcases/maps/0006interval_map_overlap_0
+++ b/tests/shell/testcases/maps/0006interval_map_overlap_0
@@ -4,24 +4,13 @@
# shows how disjoint intervals are seen as overlaps
# NOTE this is only an issue with two separate nft calls
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
n=1
-echo "add table x
+RULESET="add table x
add map x y { type ipv4_addr : ipv4_addr; flags interval; }
-add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile
+add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
n=2
-echo "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }" > $tmpfile
-
-$NFT -f $tmpfile
-
+$NFT "add element x y { 10.0.${n}.0/24 : 10.0.0.${n} }"
diff --git a/tests/shell/testcases/maps/0007named_ifname_dtype_0 b/tests/shell/testcases/maps/0007named_ifname_dtype_0
index 5e51a605358b5..4c7e7895a5ce3 100755
--- a/tests/shell/testcases/maps/0007named_ifname_dtype_0
+++ b/tests/shell/testcases/maps/0007named_ifname_dtype_0
@@ -2,14 +2,6 @@
# support for ifname in named maps
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
EXPECTED="table inet t {
map m1 {
type ifname : ipv4_addr
@@ -23,6 +15,5 @@ EXPECTED="table inet t {
}"
set -e
-echo "$EXPECTED" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $EXPECTED
diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0
index 435275233f75d..a6c854d25c2c6 100755
--- a/tests/shell/testcases/netns/0001nft-f_0
+++ b/tests/shell/testcases/netns/0001nft-f_0
@@ -8,14 +8,6 @@ if [ ! -x "$IP" ] ; then
exit 1
fi
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="table ip t {
set s {
type ipv4_addr
@@ -91,8 +83,7 @@ if [ $? -ne 0 ] ; then
exit 1
fi
-echo "$RULESET" > $tmpfile
-$IP netns exec $NETNS_NAME $NFT -f $tmpfile
+$IP netns exec $NETNS_NAME $NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset in netns" >&2
$IP netns del $NETNS_NAME
diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0
index 03da6eec85973..c3595de8e5d56 100755
--- a/tests/shell/testcases/netns/0003many_0
+++ b/tests/shell/testcases/netns/0003many_0
@@ -11,14 +11,6 @@ if [ ! -x "$IP" ] ; then
exit 1
fi
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="table ip t {
set s {
type ipv4_addr
@@ -86,8 +78,6 @@ table arp t {
}
}"
-echo "$RULESET" > $tmpfile
-
function test_netns()
{
local NETNS_NAME=$1
@@ -97,7 +87,7 @@ function test_netns()
exit 1
fi
- $IP netns exec $NETNS_NAME $NFT -f $tmpfile
+ $IP netns exec $NETNS_NAME $NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset in netns" >&2
$IP netns del $NETNS_NAME
diff --git a/tests/shell/testcases/nft-f/0001define_slash_0 b/tests/shell/testcases/nft-f/0001define_slash_0
index bf0763d4bd7c3..8712fbf88ef34 100755
--- a/tests/shell/testcases/nft-f/0001define_slash_0
+++ b/tests/shell/testcases/nft-f/0001define_slash_0
@@ -2,18 +2,10 @@
# tests for commit 85d6803 (parser_bison: initializer_expr must use rhs_expr)
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
define net = 1.1.1.1/24
-" > $tmpfile
+"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0
index 19690544c5be1..da3cdc0bc1619 100755
--- a/tests/shell/testcases/nft-f/0002rollback_rule_0
+++ b/tests/shell/testcases/nft-f/0002rollback_rule_0
@@ -3,14 +3,6 @@
# test a kernel rollback operation
# fail reason: rule
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
GOOD_RULESET="table ip t {
set t {
type ipv4_addr
@@ -35,15 +27,13 @@ table ip t2 {
}
}"
-echo "$GOOD_RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $GOOD_RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-echo "$BAD_RULESET" > $tmpfile
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $BAD_RULESET 2>/dev/null
if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0
index f53fd23872511..1238f1504c96b 100755
--- a/tests/shell/testcases/nft-f/0003rollback_jump_0
+++ b/tests/shell/testcases/nft-f/0003rollback_jump_0
@@ -3,14 +3,6 @@
# test a kernel rollback operation
# fail reason: invalid jump
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
GOOD_RULESET="table ip t {
set t {
type ipv4_addr
@@ -35,15 +27,13 @@ table ip t2 {
}
}"
-echo "$GOOD_RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $GOOD_RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-echo "$BAD_RULESET" > $tmpfile
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $BAD_RULESET 2>/dev/null
if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0
index 7674106fb9e39..25fc870c67421 100755
--- a/tests/shell/testcases/nft-f/0004rollback_set_0
+++ b/tests/shell/testcases/nft-f/0004rollback_set_0
@@ -3,14 +3,6 @@
# test a kernel rollback operation
# fail reason: invalid set
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
GOOD_RULESET="table ip t {
set t {
type ipv4_addr
@@ -35,15 +27,13 @@ table ip t2 {
}
}"
-echo "$GOOD_RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $GOOD_RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-echo "$BAD_RULESET" > $tmpfile
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $BAD_RULESET 2>/dev/null
if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0
index ba1fcc5960652..90108e729d59b 100755
--- a/tests/shell/testcases/nft-f/0005rollback_map_0
+++ b/tests/shell/testcases/nft-f/0005rollback_map_0
@@ -3,14 +3,6 @@
# test a kernel rollback operation
# fail reason: invalid map
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
GOOD_RULESET="table ip t {
set t {
type ipv4_addr
@@ -38,15 +30,13 @@ table ip t2 {
}
}"
-echo "$GOOD_RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $GOOD_RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
-echo "$BAD_RULESET" > $tmpfile
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $BAD_RULESET 2>/dev/null
if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
diff --git a/tests/shell/testcases/nft-f/0006action_object_0 b/tests/shell/testcases/nft-f/0006action_object_0
index f4ec41d5ddc5e..6e3b0b2e58256 100755
--- a/tests/shell/testcases/nft-f/0006action_object_0
+++ b/tests/shell/testcases/nft-f/0006action_object_0
@@ -2,14 +2,6 @@
# test loading a ruleset with the 'action object' pattern
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -f $tmpfile" EXIT # cleanup if aborted
-
set -e
FAMILIES="ip ip6 inet arp bridge"
@@ -29,7 +21,7 @@ generate1()
add element $family t m {10080:drop}
insert rule $family t c meta l4proto tcp tcp dport vmap @m
add rule $family t c meta l4proto udp udp sport vmap {1111:accept}
- " >> $tmpfile
+ "
}
generate2()
@@ -41,25 +33,24 @@ generate2()
delete element $family t s {8080}
delete chain $family t c
delete table $family t
- " >> $tmpfile
+ "
}
-for family in $FAMILIES ; do
+RULESET=$(for family in $FAMILIES ; do
generate1 $family
-done
+done)
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset 1" >&2
exit 1
fi
-echo "" > $tmpfile
-for family in $FAMILIES ; do
+RULESET=$(for family in $FAMILIES ; do
generate2 $family
-done
+done)
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset 2" >&2
exit 1
diff --git a/tests/shell/testcases/nft-f/0007action_object_set_segfault_1 b/tests/shell/testcases/nft-f/0007action_object_set_segfault_1
index 3a4183bbb441f..7649a49608183 100755
--- a/tests/shell/testcases/nft-f/0007action_object_set_segfault_1
+++ b/tests/shell/testcases/nft-f/0007action_object_set_segfault_1
@@ -3,19 +3,11 @@
# test for a segfault if bad syntax was used in set declaration
# and the set is referenced in the same batch
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -f $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
add table t
add chain t c
add set t s {type ipv4_addr\;}
add rule t c ip saddr @s
-" > $tmpfile
+"
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $RULESET 2>/dev/null
diff --git a/tests/shell/testcases/nft-f/0008split_tables_0 b/tests/shell/testcases/nft-f/0008split_tables_0
index b244d14ea70f7..14cdd49977a26 100755
--- a/tests/shell/testcases/nft-f/0008split_tables_0
+++ b/tests/shell/testcases/nft-f/0008split_tables_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="table inet filter {
chain ssh {
type filter hook input priority 0; policy accept;
@@ -23,8 +15,7 @@ table inet filter {
}
}"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/nft-f/0009variable_0 b/tests/shell/testcases/nft-f/0009variable_0
index 4d387074d8a54..8ff6b7cf20bcd 100755
--- a/tests/shell/testcases/nft-f/0009variable_0
+++ b/tests/shell/testcases/nft-f/0009variable_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="define concat-set-variable = { 10.10.10.10 . 25, 10.10.10.10 . 143 }
table inet forward {
@@ -19,5 +11,4 @@ table inet forward {
}
}"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0010variable_0 b/tests/shell/testcases/nft-f/0010variable_0
index 2df71b1347410..be02c6bf41628 100755
--- a/tests/shell/testcases/nft-f/0010variable_0
+++ b/tests/shell/testcases/nft-f/0010variable_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="define whitelist_v4 = { 1.1.1.1 }
table inet filter {
@@ -18,5 +10,4 @@ table inet filter {
add element inet filter whitelist_v4 \$whitelist_v4
"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0
index 9c496d5932755..c17b06b18d236 100755
--- a/tests/shell/testcases/nft-f/0012different_defines_0
+++ b/tests/shell/testcases/nft-f/0012different_defines_0
@@ -2,15 +2,7 @@
# tests different spots, datatypes and usages for nft defines
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
define d_iifname = whatever
define d_oifname = \$d_iifname
define d_iif = lo
@@ -38,7 +30,7 @@ table inet t {
tcp dport \$d_ports
udp dport vmap { \$d_ports : accept }
}
-}" >> $tmpfile
+}"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0013defines_1 b/tests/shell/testcases/nft-f/0013defines_1
index 053700348c0be..b6d575c93452d 100755
--- a/tests/shell/testcases/nft-f/0013defines_1
+++ b/tests/shell/testcases/nft-f/0013defines_1
@@ -4,15 +4,7 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
define var2 = \$var1
define var1 = lo
@@ -20,6 +12,6 @@ table ip t {
chain c {
iif \$var2
}
-}" >> $tmpfile
+}"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0014defines_1 b/tests/shell/testcases/nft-f/0014defines_1
index de5615e96727e..77d766ec5215c 100755
--- a/tests/shell/testcases/nft-f/0014defines_1
+++ b/tests/shell/testcases/nft-f/0014defines_1
@@ -4,15 +4,7 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
define var1 = lo
define var1 = lo
@@ -20,6 +12,6 @@ table ip t {
chain c {
iif \$var1
}
-}" >> $tmpfile
+}"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0015defines_1 b/tests/shell/testcases/nft-f/0015defines_1
index 9c1a7013e62fa..8aaa7bb10d592 100755
--- a/tests/shell/testcases/nft-f/0015defines_1
+++ b/tests/shell/testcases/nft-f/0015defines_1
@@ -4,21 +4,13 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
define var1 = \$var1
table ip t {
chain c {
iif \$var1
}
-}" >> $tmpfile
+}"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/nft-f/0016redefines_1 b/tests/shell/testcases/nft-f/0016redefines_1
index da303607b0cb2..9a6a764a3d974 100755
--- a/tests/shell/testcases/nft-f/0016redefines_1
+++ b/tests/shell/testcases/nft-f/0016redefines_1
@@ -2,15 +2,7 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
table ip x {
chain y {
define unused = 4.4.4.4
@@ -20,7 +12,7 @@ table ip x {
ip saddr $address
undefine unused
}
-}" >> $tmpfile
+}"
EXPECTED="table ip x {
chain y {
@@ -29,7 +21,7 @@ EXPECTED="table ip x {
}
}"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
GET="$($NFT list ruleset)"
diff --git a/tests/shell/testcases/sets/0001named_interval_0 b/tests/shell/testcases/sets/0001named_interval_0
index 8d08b755094c7..740981252f868 100755
--- a/tests/shell/testcases/sets/0001named_interval_0
+++ b/tests/shell/testcases/sets/0001named_interval_0
@@ -4,15 +4,7 @@
# * creating a valid interval set
# * referencing it from a valid rule
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
table inet t {
set s1 {
type ipv4_addr
@@ -41,7 +33,7 @@ table inet t {
ip6 nexthdr @s3 accept
tcp dport @s4 accept
}
-}" > $tmpfile
+}"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/0008create_verdict_map_0 b/tests/shell/testcases/sets/0008create_verdict_map_0
index 8ebb450969625..1188e977c96ed 100755
--- a/tests/shell/testcases/sets/0008create_verdict_map_0
+++ b/tests/shell/testcases/sets/0008create_verdict_map_0
@@ -1,14 +1,6 @@
#!/bin/bash
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
table ip t {
map sourcemap {
type ipv4_addr : verdict;
@@ -19,7 +11,7 @@ table ip t {
}
add chain t c
add element t sourcemap { 100.123.10.2 : jump c }
-" > $tmpfile
+"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0 b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0
index 5d1a2daba1fc1..61d6b49ceeac2 100755
--- a/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0
+++ b/tests/shell/testcases/sets/0014malformed_set_is_not_defined_0
@@ -7,22 +7,14 @@
# In this case, nft should error out because the set doesn't exist instead of
# segfaulting
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
add table t
add chain t c
add set t s {type ipv4_addr\;}
add rule t c ip saddr @s
-" >$tmpfile
+"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
ret=$?
trap - EXIT
diff --git a/tests/shell/testcases/sets/0015rulesetflush_0 b/tests/shell/testcases/sets/0015rulesetflush_0
index 27242b36c3c51..3bfab97cf1c45 100755
--- a/tests/shell/testcases/sets/0015rulesetflush_0
+++ b/tests/shell/testcases/sets/0015rulesetflush_0
@@ -1,14 +1,6 @@
#!/bin/bash
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "flush ruleset
+RULESET="flush ruleset
add table t
add chain t c
@@ -18,9 +10,9 @@ table inet filter {
add element inet filter blacklist_v4 {
192.168.0.1/24,
-}" >$tmpfile
+}"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
# make sure flush ruleset works right
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0
index 4779f264e8c89..c0ac396f8b31a 100755
--- a/tests/shell/testcases/sets/0021nesting_0
+++ b/tests/shell/testcases/sets/0021nesting_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-#trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET='
define set1 = {
2.2.2.0/24,
@@ -24,8 +16,7 @@ table ip x {
}
}'
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/sets/0022type_selective_flush_0 b/tests/shell/testcases/sets/0022type_selective_flush_0
index 659bf70c05bfc..0c39cbad9352a 100755
--- a/tests/shell/testcases/sets/0022type_selective_flush_0
+++ b/tests/shell/testcases/sets/0022type_selective_flush_0
@@ -3,23 +3,15 @@
# This tests the selectiveness of flush command on structures that use the
# generic set infrastructure (sets, maps and meters).
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
add table t
add chain t c
add set t s {type ipv4_addr;}
add map t m {type ipv4_addr : inet_service;}
add rule t c tcp dport 80 meter f {ip saddr limit rate 10/second}
-" >$tmpfile
+"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
# Commands that should be invalid
@@ -31,8 +23,7 @@ declare -a cmds=(
for i in "${cmds[@]}"
do
- echo "$i" >$tmpfile
- $NFT -f $tmpfile &>/dev/null
+ $NFT "$i" &>/dev/null
ret=$?
if [ $ret -eq 0 ]; then
diff --git a/tests/shell/testcases/sets/0024named_objects_0 b/tests/shell/testcases/sets/0024named_objects_0
index 19dd1cd54fcc5..772247e0994d5 100755
--- a/tests/shell/testcases/sets/0024named_objects_0
+++ b/tests/shell/testcases/sets/0024named_objects_0
@@ -4,15 +4,7 @@
# * creating valid named objects
# * referencing them from a valid rule
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
table inet x {
counter user123 {
packets 12 bytes 1433
@@ -35,7 +27,7 @@ table inet x {
counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"}
quota name ip saddr map @test drop
}
-}" > $tmpfile
+}"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/0026named_limit_0 b/tests/shell/testcases/sets/0026named_limit_0
index 91553f34088b8..23bc0b02b8e8a 100755
--- a/tests/shell/testcases/sets/0026named_limit_0
+++ b/tests/shell/testcases/sets/0026named_limit_0
@@ -4,15 +4,7 @@
# * creating valid named limits
# * referencing them from a valid rule
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
table ip filter {
limit http-traffic {
rate 1/second
@@ -21,7 +13,7 @@ table ip filter {
type filter hook input priority 0; policy accept;
limit name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"}
}
-}" > $tmpfile
+}"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0 b/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0
index 7ac271a09cefe..846e3226ae05d 100755
--- a/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0
+++ b/tests/shell/testcases/sets/0027ipv6_maps_ipv4_0
@@ -4,15 +4,7 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "
+RULESET="
table inet t {
set s {
type ipv6_addr
@@ -20,6 +12,6 @@ table inet t {
elements = { ::ffff:0.0.0.0/96 }
}
}
-" > $tmpfile
+"
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0
index 92f4a4ad043f0..532d892739f4d 100755
--- a/tests/shell/testcases/sets/0029named_ifname_dtype_0
+++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0
@@ -2,14 +2,6 @@
# support for ifname in named sets
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
EXPECTED="table inet t {
set s {
type ifname
@@ -23,5 +15,4 @@ EXPECTED="table inet t {
}"
set -e
-echo "$EXPECTED" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $EXPECTED
diff --git a/tests/shell/testcases/sets/0031set_timeout_size_0 b/tests/shell/testcases/sets/0031set_timeout_size_0
index 89af58f35d144..3d3f919ab97a3 100755
--- a/tests/shell/testcases/sets/0031set_timeout_size_0
+++ b/tests/shell/testcases/sets/0031set_timeout_size_0
@@ -1,15 +1,7 @@
#!/bin/bash
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
-echo "add table x
-add set x y { type ipv4_addr; size 128; timeout 30s; }" > $tmpfile
+RULESET="add table x
+add set x y { type ipv4_addr; size 128; timeout 30s; }"
set -e
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/transactions/0001table_0 b/tests/shell/testcases/transactions/0001table_0
index 83f9fd0d7d6c4..1a8ecb8663c7b 100755
--- a/tests/shell/testcases/transactions/0001table_0
+++ b/tests/shell/testcases/transactions/0001table_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
delete table x
add table x
add table y"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0
index dbd2f4ab8faf2..290ea436dc9b8 100755
--- a/tests/shell/testcases/transactions/0002table_0
+++ b/tests/shell/testcases/transactions/0002table_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
delete table x
add table x
add table x { flags dormant; }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0
index 004ce51312969..c5a87d3f04173 100755
--- a/tests/shell/testcases/transactions/0003table_0
+++ b/tests/shell/testcases/transactions/0003table_0
@@ -2,20 +2,11 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add table y
flush ruleset"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0010chain_0 b/tests/shell/testcases/transactions/0010chain_0
index d191868034297..39a5fe9eb9ca7 100755
--- a/tests/shell/testcases/transactions/0010chain_0
+++ b/tests/shell/testcases/transactions/0010chain_0
@@ -2,22 +2,13 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
flush ruleset
add table w
add chain w y"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0
index aac33d566f28d..7dca12874a7e2 100755
--- a/tests/shell/testcases/transactions/0011chain_0
+++ b/tests/shell/testcases/transactions/0011chain_0
@@ -2,22 +2,13 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
delete chain x y
add chain x y { type filter hook input priority 0; }
add chain x y { policy drop; }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0012chain_0 b/tests/shell/testcases/transactions/0012chain_0
index c3bfe13016adb..7ebfad42bfed1 100755
--- a/tests/shell/testcases/transactions/0012chain_0
+++ b/tests/shell/testcases/transactions/0012chain_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
flush ruleset
@@ -20,8 +12,7 @@ flush ruleset
add table w
add chain w y { type filter hook output priority 0; }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0013chain_0 b/tests/shell/testcases/transactions/0013chain_0
index 67c31c8a785d6..383e834771aa3 100755
--- a/tests/shell/testcases/transactions/0013chain_0
+++ b/tests/shell/testcases/transactions/0013chain_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
delete chain x y
@@ -21,8 +13,7 @@ flush ruleset
add table w
add chain w y { type filter hook output priority 0; }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0014chain_1 b/tests/shell/testcases/transactions/0014chain_1
index 955860d0c7f4b..40cea8b214484 100755
--- a/tests/shell/testcases/transactions/0014chain_1
+++ b/tests/shell/testcases/transactions/0014chain_1
@@ -2,19 +2,10 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
delete chain x y
delete chain x y"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $RULESET 2>/dev/null
echo "E: allowing double-removal of chain" >&2
diff --git a/tests/shell/testcases/transactions/0020rule_0 b/tests/shell/testcases/transactions/0020rule_0
index e38634d350aab..b8e4cff56c2de 100755
--- a/tests/shell/testcases/transactions/0020rule_0
+++ b/tests/shell/testcases/transactions/0020rule_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
add rule x y ip saddr 1.1.1.1 counter
flush ruleset"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0021rule_0 b/tests/shell/testcases/transactions/0021rule_0
index 284a9e713dc11..f5f6eb8bb82e9 100755
--- a/tests/shell/testcases/transactions/0021rule_0
+++ b/tests/shell/testcases/transactions/0021rule_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
add rule x y ip saddr 1.1.1.1 counter
@@ -18,8 +10,7 @@ add table x
add chain x y
add rule x y ip saddr 2.2.2.2 counter"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0022rule_1 b/tests/shell/testcases/transactions/0022rule_1
index 5b937acd4a1e9..83c72af13f826 100755
--- a/tests/shell/testcases/transactions/0022rule_1
+++ b/tests/shell/testcases/transactions/0022rule_1
@@ -2,20 +2,11 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
delete chain x y
add rule x y jump y"
-echo "$RULESET" > $tmpfile
# kernel must return ENOENT
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $RULESET 2>/dev/null
echo "E: allowing jump loop to unexisting chain"
diff --git a/tests/shell/testcases/transactions/0023rule_1 b/tests/shell/testcases/transactions/0023rule_1
index 4c4e24cdcdf72..b43a0cce83197 100755
--- a/tests/shell/testcases/transactions/0023rule_1
+++ b/tests/shell/testcases/transactions/0023rule_1
@@ -2,19 +2,10 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add chain x y
add rule x y jump y"
-echo "$RULESET" > $tmpfile
# kernel must return ELOOP
-$NFT -f $tmpfile 2>/dev/null
+$NFT -f - <<< $RULESET 2>/dev/null
echo "E: allowing jump to chain loop"
diff --git a/tests/shell/testcases/transactions/0030set_0 b/tests/shell/testcases/transactions/0030set_0
index ad08b7e5bb6bf..464bc2b32aa30 100755
--- a/tests/shell/testcases/transactions/0030set_0
+++ b/tests/shell/testcases/transactions/0030set_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
flush ruleset
add table x"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0031set_0 b/tests/shell/testcases/transactions/0031set_0
index 6c5757cc360d0..0bab49933f06b 100755
--- a/tests/shell/testcases/transactions/0031set_0
+++ b/tests/shell/testcases/transactions/0031set_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
delete set x y
add set x y { type ipv4_addr; }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0032set_0 b/tests/shell/testcases/transactions/0032set_0
index 1b41cf092a842..126f37e5ae166 100755
--- a/tests/shell/testcases/transactions/0032set_0
+++ b/tests/shell/testcases/transactions/0032set_0
@@ -2,22 +2,13 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
flush ruleset
add table w
add set w y { type ipv4_addr; }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0033set_0 b/tests/shell/testcases/transactions/0033set_0
index 19543b3c97f30..f7a31e8c42f69 100755
--- a/tests/shell/testcases/transactions/0033set_0
+++ b/tests/shell/testcases/transactions/0033set_0
@@ -2,20 +2,11 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
delete set x y"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0034set_0 b/tests/shell/testcases/transactions/0034set_0
index 4cddb94dce6fc..882610322f721 100755
--- a/tests/shell/testcases/transactions/0034set_0
+++ b/tests/shell/testcases/transactions/0034set_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
add element x y { 1.1.1.1 }
delete element x y { 1.1.1.1 }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0035set_0 b/tests/shell/testcases/transactions/0035set_0
index 9b20746b0e099..d442b68efe09d 100755
--- a/tests/shell/testcases/transactions/0035set_0
+++ b/tests/shell/testcases/transactions/0035set_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
add element x y { 1.1.1.1, 2.2.2.2 }
@@ -17,8 +9,7 @@ delete element x y { 1.1.1.1 }
delete element x y { 2.2.2.2 }
add element x y { 3.3.3.3 }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0036set_1 b/tests/shell/testcases/transactions/0036set_1
index 46f94573d2d55..a0deb7a032633 100755
--- a/tests/shell/testcases/transactions/0036set_1
+++ b/tests/shell/testcases/transactions/0036set_1
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; }
add element x y { 1.1.1.1, 2.2.2.2 }
delete element x y { 1.1.1.1 }
delete element x y { 1.1.1.1 }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile 2> /dev/null
+$NFT -f - <<< $RULESET 2> /dev/null
# Kernel must return ENOENT
echo "E: allowing double-removal of element"
diff --git a/tests/shell/testcases/transactions/0037set_0 b/tests/shell/testcases/transactions/0037set_0
index 75b1d45378559..4aef63f1795f2 100755
--- a/tests/shell/testcases/transactions/0037set_0
+++ b/tests/shell/testcases/transactions/0037set_0
@@ -2,21 +2,12 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; flags interval;}
add element x y { 1.1.1.0/24 }
delete element x y { 1.1.1.0/24 }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0038set_0 b/tests/shell/testcases/transactions/0038set_0
index 3120e91629340..fc9f1ca4dcd84 100755
--- a/tests/shell/testcases/transactions/0038set_0
+++ b/tests/shell/testcases/transactions/0038set_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; flags interval;}
add element x y { 192.168.0.0/24, 192.168.2.0/24 }
@@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 }
delete element x y { 192.168.2.0/24 }
add element x y { 192.168.4.0/24 }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0039set_0 b/tests/shell/testcases/transactions/0039set_0
index 3120e91629340..fc9f1ca4dcd84 100755
--- a/tests/shell/testcases/transactions/0039set_0
+++ b/tests/shell/testcases/transactions/0039set_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="add table x
add set x y { type ipv4_addr; flags interval;}
add element x y { 192.168.0.0/24, 192.168.2.0/24 }
@@ -17,8 +9,7 @@ delete element x y { 192.168.0.0/24 }
delete element x y { 192.168.2.0/24 }
add element x y { 192.168.4.0/24 }"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
diff --git a/tests/shell/testcases/transactions/0040set_0 b/tests/shell/testcases/transactions/0040set_0
index 0ffc4416a1a1c..7386ecfb9a2ae 100755
--- a/tests/shell/testcases/transactions/0040set_0
+++ b/tests/shell/testcases/transactions/0040set_0
@@ -2,14 +2,6 @@
set -e
-tmpfile=$(mktemp)
-if [ ! -w $tmpfile ] ; then
- echo "Failed to create tmp file" >&2
- exit 0
-fi
-
-trap "rm -rf $tmpfile" EXIT # cleanup if aborted
-
RULESET="table ip filter {
map client_to_any {
type ipv4_addr : verdict
@@ -28,8 +20,7 @@ RULESET="table ip filter {
chain CIn_1 {
}
}"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
@@ -45,8 +36,7 @@ fi
RULESET="delete element ip filter client_to_any { 1.2.3.4 : goto CIn_1 }
delete chain ip filter CIn_1"
-echo "$RULESET" > $tmpfile
-$NFT -f $tmpfile
+$NFT -f - <<< $RULESET
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
