Re: nft: Help with writing test cases

Florian Westphal <fw@xxxxxxxxx> · Wed, 16 May 2018 13:17:29 +0200

Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> Hi all,
> 
> I've been trying to write a python test for socket matching I am about to
> introduce, but I cannot generate a payload file for it. Florian told me that if
> I provide an empty payload file, it will be autogenerated, but it does not.

Works for me:

# cat tests/py/inet/socket.t
:sockchain;type filter hook prerouting priority -150

*ip;sockip4;sockchain
#*ip6;sockip6;sockchain

ip daddr 1.2.3.4;ok
#socket flags transparent;ok

# cat tests/py/inet/socket.t.payload
# cat tests/py/inet/socket.t.payload.got

./tests/py/nft-test.py -d inet/socket.t
list table ip sockip4
add table ip sockip4
list table ip sockip4
list chain ip sockip4 sockchain
add chain ip sockip4 sockchain { type filter hook prerouting priority -150; }
list chain ip sockip4 sockchain
nftables/tests/py/inet/socket.t.payload: ERROR: line 2: did not find payload information for rule 'ip daddr 1.2.3.4'
flush table ip sockip4
add rule ip sockip4 sockchain ip daddr 1.2.3.4
nftables/tests/py/inet/socket.t.payload.got:
ERROR: line 2: Wrote payload for rule ip daddr 1.2.3.4 list chain ip sockip4 sockchain
flush chain ip sockip4 sockchain
delete chain ip sockip4 sockchain
list chain ip sockip4 sockchain
list table ip sockip4
delete table ip sockip4
list table ip sockip4
inet/socket.t: 1 unit tests, 1 error, 0 warning

cat tests/py/inet/socket.t.payload.got
# ip daddr 1.2.3.4
ip sockip4 sockchain
  [ payload load 4b @ network header + 16 => reg 1 ]
  [ cmp eq reg 1 0x04030201 ]

mv tests/py/inet/socket.t.payload.got tests/py/inet/socket.t.payload

./tests/py/nft-test.py  inet/socket.t
inet/socket.t: 1 unit tests, 0 error, 0 warning

> 		add rule ip sockip4 sockchain socket exists
> 		inet/socket.t: ERROR: line 7: add rule ip sockip4 sockchain socket exists: This rule should not have failed.

This looks wrong, the rule isn't being added.
Does it work when you run the test script from a fresh netns
(unshare -n ./tests/py/nf-test.py ...)?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html