netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH nft] tests: replace single element sets
@ 2019-05-24 19:12 Pablo Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2019-05-24 19:12 UTC (permalink / raw)
  To: netfilter-devel; +Cc: fw

Add at least two elements to sets.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
Needs to revert two recent commits upstream to apply this.

 tests/py/any/ct.t                                  |   9 +-
 tests/py/any/ct.t.payload                          |  52 +--
 tests/py/any/meta.t                                |  30 +-
 tests/py/any/meta.t.payload                        | 386 +++++++++++----------
 tests/shell/testcases/cache/0001_cache_handling_0  |   4 +-
 .../cache/dumps/0001_cache_handling_0.nft          |   6 +-
 tests/shell/testcases/listing/0011sets_0           |   8 +-
 tests/shell/testcases/netns/0001nft-f_0            |   6 +-
 tests/shell/testcases/netns/0002loosecommands_0    |   4 +-
 tests/shell/testcases/netns/0003many_0             |   6 +-
 tests/shell/testcases/nft-f/0002rollback_rule_0    |   2 +-
 tests/shell/testcases/nft-f/0003rollback_jump_0    |   2 +-
 tests/shell/testcases/nft-f/0004rollback_set_0     |   2 +-
 tests/shell/testcases/nft-f/0005rollback_map_0     |   2 +-
 tests/shell/testcases/nft-f/0006action_object_0    |   4 +-
 tests/shell/testcases/nft-f/0016redefines_1        |   4 +-
 .../testcases/nft-f/dumps/0002rollback_rule_0.nft  |   2 +-
 .../testcases/nft-f/dumps/0003rollback_jump_0.nft  |   2 +-
 .../testcases/nft-f/dumps/0004rollback_set_0.nft   |   2 +-
 .../testcases/nft-f/dumps/0005rollback_map_0.nft   |   2 +-
 tests/shell/testcases/sets/0021nesting_0           |   1 +
 21 files changed, 280 insertions(+), 256 deletions(-)

diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index b5c13524408f..81d937d97ac9 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -73,17 +73,16 @@ ct expiration 33-45;ok;ct expiration 33s-45s
 ct expiration != 33-45;ok;ct expiration != 33s-45s
 ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s}
 ct expiration != {33, 55, 67, 88};ok;ct expiration != { 1m7s, 33s, 55s, 1m28s}
-ct expiration {33-55};ok;ct expiration { 33s-55s}
-ct expiration != {33-55};ok;ct expiration != { 33s-55s}
+ct expiration {33-55, 66-88};ok;ct expiration { 33s-55s, 1m6s-1m28s}
+ct expiration != {33-55, 66-88};ok;ct expiration != { 33s-55s, 1m6s-1m28s}
 
 ct helper "ftp";ok
 ct helper "12345678901234567";fail
 ct helper "";fail
 
-ct state . ct mark { new . 0x12345678};ok
 ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok
-ct direction . ct mark { original . 0x12345678};ok
-ct state . ct mark vmap { new . 0x12345678 : drop};ok
+ct direction . ct mark { original . 0x12345678, reply . 0x87654321};ok
+ct state . ct mark vmap { new . 0x12345678 : drop, established . 0x87654321 : accept};ok
 
 ct original bytes > 100000;ok
 ct reply packets < 100;ok
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index 9338466d5df4..86ac81cd729d 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -283,20 +283,20 @@ ip test-ip4 output
   [ ct load expiration => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# ct expiration {33-55}
-__set%d test-ip4 7
+# ct expiration {33-55, 66-88}
+__set%d test-ip4 7 size 5
 __set%d test-ip4 0
-	element 00000000  : 1 [end]	element e8800000  : 0 [end]	element d9d60000  : 1 [end]
-ip test-ip4 output
+	element 00000000  : 1 [end]	element e8800000  : 0 [end]	element d9d60000  : 1 [end]	element d0010100  : 0 [end]	element c1570100  : 1 [end]
+ip test-ip4 output 
   [ ct load expiration => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 4, 4) ]
   [ lookup reg 1 set __set%d ]
 
-# ct expiration != {33-55}
-__set%d test-ip4 7
+# ct expiration != {33-55, 66-88}
+__set%d test-ip4 7 size 5
 __set%d test-ip4 0
-	element 00000000  : 1 [end]	element e8800000  : 0 [end]	element d9d60000  : 1 [end]
-ip test-ip4 output
+	element 00000000  : 1 [end]	element e8800000  : 0 [end]	element d9d60000  : 1 [end]	element d0010100  : 0 [end]	element c1570100  : 1 [end]
+ip test-ip4 output 
   [ ct load expiration => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 4, 4) ]
   [ lookup reg 1 set __set%d 0x1 ]
@@ -324,24 +324,6 @@ ip test-ip4 output
   [ ct load mark => reg 9 ]
   [ lookup reg 1 set __set%d ]
 
-# ct direction . ct mark { original . 0x12345678}
-__set%d test 3
-__set%d test 0
-	element 00000000 12345678  : 0 [end]
-ip test-ip4 output
-  [ ct load direction => reg 1 ]
-  [ ct load mark => reg 9 ]
-  [ lookup reg 1 set __set%d ]
-
-# ct state . ct mark vmap { new . 0x12345678 : drop}
-__map%d test-ip4 b
-__map%d test-ip4 0
-	element 00000008 12345678  : 0 [end]
-ip test-ip4 output
-  [ ct load state => reg 1 ]
-  [ ct load mark => reg 9 ]
-  [ lookup reg 1 set __map%d dreg 0 ]
-
 # ct mark set mark
 ip test-ip4 output
   [ meta load mark => reg 1 ]
@@ -493,3 +475,21 @@ ip test-ip4 output
 ip test-ip4 output
   [ notrack ]
 
+# ct direction . ct mark { original . 0x12345678, reply . 0x87654321}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000000 12345678  : 0 [end]	element 00000001 87654321  : 0 [end]
+ip test-ip4 output 
+  [ ct load direction => reg 1 ]
+  [ ct load mark => reg 9 ]
+  [ lookup reg 1 set __set%d ]
+
+# ct state . ct mark vmap { new . 0x12345678 : drop, established . 0x87654321 : accept}
+__map%d test-ip4 b size 2
+__map%d test-ip4 0
+	element 00000008 12345678  : 0 [end]	element 00000002 87654321  : 0 [end]
+ip test-ip4 output 
+  [ ct load state => reg 1 ]
+  [ ct load mark => reg 9 ]
+  [ lookup reg 1 set __map%d dreg 0 ]
+
diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t
index d69b8b4eaf0b..4b3c604de110 100644
--- a/tests/py/any/meta.t
+++ b/tests/py/any/meta.t
@@ -17,8 +17,8 @@ meta length { 33, 55, 67, 88};ok
 meta length { 33-55, 67-88};ok
 meta length { 33-55, 56-88, 100-120};ok;meta length { 33-88, 100-120}
 meta length != { 33, 55, 67, 88};ok
-meta length { 33-55};ok
-meta length != { 33-55};ok
+meta length { 33-55, 66-88};ok
+meta length != { 33-55, 66-88};ok
 
 meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp}
 meta protocol != {ip, arp, ip6, vlan};ok
@@ -31,8 +31,8 @@ meta l4proto 33-45;ok
 meta l4proto != 33-45;ok
 meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88}
 meta l4proto != { 33, 55, 67, 88};ok
-meta l4proto { 33-55};ok
-meta l4proto != { 33-55};ok
+meta l4proto { 33-55, 66-88};ok
+meta l4proto != { 33-55, 66-88};ok
 
 meta priority root;ok
 meta priority none;ok
@@ -81,8 +81,6 @@ meta iiftype ppp;ok
 
 meta oif "lo" accept;ok;oif "lo" accept
 meta oif != "lo" accept;ok;oif != "lo" accept
-meta oif {"lo"} accept;ok;oif {"lo"} accept
-meta oif != {"lo"} accept;ok;oif != {"lo"} accept
 
 meta oifname "dummy0";ok;oifname "dummy0"
 meta oifname != "dummy0";ok;oifname != "dummy0"
@@ -105,8 +103,8 @@ meta skuid gt 3000 accept;ok;meta skuid > 3000 accept
 meta skuid eq 3000 accept;ok;meta skuid 3000 accept
 meta skuid 3001-3005 accept;ok;meta skuid 3001-3005 accept
 meta skuid != 2001-2005 accept;ok;meta skuid != 2001-2005 accept
-meta skuid { 2001-2005} accept;ok;meta skuid { 2001-2005} accept
-meta skuid != { 2001-2005} accept;ok;meta skuid != { 2001-2005} accept
+meta skuid { 2001-2005, 3001-3005} accept;ok;meta skuid { 2001-2005, 3001-3005} accept
+meta skuid != { 2001-2005, 3001-3005} accept;ok;meta skuid != { 2001-2005, 3001-3005} accept
 
 meta skgid {"bin", "root", "daemon"} accept;ok;meta skgid { 0, 1, 2} accept
 meta skgid != {"bin", "root", "daemon"} accept;ok;meta skgid != { 1, 0, 2} accept
@@ -173,22 +171,22 @@ meta iifgroup 0;ok;iifgroup "default"
 meta iifgroup != 0;ok;iifgroup != "default"
 meta iifgroup "default";ok;iifgroup "default"
 meta iifgroup != "default";ok;iifgroup != "default"
-meta iifgroup {"default"};ok;iifgroup {"default"}
-meta iifgroup != {"default"};ok;iifgroup != {"default"}
+meta iifgroup {"default", 11};ok;iifgroup {"default", 11}
+meta iifgroup != {"default", 11};ok;iifgroup != {"default", 11}
 meta iifgroup { 11,33};ok;iifgroup { 11,33}
-meta iifgroup {11-33};ok;iifgroup {11-33}
+meta iifgroup {11-33, 44-55};ok;iifgroup {11-33, 44-55}
 meta iifgroup != { 11,33};ok;iifgroup != { 11,33}
-meta iifgroup != {11-33};ok;iifgroup != {11-33}
+meta iifgroup != {11-33, 44-55};ok;iifgroup != {11-33, 44-55}
 meta oifgroup 0;ok;oifgroup "default"
 meta oifgroup != 0;ok;oifgroup != "default"
 meta oifgroup "default";ok;oifgroup "default"
 meta oifgroup != "default";ok;oifgroup != "default"
-meta oifgroup {"default"};ok;oifgroup {"default"}
-meta oifgroup != {"default"};ok;oifgroup != {"default"}
+meta oifgroup {"default", 11};ok;oifgroup {"default", 11}
+meta oifgroup != {"default", 11};ok;oifgroup != {"default", 11}
 meta oifgroup { 11,33};ok;oifgroup { 11,33}
-meta oifgroup {11-33};ok;oifgroup {11-33}
+meta oifgroup {11-33, 44-55};ok;oifgroup {11-33, 44-55}
 meta oifgroup != { 11,33};ok;oifgroup != { 11,33}
-meta oifgroup != {11-33};ok;oifgroup != {11-33}
+meta oifgroup != {11-33, 44-55};ok;oifgroup != {11-33, 44-55}
 
 meta cgroup 1048577;ok;meta cgroup 1048577
 meta cgroup != 1048577;ok;meta cgroup != 1048577
diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload
index b32770f508e7..1d8426de9632 100644
--- a/tests/py/any/meta.t.payload
+++ b/tests/py/any/meta.t.payload
@@ -34,15 +34,6 @@ ip test-ip4 input
   [ meta load len => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# meta length { 33-55}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 21000000  : 0 [end]	element 38000000  : 1 [end]
-ip test-ip4 input
-  [ meta load len => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d ]
-
 # meta length { 33-55, 67-88}
 __set%d test-ip4 7
 __set%d test-ip4 0
@@ -69,15 +60,6 @@ ip test-ip4 input
   [ meta load len => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# meta length != { 33-55}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 21000000  : 0 [end]	element 38000000  : 1 [end]
-ip test-ip4 input
-  [ meta load len => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
 # meta protocol { ip, arp, ip6, vlan }
 __set%d test-ip4 3
 __set%d test-ip4 0
@@ -143,24 +125,6 @@ ip test-ip4 input
   [ meta load l4proto => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# meta l4proto { 33-55}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 00000021  : 0 [end]	element 00000038  : 1 [end]
-ip test-ip4 input
-  [ meta load l4proto => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 2, 1) ]
-  [ lookup reg 1 set __set%d ]
-
-# meta l4proto != { 33-55}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 00000021  : 0 [end]	element 00000038  : 1 [end]
-ip test-ip4 input
-  [ meta load l4proto => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 2, 1) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
 # meta mark 0x4
 ip test-ip4 input
   [ meta load mark => reg 1 ]
@@ -311,24 +275,6 @@ ip test-ip4 input
   [ cmp neq reg 1 0x00000001 ]
   [ immediate reg 0 accept ]
 
-# meta oif {"lo"} accept
-__set%d test-ip4 3
-__set%d test-ip4 0
-	element 00000001  : 0 [end]
-ip test-ip4 input
-  [ meta load oif => reg 1 ]
-  [ lookup reg 1 set __set%d ]
-  [ immediate reg 0 accept ]
-
-# meta oif != {"lo"} accept
-__set%d test-ip4 3
-__set%d test-ip4 0
-	element 00000001  : 0 [end]
-ip test-ip4 input
-  [ meta load oif => reg 1 ]
-  [ lookup reg 1 set __set%d 0x1 ]
-  [ immediate reg 0 accept ]
-
 # meta oifname "dummy0"
 ip test-ip4 input
   [ meta load oifname => reg 1 ]
@@ -446,26 +392,6 @@ ip test-ip4 input
   [ range neq reg 1 0xd1070000 0xd5070000 ]
   [ immediate reg 0 accept ]
 
-# meta skuid { 2001-2005} accept
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]
-ip test-ip4 input
-  [ meta load skuid => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d ]
-  [ immediate reg 0 accept ]
-
-# meta skuid != { 2001-2005} accept
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]
-ip test-ip4 input
-  [ meta load skuid => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-  [ immediate reg 0 accept ]
-
 # meta skgid {"bin", "root", "daemon"} accept
 __set%d test-ip4 3
 __set%d test-ip4 0
@@ -529,26 +455,6 @@ ip test-ip4 input
   [ range neq reg 1 0xd1070000 0xd5070000 ]
   [ immediate reg 0 accept ]
 
-# meta skgid { 2001-2005} accept
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]
-ip test-ip4 input
-  [ meta load skgid => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d ]
-  [ immediate reg 0 accept ]
-
-# meta skgid != { 2001-2005} accept
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]
-ip test-ip4 input
-  [ meta load skgid => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-  [ immediate reg 0 accept ]
-
 # meta mark set 0xffffffc8 xor 0x16
 ip test-ip4 input
   [ immediate reg 1 0xffffffde ]
@@ -751,32 +657,6 @@ ip test-ip4 input
   [ meta load iifgroup => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# meta iifgroup {11-33}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]
-ip test-ip4 input
-  [ meta load iifgroup => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d ]
-
-# meta iifgroup != { 11,33}
-__set%d test-ip4 3
-__set%d test-ip4 0
-	element 0000000b  : 0 [end]	element 00000021  : 0 [end]
-ip test-ip4 input
-  [ meta load iifgroup => reg 1 ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
-# meta iifgroup != {11-33}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]
-ip test-ip4 input
-  [ meta load iifgroup => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
 # meta oifgroup 0
 ip test-ip4 input
   [ meta load oifgroup => reg 1 ]
@@ -797,22 +677,6 @@ ip test-ip4 input
   [ meta load oifgroup => reg 1 ]
   [ cmp neq reg 1 0x00000000 ]
 
-# meta oifgroup {"default"}
-__set%d test-ip4 3
-__set%d test-ip4 0
-	element 00000000  : 0 [end]
-ip test-ip4 input
-  [ meta load oifgroup => reg 1 ]
-  [ lookup reg 1 set __set%d ]
-
-# meta oifgroup != {"default"}
-__set%d test-ip4 3
-__set%d test-ip4 0
-	element 00000000  : 0 [end]
-ip test-ip4 input
-  [ meta load oifgroup => reg 1 ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
 # meta oifgroup { 11,33}
 __set%d test-ip4 3
 __set%d test-ip4 0
@@ -821,32 +685,6 @@ ip test-ip4 input
   [ meta load oifgroup => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# meta oifgroup {11-33}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]
-ip test-ip4 input
-  [ meta load oifgroup => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d ]
-
-# meta oifgroup != { 11,33}
-__set%d test-ip4 3
-__set%d test-ip4 0
-	element 0000000b  : 0 [end]	element 00000021  : 0 [end]
-ip test-ip4 input
-  [ meta load oifgroup => reg 1 ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
-# meta oifgroup != {11-33}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]
-ip test-ip4 input
-  [ meta load oifgroup => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
 # meta cgroup 1048577
 ip test-ip4 input
   [ meta load cgroup => reg 1 ]
@@ -886,24 +724,6 @@ ip test-ip4 input
   [ byteorder reg 1 = hton(reg 1, 4, 4) ]
   [ range neq reg 1 0x01001000 0x02001000 ]
 
-# meta cgroup {1048577-1048578}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 01001000  : 0 [end]	element 03001000  : 1 [end]
-ip test-ip4 input
-  [ meta load cgroup => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d ]
-
-# meta cgroup != { 1048577-1048578}
-__set%d test-ip4 7
-__set%d test-ip4 0
-	element 00000000  : 1 [end]	element 01001000  : 0 [end]	element 03001000  : 1 [end]
-ip test-ip4 input
-  [ meta load cgroup => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
-  [ lookup reg 1 set __set%d 0x1 ]
-
 # meta iif . meta oif { "lo" . "lo" }
 __set%d test-ip4 3
 __set%d test-ip4 0
@@ -1021,3 +841,209 @@ ip test-ip4 input
   [ meta load priority => reg 1 ]
   [ cmp eq reg 1 0x87654321 ]
 
+# meta length { 33-55, 66-88}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 21000000  : 0 [end]	element 38000000  : 1 [end]	element 42000000  : 0 [end]	element 59000000  : 1 [end]
+ip test-ip4 input 
+  [ meta load len => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d ]
+
+# meta length != { 33-55, 66-88}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 21000000  : 0 [end]	element 38000000  : 1 [end]	element 42000000  : 0 [end]	element 59000000  : 1 [end]
+ip test-ip4 input 
+  [ meta load len => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta l4proto { 33-55, 66-88}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00000021  : 0 [end]	element 00000038  : 1 [end]	element 00000042  : 0 [end]	element 00000059  : 1 [end]
+ip test-ip4 input 
+  [ meta load l4proto => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 2, 1) ]
+  [ lookup reg 1 set __set%d ]
+
+# meta l4proto != { 33-55, 66-88}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 00000021  : 0 [end]	element 00000038  : 1 [end]	element 00000042  : 0 [end]	element 00000059  : 1 [end]
+ip test-ip4 input 
+  [ meta load l4proto => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 2, 1) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta skuid { 2001-2005, 3001-3005} accept
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]	element b90b0000  : 0 [end]	element be0b0000  : 1 [end]
+ip test-ip4 input 
+  [ meta load skuid => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d ]
+  [ immediate reg 0 accept ]
+
+# meta iifgroup {"default", 11}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000000  : 0 [end]	element 0000000b  : 0 [end]
+ip test-ip4 input 
+  [ meta load iifgroup => reg 1 ]
+  [ lookup reg 1 set __set%d ]
+
+# meta iifgroup != {"default", 11}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000000  : 0 [end]	element 0000000b  : 0 [end]
+ip test-ip4 input 
+  [ meta load iifgroup => reg 1 ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta iifgroup {11-33, 44-55}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]	element 2c000000  : 0 [end]	element 38000000  : 1 [end]
+ip test-ip4 input 
+  [ meta load iifgroup => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d ]
+
+# meta iifgroup != { 11,33}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 0000000b  : 0 [end]	element 00000021  : 0 [end]
+ip test-ip4 input 
+  [ meta load iifgroup => reg 1 ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta iifgroup != {11-33, 44-55}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]	element 2c000000  : 0 [end]	element 38000000  : 1 [end]
+ip test-ip4 input 
+  [ meta load iifgroup => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta oifgroup {"default", 11}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000000  : 0 [end]	element 0000000b  : 0 [end]
+ip test-ip4 input 
+  [ meta load oifgroup => reg 1 ]
+  [ lookup reg 1 set __set%d ]
+
+# meta oifgroup {11-33, 44-55}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]	element 2c000000  : 0 [end]	element 38000000  : 1 [end]
+ip test-ip4 input 
+  [ meta load oifgroup => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d ]
+
+# meta oifgroup != { 11,33}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 0000000b  : 0 [end]	element 00000021  : 0 [end]
+ip test-ip4 input 
+  [ meta load oifgroup => reg 1 ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta oifgroup != {11-33, 44-55}
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 0b000000  : 0 [end]	element 22000000  : 1 [end]	element 2c000000  : 0 [end]	element 38000000  : 1 [end]
+ip test-ip4 input 
+  [ meta load oifgroup => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta skuid != { 2001-2005, 3001-3005} accept
+__set%d test-ip4 7 size 5
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]	element b90b0000  : 0 [end]	element be0b0000  : 1 [end]
+ip test-ip4 input 
+  [ meta load skuid => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+  [ immediate reg 0 accept ]
+
+# meta oifgroup != {"default", 11}
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000000  : 0 [end]	element 0000000b  : 0 [end]
+ip test-ip4 input 
+  [ meta load oifgroup => reg 1 ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
+# meta iif . meta oif { "lo" . "lo" , "dummy0" . "dummy0" }
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000001 00000001  : 0 [end]	element 00000005 00000005  : 0 [end]
+ip test-ip4 input 
+  [ meta load iif => reg 1 ]
+  [ meta load oif => reg 9 ]
+  [ lookup reg 1 set __set%d ]
+
+# meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a, "dummy0" . "dummy0" . 0x0000000b }
+__set%d test-ip4 3 size 2
+__set%d test-ip4 0
+	element 00000001 00000001 0000000a  : 0 [end]	element 00000005 00000005 0000000b  : 0 [end]
+ip test-ip4 input 
+  [ meta load iif => reg 1 ]
+  [ meta load oif => reg 9 ]
+  [ meta load mark => reg 10 ]
+  [ lookup reg 1 set __set%d ]
+
+# meta iif . meta oif vmap { "lo" . "lo" : drop, "dummy0" . "dummy0" : accept }
+__map%d test-ip4 b size 2
+__map%d test-ip4 0
+	element 00000001 00000001  : 0 [end]	element 00000005 00000005  : 0 [end]
+ip test-ip4 input 
+  [ meta load iif => reg 1 ]
+  [ meta load oif => reg 9 ]
+  [ lookup reg 1 set __map%d dreg 0 ]
+
+# meta skgid { 2001-2005} accept
+__set%d test-ip4 7 size 3
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]
+ip test-ip4 input 
+  [ meta load skgid => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d ]
+  [ immediate reg 0 accept ]
+
+# meta skgid != { 2001-2005} accept
+__set%d test-ip4 7 size 3
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element d1070000  : 0 [end]	element d6070000  : 1 [end]
+ip test-ip4 input 
+  [ meta load skgid => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+  [ immediate reg 0 accept ]
+
+# meta cgroup {1048577-1048578}
+__set%d test-ip4 7 size 3
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 01001000  : 0 [end]	element 03001000  : 1 [end]
+ip test-ip4 input 
+  [ meta load cgroup => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d ]
+
+# meta cgroup != { 1048577-1048578}
+__set%d test-ip4 7 size 3
+__set%d test-ip4 0
+	element 00000000  : 1 [end]	element 01001000  : 0 [end]	element 03001000  : 1 [end]
+ip test-ip4 input 
+  [ meta load cgroup => reg 1 ]
+  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
+  [ lookup reg 1 set __set%d 0x1 ]
+
diff --git a/tests/shell/testcases/cache/0001_cache_handling_0 b/tests/shell/testcases/cache/0001_cache_handling_0
index f3dc9a347972..431aada59234 100755
--- a/tests/shell/testcases/cache/0001_cache_handling_0
+++ b/tests/shell/testcases/cache/0001_cache_handling_0
@@ -4,12 +4,12 @@ RULESET='
 table inet test {
 	set test {
 		type ipv4_addr
-		elements = { 1.1.1.1}
+		elements = { 1.1.1.1, 3.3.3.3}
 	}
 
 	chain test {
 		ip saddr @test counter accept
-		ip daddr { 2.2.2.2} counter accept
+		ip daddr { 2.2.2.2, 4.4.4.4} counter accept
 	}
 }'
 
diff --git a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
index f6dd65415838..209986520352 100644
--- a/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
+++ b/tests/shell/testcases/cache/dumps/0001_cache_handling_0.nft
@@ -1,12 +1,12 @@
 table inet test {
 	set test {
 		type ipv4_addr
-		elements = { 1.1.1.1 }
+		elements = { 1.1.1.1, 3.3.3.3 }
 	}
 
 	chain test {
-		ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept
+		ip daddr { 2.2.2.2, 4.4.4.4 } counter packets 0 bytes 0 accept
 		ip saddr @test counter packets 0 bytes 0 accept
-		ip daddr { 2.2.2.2 } counter packets 0 bytes 0 accept
+		ip daddr { 2.2.2.2, 4.4.4.4 } counter packets 0 bytes 0 accept
 	}
 }
diff --git a/tests/shell/testcases/listing/0011sets_0 b/tests/shell/testcases/listing/0011sets_0
index f021962a3881..aac9eac93ff6 100755
--- a/tests/shell/testcases/listing/0011sets_0
+++ b/tests/shell/testcases/listing/0011sets_0
@@ -17,19 +17,19 @@ set -e
 
 $NFT add table ip nat
 $NFT add chain ip nat test
-$NFT add rule ip nat test tcp dport {123}
+$NFT add rule ip nat test tcp dport {123, 321}
 
 $NFT add table ip6 test
 $NFT add chain ip6 test test
-$NFT add rule ip6 test test udp sport {123}
+$NFT add rule ip6 test test udp sport {123, 321}
 
 $NFT add table arp test_arp
 $NFT add chain arp test_arp test
-$NFT add rule arp test_arp test meta mark {123}
+$NFT add rule arp test_arp test meta mark {123, 321}
 
 $NFT add table bridge test_bridge
 $NFT add chain bridge test_bridge test
-$NFT add rule bridge test_bridge test ip daddr {1.1.1.1}
+$NFT add rule bridge test_bridge test ip daddr {1.1.1.1, 2.2.2.2}
 
 $NFT add table inet filter
 $NFT add chain inet filter test
diff --git a/tests/shell/testcases/netns/0001nft-f_0 b/tests/shell/testcases/netns/0001nft-f_0
index 8344808760b7..819422638339 100755
--- a/tests/shell/testcases/netns/0001nft-f_0
+++ b/tests/shell/testcases/netns/0001nft-f_0
@@ -16,7 +16,7 @@ RULESET="table ip t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip saddr @s drop
 		jump other
 	}
@@ -32,7 +32,7 @@ table ip6 t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip6 saddr @s drop
 		jump other
 	}
@@ -48,7 +48,7 @@ table inet t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip6 saddr @s drop
 		jump other
 	}
diff --git a/tests/shell/testcases/netns/0002loosecommands_0 b/tests/shell/testcases/netns/0002loosecommands_0
index e62782804da4..465c2e8646dc 100755
--- a/tests/shell/testcases/netns/0002loosecommands_0
+++ b/tests/shell/testcases/netns/0002loosecommands_0
@@ -32,7 +32,7 @@ netns_exec $NETNS_NAME "$NFT add chain ip t other"
 netns_exec $NETNS_NAME "$NFT add set ip t s { type ipv4_addr; }"
 netns_exec $NETNS_NAME "$NFT add element ip t s {1.1.0.0 }"
 netns_exec $NETNS_NAME "$NFT add rule ip t c ct state new"
-netns_exec $NETNS_NAME "$NFT add rule ip t c udp dport { 12345 }"
+netns_exec $NETNS_NAME "$NFT add rule ip t c udp dport { 12345, 54321 }"
 netns_exec $NETNS_NAME "$NFT add rule ip t c ip saddr @s drop"
 netns_exec $NETNS_NAME "$NFT add rule ip t c jump other"
 
@@ -44,7 +44,7 @@ RULESET="table ip t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip saddr @s drop
 		jump other
 	}
diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0
index 61ad37bddadb..a5fcb5d6b2ef 100755
--- a/tests/shell/testcases/netns/0003many_0
+++ b/tests/shell/testcases/netns/0003many_0
@@ -19,7 +19,7 @@ RULESET="table ip t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip saddr @s drop
 		jump other
 	}
@@ -35,7 +35,7 @@ table ip6 t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip6 saddr @s drop
 		jump other
 	}
@@ -51,7 +51,7 @@ table inet t {
 
 	chain c {
 		ct state new
-		udp dport { 12345 }
+		udp dport { 12345, 54321 }
 		ip6 saddr @s drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/0002rollback_rule_0 b/tests/shell/testcases/nft-f/0002rollback_rule_0
index da3cdc0bc161..33e1212d94fb 100755
--- a/tests/shell/testcases/nft-f/0002rollback_rule_0
+++ b/tests/shell/testcases/nft-f/0002rollback_rule_0
@@ -11,7 +11,7 @@ GOOD_RULESET="table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/0003rollback_jump_0 b/tests/shell/testcases/nft-f/0003rollback_jump_0
index 1238f1504c96..294a234eef97 100755
--- a/tests/shell/testcases/nft-f/0003rollback_jump_0
+++ b/tests/shell/testcases/nft-f/0003rollback_jump_0
@@ -11,7 +11,7 @@ GOOD_RULESET="table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/0004rollback_set_0 b/tests/shell/testcases/nft-f/0004rollback_set_0
index 25fc870c6742..512840efb97b 100755
--- a/tests/shell/testcases/nft-f/0004rollback_set_0
+++ b/tests/shell/testcases/nft-f/0004rollback_set_0
@@ -11,7 +11,7 @@ GOOD_RULESET="table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/0005rollback_map_0 b/tests/shell/testcases/nft-f/0005rollback_map_0
index 90108e729d59..b1eb3dd37471 100755
--- a/tests/shell/testcases/nft-f/0005rollback_map_0
+++ b/tests/shell/testcases/nft-f/0005rollback_map_0
@@ -11,7 +11,7 @@ GOOD_RULESET="table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/0006action_object_0 b/tests/shell/testcases/nft-f/0006action_object_0
index b9766f2dbb72..ffa6c9bda973 100755
--- a/tests/shell/testcases/nft-f/0006action_object_0
+++ b/tests/shell/testcases/nft-f/0006action_object_0
@@ -16,11 +16,11 @@ generate1()
 	add set $family t s {type inet_service;}
 	add element $family t s {8080}
 	insert rule $family t c meta l4proto tcp tcp dport @s accept
-	replace rule $family t c handle 2 meta l4proto tcp tcp dport {9090}
+	replace rule $family t c handle 2 meta l4proto tcp tcp dport {9090, 8080}
 	add map $family t m {type inet_service:verdict;}
 	add element $family t m {10080:drop}
 	insert rule $family t c meta l4proto tcp tcp dport vmap @m
-	add rule $family t c meta l4proto udp udp sport vmap {1111:accept}
+	add rule $family t c meta l4proto udp udp sport vmap {1111:accept, 2222:drop}
 	"
 }
 
diff --git a/tests/shell/testcases/nft-f/0016redefines_1 b/tests/shell/testcases/nft-f/0016redefines_1
index d0148d65da54..4c26b3796fbf 100755
--- a/tests/shell/testcases/nft-f/0016redefines_1
+++ b/tests/shell/testcases/nft-f/0016redefines_1
@@ -8,7 +8,7 @@ table ip x {
                 define unused = 4.4.4.4
                 define address = { 1.1.1.1, 2.2.2.2 }
                 ip saddr \$address
-                redefine address = { 3.3.3.3 }
+                redefine address = { 3.3.3.3, 4.4.4.4 }
                 ip saddr \$address
                 undefine unused
         }
@@ -17,7 +17,7 @@ table ip x {
 EXPECTED="table ip x {
 	chain y {
 		ip saddr { 1.1.1.1, 2.2.2.2 }
-		ip saddr { 3.3.3.3 }
+		ip saddr { 3.3.3.3, 4.4.4.4 }
 	}
 }"
 
diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
index f6f2615852c7..3fad909057d2 100644
--- a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.nft
@@ -6,7 +6,7 @@ table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
index f6f2615852c7..3fad909057d2 100644
--- a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.nft
@@ -6,7 +6,7 @@ table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
index f6f2615852c7..3fad909057d2 100644
--- a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.nft
@@ -6,7 +6,7 @@ table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
index f6f2615852c7..3fad909057d2 100644
--- a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.nft
@@ -6,7 +6,7 @@ table ip t {
 
 	chain c {
 		ct state new
-		tcp dport { 22222 }
+		tcp dport { 22222, 33333 }
 		ip saddr @t drop
 		jump other
 	}
diff --git a/tests/shell/testcases/sets/0021nesting_0 b/tests/shell/testcases/sets/0021nesting_0
index c8d8f05792ab..0b90dc7cd306 100755
--- a/tests/shell/testcases/sets/0021nesting_0
+++ b/tests/shell/testcases/sets/0021nesting_0
@@ -5,6 +5,7 @@ set -e
 RULESET='
 define set1 = {
 	2.2.2.0/24,
+	3.3.3.0/24,
 }
 define set2 = {
 	$set1,
-- 
2.11.0



^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2019-05-24 19:13 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-24 19:12 [PATCH nft] tests: replace single element sets Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).