blob: 82ee480b52ebac3dad8b74279fc4991c7683f984 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/bin/bash
# Test: nft file operations (create, add, match, delete)
. "$(dirname "$0")/../lib/setup.sh"
oneTimeTearDown() { rm -rf "${MOCK_ROOT:-}"; }
setUp() {
mkdir -p "$(dirname "$nftTempFile")" 2>/dev/null || true
mkdir -p "$(dirname "$nftMainFile")" 2>/dev/null || true
rm -f "$nftTempFile" "$nftMainFile"
load_package_config
}
tearDown() {
rm -f "$nftTempFile" "$nftMainFile"
}
testNftFileCreate() {
nft_file 'create' 'main'
assertTrue "nft temp file created" "[ -f '$nftTempFile' ]"
assertTrue "Has nft shebang" "grep -q '#!/usr/sbin/nft -f' '$nftTempFile'"
}
testNftFileChains() {
nft_file 'create' 'main'
assertTrue "dstnat chain" "grep -q 'add chain inet fw4 pbr_dstnat' '$nftTempFile'"
assertTrue "forward chain" "grep -q 'add chain inet fw4 pbr_forward' '$nftTempFile'"
assertTrue "output chain" "grep -q 'add chain inet fw4 pbr_output' '$nftTempFile'"
assertTrue "prerouting chain" "grep -q 'add chain inet fw4 pbr_prerouting' '$nftTempFile'"
}
testNftFileJumpRules() {
nft_file 'create' 'main'
assertTrue "jump to dstnat" "grep -q 'jump pbr_dstnat' '$nftTempFile'"
assertTrue "jump to prerouting" "grep -q 'jump pbr_prerouting' '$nftTempFile'"
assertTrue "jump to output" "grep -q 'jump pbr_output' '$nftTempFile'"
assertTrue "jump to forward" "grep -q 'jump pbr_forward' '$nftTempFile'"
}
testNftFileGuardRules() {
nft_file 'create' 'main'
assertTrue "Guard rule" "grep -q 'meta mark & 0x00ff0000 != 0 return' '$nftTempFile'"
}
testNftFileAdd() {
nft_file 'create' 'main'
nft_file 'add' 'main' 'add rule inet fw4 pbr_prerouting ip saddr 192.168.1.0/24 goto pbr_mark_0x00010000'
assertTrue "Added rule present" "grep -q '192.168.1.0/24' '$nftTempFile'"
}
testNftFileMatch() {
nft_file 'create' 'main'
assertTrue "Match existing" "nft_file 'match' 'temp' 'pbr_prerouting'"
assertFalse "Match missing" "nft_file 'match' 'temp' 'nonexistent_xyz'"
}
testNftFileDelete() {
nft_file 'create' 'main'
nft_file 'delete' 'main'
assertFalse "Temp file deleted" "[ -f '$nftTempFile' ]"
assertFalse "Main file deleted" "[ -f '$nftMainFile' ]"
}
. shunit2
|
