Compare commits
4 Commits
40e022df81
...
a8a06f3379
| Author | SHA1 | Date |
|---|---|---|
Antonio Ojea
|
a8a06f3379 | |
|
Antonio Ojea
|
48432232ee | |
dependabot[bot]
|
85aee131ff | |
Michael Stapelberg
|
45dc72792b |
|
|
@ -33,5 +33,5 @@ jobs:
|
||||||
go test ./...
|
go test ./...
|
||||||
go test -c github.com/google/nftables
|
go test -c github.com/google/nftables
|
||||||
sudo ./nftables.test -test.v -run_system_tests
|
sudo ./nftables.test -test.v -run_system_tests
|
||||||
go test -c github.com/google/nftables/tests
|
go test -c github.com/google/nftables/integration
|
||||||
sudo ./tests.test -test.v -run_system_tests
|
sudo ./integration.test -test.v -run_system_tests
|
||||||
|
|
|
||||||
7
go.mod
7
go.mod
|
|
@ -4,15 +4,14 @@ go 1.21
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/google/go-cmp v0.6.0
|
github.com/google/go-cmp v0.6.0
|
||||||
github.com/mdlayher/netlink v1.7.2
|
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42
|
||||||
github.com/vishvananda/netlink v1.3.0
|
github.com/vishvananda/netlink v1.3.0
|
||||||
github.com/vishvananda/netns v0.0.4
|
github.com/vishvananda/netns v0.0.4
|
||||||
golang.org/x/sys v0.18.0
|
golang.org/x/sys v0.28.0
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/josharian/native v1.1.0 // indirect
|
|
||||||
github.com/mdlayher/socket v0.5.0 // indirect
|
github.com/mdlayher/socket v0.5.0 // indirect
|
||||||
golang.org/x/net v0.23.0 // indirect
|
golang.org/x/net v0.33.0 // indirect
|
||||||
golang.org/x/sync v0.6.0 // indirect
|
golang.org/x/sync v0.6.0 // indirect
|
||||||
)
|
)
|
||||||
|
|
|
||||||
14
go.sum
14
go.sum
|
|
@ -1,20 +1,18 @@
|
||||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||||
github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
|
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 h1:A1Cq6Ysb0GM0tpKMbdCXCIfBclan4oHk1Jb+Hrejirg=
|
||||||
github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
|
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42/go.mod h1:BB4YCPDOzfy7FniQ/lxuYQ3dgmM2cZumHbK8RpTjN2o=
|
||||||
github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
|
|
||||||
github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
|
|
||||||
github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
|
github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
|
||||||
github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
|
github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
|
||||||
github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
|
github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
|
||||||
github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
|
github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
|
||||||
github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
|
github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
|
||||||
github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
|
github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
|
||||||
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
|
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
|
||||||
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
|
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
|
||||||
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
||||||
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
|
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
|
||||||
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
|
|
||||||
|
|
@ -12,13 +12,11 @@
|
||||||
// See the License for the specific language governing permissions and
|
// See the License for the specific language governing permissions and
|
||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
package tests
|
package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"flag"
|
"flag"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path/filepath"
|
|
||||||
"runtime"
|
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
|
@ -190,11 +188,7 @@ func TestNFTables(t *testing.T) {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, filename, _, _ := runtime.Caller(0) // Get the current file's path
|
scriptOutput, err := applyNFTRuleset(tt.scriptPath)
|
||||||
filePath := filepath.Join(filepath.Dir(filename), tt.scriptPath)
|
|
||||||
t.Logf("testing script from %s", filePath)
|
|
||||||
|
|
||||||
scriptOutput, err := applyNFTScript(filePath)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to apply nftables script: %v\noutput:%s", err, scriptOutput)
|
t.Fatalf("Failed to apply nftables script: %v\noutput:%s", err, scriptOutput)
|
||||||
}
|
}
|
||||||
|
|
@ -203,21 +197,20 @@ func TestNFTables(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Retrieve nftables state using nft
|
// Retrieve nftables state using nft
|
||||||
expectedOutput, err := getNFTablesRuleset()
|
expectedOutput, err := listNFTRuleset()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to list nftables ruleset: %v\noutput:%s", err, expectedOutput)
|
t.Fatalf("Failed to list nftables ruleset: %v\noutput:%s", err, expectedOutput)
|
||||||
}
|
}
|
||||||
t.Logf("Expected output:\n%s", expectedOutput)
|
t.Logf("Expected output:\n%s", expectedOutput)
|
||||||
|
|
||||||
// Program nftables using your Go code
|
// Program nftables using your Go code
|
||||||
err = flushNFTRuleset()
|
if err := flushNFTRuleset(); err != nil {
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Failed to flush nftables ruleset: %v", err)
|
t.Fatalf("Failed to flush nftables ruleset: %v", err)
|
||||||
}
|
}
|
||||||
tt.goCommands(t, c)
|
tt.goCommands(t, c)
|
||||||
|
|
||||||
// Retrieve nftables state using nft
|
// Retrieve nftables state using nft
|
||||||
actualOutput, err := getNFTablesRuleset()
|
actualOutput, err := listNFTRuleset()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to list nftables ruleset: %v\noutput:%s", err, actualOutput)
|
t.Fatalf("Failed to list nftables ruleset: %v\noutput:%s", err, actualOutput)
|
||||||
}
|
}
|
||||||
|
|
@ -228,38 +221,32 @@ func TestNFTables(t *testing.T) {
|
||||||
t.Errorf("nftables ruleset mismatch:\n%s", cmp.Diff(expectedOutput, actualOutput))
|
t.Errorf("nftables ruleset mismatch:\n%s", cmp.Diff(expectedOutput, actualOutput))
|
||||||
}
|
}
|
||||||
|
|
||||||
err = flushNFTRuleset()
|
if err := flushNFTRuleset(); err != nil {
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Failed to flush nftables ruleset: %v", err)
|
t.Fatalf("Failed to flush nftables ruleset: %v", err)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func applyNFTScript(scriptPath string) (string, error) {
|
func applyNFTRuleset(scriptPath string) (string, error) {
|
||||||
cmd := exec.Command("nft", "-f", scriptPath)
|
cmd := exec.Command("nft", "--debug=all", "-f", scriptPath)
|
||||||
out, err := cmd.CombinedOutput()
|
out, err := cmd.CombinedOutput()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return string(out), err
|
return string(out), err
|
||||||
}
|
}
|
||||||
return normalizeOutput(string(out)), nil
|
return strings.TrimSpace(string(out)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getNFTablesRuleset() (string, error) {
|
func listNFTRuleset() (string, error) {
|
||||||
cmd := exec.Command("nft", "list", "ruleset")
|
cmd := exec.Command("nft", "list", "ruleset")
|
||||||
out, err := cmd.CombinedOutput()
|
out, err := cmd.CombinedOutput()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return string(out), err
|
return string(out), err
|
||||||
}
|
}
|
||||||
return normalizeOutput(string(out)), nil
|
return strings.TrimSpace(string(out)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func flushNFTRuleset() error {
|
func flushNFTRuleset() error {
|
||||||
cmd := exec.Command("nft", "flush", "ruleset")
|
cmd := exec.Command("nft", "flush", "ruleset")
|
||||||
return cmd.Run()
|
return cmd.Run()
|
||||||
}
|
}
|
||||||
|
|
||||||
func normalizeOutput(output string) string {
|
|
||||||
output = strings.TrimSpace(output)
|
|
||||||
return output
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue