github.com/TeaOSLab/EdgeNode@v1.3.8/internal/firewalls/nftables/table_test.go (about) 1 // Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. 2 //go:build linux 3 4 package nftables_test 5 6 import ( 7 "github.com/TeaOSLab/EdgeNode/internal/firewalls/nftables" 8 "testing" 9 ) 10 11 func getIPv4Table(t *testing.T) *nftables.Table { 12 conn, err := nftables.NewConn() 13 if err != nil { 14 t.Fatal(err) 15 } 16 table, err := conn.GetTable("test_ipv4", nftables.TableFamilyIPv4) 17 if err != nil { 18 if err == nftables.ErrTableNotFound { 19 table, err = conn.AddIPv4Table("test_ipv4") 20 if err != nil { 21 t.Fatal(err) 22 } 23 } else { 24 t.Fatal(err) 25 } 26 } 27 return table 28 } 29 30 func TestTable_AddChain(t *testing.T) { 31 var table = getIPv4Table(t) 32 33 { 34 chain, err := table.AddChain("test_default_chain", nil) 35 if err != nil { 36 t.Fatal(err) 37 } 38 t.Log("created:", chain.Name()) 39 } 40 41 { 42 chain, err := table.AddAcceptChain("test_accept_chain") 43 if err != nil { 44 t.Fatal(err) 45 } 46 t.Log("created:", chain.Name()) 47 } 48 49 // Do not test drop chain before adding accept rule, you will drop yourself!!!!!!! 50 /**{ 51 chain, err := table.AddDropChain("test_drop_chain") 52 if err != nil { 53 t.Fatal(err) 54 } 55 t.Log("created:", chain.Name()) 56 }**/ 57 } 58 59 func TestTable_GetChain(t *testing.T) { 60 var table = getIPv4Table(t) 61 for _, chainName := range []string{"not_found_chain", "test_default_chain"} { 62 chain, err := table.GetChain(chainName) 63 if err != nil { 64 if err == nftables.ErrChainNotFound { 65 t.Log(chainName, ":", "not found") 66 } else { 67 t.Fatal(err) 68 } 69 } else { 70 t.Log(chainName, ":", chain) 71 } 72 } 73 } 74 75 func TestTable_DeleteChain(t *testing.T) { 76 var table = getIPv4Table(t) 77 err := table.DeleteChain("test_default_chain") 78 if err != nil { 79 t.Fatal(err) 80 } 81 t.Log("ok") 82 } 83 84 func TestTable_AddSet(t *testing.T) { 85 var table = getIPv4Table(t) 86 { 87 set, err := table.AddSet("ipv4_black_set", &nftables.SetOptions{ 88 HasTimeout: false, 89 KeyType: nftables.TypeIPAddr, 90 }) 91 if err != nil { 92 t.Fatal(err) 93 } 94 t.Log(set.Name()) 95 } 96 97 { 98 set, err := table.AddSet("ipv6_black_set", &nftables.SetOptions{ 99 HasTimeout: true, 100 //Timeout: 3600 * time.Second, 101 KeyType: nftables.TypeIP6Addr, 102 }) 103 if err != nil { 104 t.Fatal(err) 105 } 106 t.Log(set.Name()) 107 } 108 } 109 110 func TestTable_GetSet(t *testing.T) { 111 var table = getIPv4Table(t) 112 for _, setName := range []string{"not_found_set", "ipv4_black_set"} { 113 set, err := table.GetSet(setName) 114 if err != nil { 115 if err == nftables.ErrSetNotFound { 116 t.Log(setName, ": not found") 117 } else { 118 t.Fatal(err) 119 } 120 } else { 121 t.Log(setName, ":", set) 122 } 123 } 124 } 125 126 func TestTable_DeleteSet(t *testing.T) { 127 var table = getIPv4Table(t) 128 err := table.DeleteSet("ipv4_black_set") 129 if err != nil { 130 t.Fatal(err) 131 } 132 t.Log("ok") 133 } 134 135 func TestTable_Flush(t *testing.T) { 136 var table = getIPv4Table(t) 137 err := table.Flush() 138 if err != nil { 139 t.Fatal(err) 140 } 141 t.Log("ok") 142 }