diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..35417a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +nftables.test diff --git a/README.md b/README.md index a722eb5..a89d3f6 100644 --- a/README.md +++ b/README.md @@ -21,4 +21,12 @@ the data types/API will be identified as more functionality is added. Contributions are very welcome! +### Testing Changes +Run the following commands to test your changes: + +```bash +go test ./... +go test -c github.com/google/nftables +sudo ./nftables.test -test.v -run_system_tests +``` diff --git a/expr/verdict.go b/expr/verdict.go index b166a19..3cb8893 100644 --- a/expr/verdict.go +++ b/expr/verdict.go @@ -24,6 +24,15 @@ import ( "golang.org/x/sys/unix" ) +const ( + NFT_DROP = 0 + NFT_ACCEPT = 1 + NFT_STOLEN = 2 + NFT_QUEUE = 3 + NFT_REPEAT = 4 + NFT_STOP = 5 +) + // This code assembles the verdict structure, as expected by the // nftables netlink API. // For further information, consult: @@ -126,3 +135,37 @@ func (e *Verdict) unmarshal(data []byte) error { } return ad.Err() } + +func (e *Verdict) String() string { + var v string + switch e.Kind { + case unix.NFT_RETURN: + v = "return" // -0x5 + case unix.NFT_GOTO: + v = "goto" // -0x4 + case unix.NFT_JUMP: + v = "jump" // NFT_JUMP = -0x3 + case unix.NFT_BREAK: + v = "break" // NFT_BREAK = -0x2 + case unix.NFT_CONTINUE: + v = "continue" // NFT_CONTINUE = -0x1 + case NFT_DROP: + v = "drop" + case NFT_ACCEPT: + v = "accept" + case NFT_STOLEN: + v = "stolen" + case NFT_QUEUE: + v = "queue" + case NFT_REPEAT: + v = "repeat" + case NFT_STOP: + v = "stop" + default: + v = fmt.Sprintf("verdict %v", e.Kind) + } + if e.Chain != "" { + return v + " " + e.Chain + } + return v +} diff --git a/nftables_test.go b/nftables_test.go index c12d7a4..c1c0f9d 100644 --- a/nftables_test.go +++ b/nftables_test.go @@ -252,12 +252,27 @@ func TestRuleOperations(t *testing.T) { expr.VerdictDrop, } + wantStrings := []string{ + "queue", + "accept", + "queue", + "accept", + "drop", + "drop", + } + for i, r := range rules { rr, _ := r.Exprs[0].(*expr.Verdict) if rr.Kind != want[i] { t.Fatalf("bad verdict kind at %d", i) } + + if rr.String() != wantStrings[i] { + t.Fatalf("bad verdict string at %d: %s (received) vs. %s (expected)", i, rr.String(), wantStrings[i]) + } + + t.Logf("%s", rr) } } diff --git a/nftables_test.sh b/nftables_test.sh new file mode 100755 index 0000000..4601557 --- /dev/null +++ b/nftables_test.sh @@ -0,0 +1,3 @@ +go test ./... +go test -c github.com/google/nftables +sudo ./nftables.test -test.v -run_system_tests