@@ -1,9 +1,23 @@
#!/bin/bash
-EXPECTED='table ip filter {
+set -e
+
+COMMENT128="12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
+
+# test for pass with comment that is 128 bytes long.
+rc=0
+$NFT add table ip filter \{ quota foo1 \{ comment "\"${COMMENT128}\"" \}\; \}\; || rc="$?"
+test "$rc" = 0
+
+# test for failure with comment that is 128+1 bytes long.
+rc=0
+$NFT add table ip filter \{ quota foo2 \{ comment "\"${COMMENT128}x\"" \}\; \}\; || rc="$?"
+test "$rc" = 1
+
+RULESET='table ip filter {
quota q {
over 1200 bytes
- comment "test1"
+ comment "'"$COMMENT128"'"
}
counter c {
@@ -39,6 +53,4 @@ EXPECTED='table ip filter {
}
'
-set -e
-
-$NFT -f - <<< "$EXPECTED"
+$NFT -f - <<< "$RULESET"
@@ -1,6 +1,11 @@
table ip filter {
+ quota foo1 {
+ comment "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
+ 0 bytes
+ }
+
quota q {
- comment "test1"
+ comment "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
over 1200 bytes
}
The comment length is limited to NFTNL_UDATA_COMMENT_MAXLEN. Test for that. Adjust an existing test for that. Also rename $EXPECTED to $RULESET. We don't compare the value of $EXPECTED against the actually configured rules. It also wouldn't work, because the input is not normalized and wouldn't match. It also isn't necessary, because there is a .nft dump file. Signed-off-by: Thomas Haller <thaller@redhat.com> --- .../testcases/optionals/comments_objects_0 | 22 ++++++++++++++----- .../optionals/dumps/comments_objects_0.nft | 7 +++++- 2 files changed, 23 insertions(+), 6 deletions(-)