diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-12-21 13:24:09 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2024-01-10 23:33:24 +0100 |
| commit | b1ae6a45c9f38a60a13d9ecb88dcbeb12e5d13e0 (patch) | |
| tree | 266b5b45b82dc62ad087562088c87e96bd74b557 /iptables/tests/shell/testcases/ebtables | |
| parent | f4721951baca81b7d74c5551d0f5c599dbb89bf1 (diff) | |
ebtables: Default to extrapositioned negations
ebtables-nft has always supported both intra- and extrapositioned
negations but defaulted to intrapositioned when printing/saving rules.
With commit 58d364c7120b5 ("ebtables: Use do_parse() from xshared")
though, it started to warn about intrapositioned negations. So change
the default to avoid mandatory warnings when e.g. loading previously
dumped rulesets.
Also adjust test cases, help texts and ebtables-nft.8 accordingly.
Cc: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/tests/shell/testcases/ebtables')
| -rwxr-xr-x | iptables/tests/shell/testcases/ebtables/0008-ebtables-among_0 | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/iptables/tests/shell/testcases/ebtables/0008-ebtables-among_0 b/iptables/tests/shell/testcases/ebtables/0008-ebtables-among_0 index b5df9725..962b1e03 100755 --- a/iptables/tests/shell/testcases/ebtables/0008-ebtables-among_0 +++ b/iptables/tests/shell/testcases/ebtables/0008-ebtables-among_0 @@ -71,27 +71,35 @@ bf_client_ip1="10.167.11.2" pktsize=64 # --among-src [mac,IP] +among="$bf_bridge_mac0=$bf_bridge_ip0,$bf_client_mac1=$bf_client_ip1" ip netns exec "$nsb" $XT_MULTI ebtables -F -ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD -p ip --ip-dst $bf_server_ip1 --among-src $bf_bridge_mac0=$bf_bridge_ip0,$bf_client_mac1=$bf_client_ip1 -j DROP > /dev/null +ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD \ + -p ip --ip-dst $bf_server_ip1 --among-src "$among" -j DROP > /dev/null ip netns exec "$nsc" ping -q $bf_server_ip1 -c 1 -s $pktsize -W 1 >/dev/null assert_fail $? "--among-src [match]" # ip netns exec "$nsb" $XT_MULTI ebtables -L --Ln --Lc +among="$bf_bridge_mac0=$bf_bridge_ip0,$bf_client_mac1=$bf_client_ip1" ip netns exec "$nsb" $XT_MULTI ebtables -F -ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD -p ip --ip-dst $bf_server_ip1 --among-src ! $bf_bridge_mac0=$bf_bridge_ip0,$bf_client_mac1=$bf_client_ip1 -j DROP > /dev/null +ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD \ + -p ip --ip-dst $bf_server_ip1 ! --among-src "$among" -j DROP > /dev/null ip netns exec "$nsc" ping $bf_server_ip1 -c 1 -s $pktsize -W 1 >/dev/null assert_pass $? "--among-src [not match]" # --among-dst [mac,IP] +among="$bf_client_mac1=$bf_client_ip1,$bf_server_mac1=$bf_server_ip1" ip netns exec "$nsb" $XT_MULTI ebtables -F -ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD -p ip --ip-src $bf_client_ip1 --among-dst $bf_client_mac1=$bf_client_ip1,$bf_server_mac1=$bf_server_ip1 -j DROP > /dev/null +ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD \ + -p ip --ip-src $bf_client_ip1 --among-dst "$among" -j DROP > /dev/null ip netns exec "$nsc" ping -q $bf_server_ip1 -c 1 -s $pktsize -W 1 > /dev/null assert_fail $? "--among-dst [match]" -# --among-dst ! [mac,IP] +# ! --among-dst [mac,IP] +among="$bf_client_mac1=$bf_client_ip1,$bf_server_mac1=$bf_server_ip1" ip netns exec "$nsb" $XT_MULTI ebtables -F -ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD -p ip --ip-src $bf_client_ip1 --among-dst ! $bf_client_mac1=$bf_client_ip1,$bf_server_mac1=$bf_server_ip1 -j DROP > /dev/null +ip netns exec "$nsb" $XT_MULTI ebtables -A FORWARD \ + -p ip --ip-src $bf_client_ip1 ! --among-dst "$among" -j DROP > /dev/null ip netns exec "$nsc" ping -q $bf_server_ip1 -c 1 -s $pktsize -W 1 > /dev/null assert_pass $? "--among-dst [not match]" |