diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2013-07-25 22:44:40 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-25 22:55:44 +0200 |
commit | 02295f3d01d13adba9fefeb7b9a40ea379aded1b (patch) | |
tree | 608134747cebe3518cccec8e9b4fc16158cd0503 /tests/xmlfiles/39-rule-real.xml | |
parent | ab12dcd69bc56897f3138d2ead5294f775238166 (diff) |
tests: xml: add realistic XML tests files
This patch refresh current XML testfiles with some realworld
expressions extracted from rules. The nft instruction itself is added
as a comment for future references.
All XMl files are now indented with tabs instead of spaces. Also, a
bunch of new realworld rules with mixed expressions are added.
I used this command to get the XML formatted with tabs:
$ export XMLLINT_INDENT=$'\t'
$ xmllint --format file.xml
The xmllint tool is included in the libxml2-utils package (at least on
debian systems).
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/xmlfiles/39-rule-real.xml')
-rw-r--r-- | tests/xmlfiles/39-rule-real.xml | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml new file mode 100644 index 0000000..249160e --- /dev/null +++ b/tests/xmlfiles/39-rule-real.xml @@ -0,0 +1,122 @@ +<rule family="ip6" table="filter" chain="test" handle="31" version="0"> + <rule_flags>0</rule_flags> + <expr type="meta"> + <dreg>1</dreg> + <key>iifname</key> + </expr> + <expr type="cmp"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type="value"> + <len>16</len> + <data0>0x00000000</data0> + <data1>0x00000000</data1> + <data2>0x6f620000</data2> + <data3>0x0030646e</data3> + </data_reg> + </cmpdata> + </expr> + <expr type="meta"> + <dreg>1</dreg> + <key>oifname</key> + </expr> + <expr type="cmp"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type="value"> + <len>16</len> + <data0>0x00000000</data0> + <data1>0x62000000</data1> + <data2>0x31646e6f</data2> + <data3>0x0037322e</data3> + </data_reg> + </cmpdata> + </expr> + <expr type="payload"> + <dreg>1</dreg> + <offset>8</offset> + <len>16</len> + <base>network</base> + </expr> + <expr type="cmp"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type="value"> + <len>16</len> + <data0>0xc09a002a</data0> + <data1>0x2700cac1</data1> + <data2>0x00000000</data2> + <data3>0x50010000</data3> + </data_reg> + </cmpdata> + </expr> + <expr type="payload"> + <dreg>1</dreg> + <offset>6</offset> + <len>1</len> + <base>network</base> + </expr> + <expr type="cmp"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type="value"> + <len>1</len> + <data0>0x00000011</data0> + </data_reg> + </cmpdata> + </expr> + <expr type="payload"> + <dreg>1</dreg> + <offset>2</offset> + <len>2</len> + <base>transport</base> + </expr> + <expr type="cmp"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type="value"> + <len>2</len> + <data0>0x00003500</data0> + </data_reg> + </cmpdata> + </expr> + <expr type="ct"> + <dreg>1</dreg> + <key>status</key> + <dir>0</dir> + </expr> + <expr type="cmp"> + <sreg>1</sreg> + <op>eq</op> + <cmpdata> + <data_reg type="value"> + <len>4</len> + <data0>0x00000001</data0> + </data_reg> + </cmpdata> + </expr> + <expr type="counter"> + <pkts>0</pkts> + <bytes>0</bytes> + </expr> + <expr type="log"> + <prefix>dns_drop</prefix> + <group>2</group> + <snaplen>0</snaplen> + <qthreshold>0</qthreshold> + </expr> + <expr type="immediate"> + <dreg>0</dreg> + <immediatedata> + <data_reg type="verdict"> + <verdict>drop</verdict> + </data_reg> + </immediatedata> + </expr> +</rule> +<!-- nft add rule ip6 filter test meta iifname "bond0" meta oifname "bond1.27" ip6 saddr 2a00:9ac0:c1ca:27::150 udp dport 53 ct status expected counter log prefix dns_drop group 2 drop --> |