blob: 2a052b24b97451d16bae660009b4e702e159537c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
#!/bin/bash
#
# (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This is a small testbench for adding nftables rules to kernel
# in XML format.
BINARY="../examples/nft-rule-xml-add"
NFT="$( which nft )"
MKTEMP="$( which mktemp )"
TMPFILE="$( $MKTEMP )"
if [ ! -x "$BINARY" ] ; then
echo "E: Binary not found $BINARY"
exit 1
fi
if [ ! -x "$MKTEMP" ] ; then
echo "E: mktemp not found. Is mandatory."
exit 1
fi
if [ ! -w "$TMPFILE" ] ; then
echo "E: Unable to create tempfile with mktemp"
exit 1
fi
[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT"
XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
<rule_flags>0</rule_flags>
<compat_flags>0</compat_flags>
<compat_proto>0</compat_proto>
<expr type=\"meta\">
<dreg>1</dreg>
<key>iif</key>
</expr>
<expr type=\"cmp\">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
<len>4</len>
<data0>0x04000000</data0>
</data_reg>
</cmpdata>
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
<base>transport</base>
<offset>12</offset>
<len>4</len>
</expr>
<expr type=\"cmp\">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
<len>4</len>
<data0>0x96d60496</data0>
</data_reg>
</cmpdata>
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
<base>link</base>
<offset>16</offset>
<len>4</len>
</expr>
<expr type=\"cmp\">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
<len>4</len>
<data0>0x96d60329</data0>
</data_reg>
</cmpdata>
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
<base>network</base>
<offset>9</offset>
<len>1</len>
</expr>
<expr type=\"cmp\">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
<len>4</len>
<data0>0x06000000</data0>
</data_reg>
</cmpdata>
</expr>
<expr type=\"match\">
<name>state</name>
</expr>
<expr type=\"counter\">
<pkts>123123</pkts>
<bytes>321321</bytes>
</expr>
<expr type=\"target\">
<name>LOG</name>
</expr>
</rule>"
$NFT add table filter 2>/dev/null >&2
$NFT add chain filter INPUT 2>/dev/null >&2
echo $XML > $TMPFILE
if ! $BINARY "$TMPFILE" ; then
echo "E: Unable to add XML."
rm -rf $TMPFILE 2>/dev/null
exit 1
fi
rm -rf $TMPFILE 2>/dev/null
echo "I: Test OK"
|