diff options
author | Shyam Saini <mayhs11saini@gmail.com> | 2017-06-17 01:05:42 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-06-18 11:27:35 +0200 |
commit | c20142bba09b72f398ccf8260715cd6ed9a0e865 (patch) | |
tree | 02ba6d666c07dc35833a3b6e62523068255b4472 | |
parent | 35f6cd327c2ec46296adf464f981cd6cddfec27b (diff) |
tests: py: Add test for ambiguity while setting the value
This test checks bug identified and fixed in the commit mentioned below
In a statement if there are multiple src data then it would be
totally ambiguous to decide which value to set.
Before the commit was made it returned 134(BUG), but now it returns 1
i.e, an error message.
Following rules tests ambiguity while setting the value:
$ sudo nft add rule ip test-ip4 output ct mark set {0x11333, 0x11}
<cmdline>:1:41-55: Error: you cannot use a set here, unknown value to use
add rule ip test-ip4 output ct mark set {0x11333, 0x11}
~~~~~~~~~~~~^^^^^^^^^^^^^^^
Test: 986dea8 ("evaluate: avoid reference to multiple src data in
statements which set values")
Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | tests/py/any/ct.t | 5 | ||||
-rw-r--r-- | tests/py/any/meta.t | 3 | ||||
-rw-r--r-- | tests/py/bridge/ether.t | 2 | ||||
-rw-r--r-- | tests/py/inet/tcp.t | 2 | ||||
-rw-r--r-- | tests/py/inet/udp.t | 2 | ||||
-rw-r--r-- | tests/py/ip/ip.t | 2 |
6 files changed, 16 insertions, 0 deletions
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index 20f047a2..275d2e71 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -58,6 +58,11 @@ ct mark set 0x11;ok;ct mark set 0x00000011 ct mark set mark;ok;ct mark set mark ct mark set mark map { 1 : 10, 2 : 20, 3 : 30 };ok;ct mark set mark map { 0x00000003 : 0x0000001e, 0x00000002 : 0x00000014, 0x00000001 : 0x0000000a} +ct mark set {0x11333, 0x11};fail +ct zone set {123, 127};fail +ct label set {123, 127};fail +ct event set {new, related, destroy, label};fail + ct expiration 30;ok;ct expiration 30s ct expiration 22;ok;ct expiration 22s ct expiration != 233;ok;ct expiration != 3m53s diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index 2ff942ff..fc041bf5 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -143,6 +143,9 @@ meta mark set 0xffffffde or 0x16;ok;mark set 0xffffffde meta mark set 0x32 or 0xfffff;ok;mark set 0x000fffff meta mark set 0xfffe xor 0x16;ok;mark set 0x0000ffe8 +meta mark set {0xffff, 0xcc};fail +meta pkttype set {unicast, multicast, broadcast};fail + meta iif "lo";ok;iif "lo" meta oif "lo";ok;oif "lo" meta oifname "dummy2" accept;ok;oifname "dummy2" accept diff --git a/tests/py/bridge/ether.t b/tests/py/bridge/ether.t index 5c6766eb..15f5f857 100644 --- a/tests/py/bridge/ether.t +++ b/tests/py/bridge/ether.t @@ -8,3 +8,5 @@ tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4;ok ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept;ok ether daddr 00:01:02:03:04:05 ether saddr set ff:fe:dc:ba:98:76 drop;ok + +ether daddr set {01:00:5e:00:01:01, 01:00:5e:00:02:02};fail diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index 5a0aab67..f25be599 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -6,6 +6,8 @@ *inet;test-inet;input *netdev;test-netdev;ingress +tcp dport set {1, 2, 3};fail + tcp dport 22;ok tcp dport != 233;ok tcp dport 33-45;ok diff --git a/tests/py/inet/udp.t b/tests/py/inet/udp.t index 2f16e6a1..4e3eaa51 100644 --- a/tests/py/inet/udp.t +++ b/tests/py/inet/udp.t @@ -15,6 +15,8 @@ udp sport != { 50, 60} accept;ok udp sport { 12-40};ok udp sport != { 13-24};ok +udp dport set {1, 2, 3};fail + udp dport 80 accept;ok udp dport != 60 accept;ok udp dport 70-75 accept;ok diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index f9846469..9ab15df6 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -85,6 +85,8 @@ ip checksum != { 33, 55, 67, 88};ok ip checksum { 33-55};ok ip checksum != { 33-55};ok +ip saddr set {192.19.1.2, 191.1.22.1};fail + ip saddr 192.168.2.0/24;ok ip saddr != 192.168.2.0/24;ok ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok |