diff options
author | Michael Braun <michael-dev@fami-braun.de> | 2020-05-06 11:46:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-28 00:04:44 +0200 |
commit | 8615ed93f6e4c4b105525f033b927b510469b987 (patch) | |
tree | 064dd3adc997e0a3c3d494b97d9dfa1146250856 /tests/py/bridge/reject.t.payload | |
parent | 2a20b5bdbde8a1b510f75b1522772b07e51a77d7 (diff) |
evaluate: enable reject with 802.1q
This enables the use nft bridge reject with bridge vlan filtering.
It depends on a kernel patch to make the kernel preserve the
vlan id in nft bridge reject generation.
[ pablo: update tests/py ]
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/bridge/reject.t.payload')
-rw-r--r-- | tests/py/bridge/reject.t.payload | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/py/bridge/reject.t.payload b/tests/py/bridge/reject.t.payload index 0d10547b..7deb6fbf 100644 --- a/tests/py/bridge/reject.t.payload +++ b/tests/py/bridge/reject.t.payload @@ -118,3 +118,23 @@ bridge test-bridge input [ cmp eq reg 1 0x0000dd86 ] [ reject type 2 code 3 ] +# ether type vlan reject +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ reject type 2 code 1 ] + +# ether type vlan reject with tcp reset +bridge + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ reject type 1 code 0 ] + +# ether type vlan reject with icmpx type admin-prohibited +bridge + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + [ reject type 2 code 3 ] + |