diff options
| author | Lukas Wunner <lukas@wunner.de> | 2020-03-11 13:20:06 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-10-28 02:01:25 +0200 |
| commit | 510c4fad7e78f9350f492463d68899a6154807d3 (patch) | |
| tree | 42057f190379a7a2c2501977957f1cb6bb501e90 /tests/py/ip | |
| parent | 1e30a3a49a5eaf2a1e0e4b2d8f4949db9db565e7 (diff) | |
src: Support netdev egress hook
Add userspace support for the netdev egress hook which is queued up for
v5.16-rc1, complete with documentation and tests. Usage is identical to
the ingress hook.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip')
| -rw-r--r-- | tests/py/ip/ip.t | 3 | ||||
| -rw-r--r-- | tests/py/ip/ip_tcp.t | 2 | ||||
| -rw-r--r-- | tests/py/ip/ip_tcp.t.payload.netdev | 93 | ||||
| -rw-r--r-- | tests/py/ip/sets.t | 3 |
4 files changed, 99 insertions, 2 deletions
diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t index f4a3667c..d5a4d8a5 100644 --- a/tests/py/ip/ip.t +++ b/tests/py/ip/ip.t @@ -1,10 +1,11 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input *bridge;test-bridge;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress - ip version 2;ok diff --git a/tests/py/ip/ip_tcp.t b/tests/py/ip/ip_tcp.t index 467da3ef..646b0ca5 100644 --- a/tests/py/ip/ip_tcp.t +++ b/tests/py/ip/ip_tcp.t @@ -1,7 +1,9 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip;input +*netdev;test-netdev;ingress,egress # can remove ip dependency -- its redundant in ip family ip protocol tcp tcp dport 22;ok;tcp dport 22 diff --git a/tests/py/ip/ip_tcp.t.payload.netdev b/tests/py/ip/ip_tcp.t.payload.netdev new file mode 100644 index 00000000..74dc1195 --- /dev/null +++ b/tests/py/ip/ip_tcp.t.payload.netdev @@ -0,0 +1,93 @@ +# ip protocol tcp tcp dport 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp meta mark set 1 tcp dport 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000001 ] + [ meta set mark with reg 1 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp meta mark set 1 tcp dport 22 +netdev test-netdev egress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000001 ] + [ meta set mark with reg 1 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp tcp dport 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp meta mark set 1 tcp dport 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000001 ] + [ meta set mark with reg 1 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp meta mark set 1 tcp dport 22 +netdev test-netdev egress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000001 ] + [ meta set mark with reg 1 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp tcp dport 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp meta mark set 1 tcp dport 22 +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000001 ] + [ meta set mark with reg 1 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + +# ip protocol tcp meta mark set 1 tcp dport 22 +netdev test-netdev egress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000001 ] + [ meta set mark with reg 1 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00001600 ] + diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t index 7dc884fc..a224d0fe 100644 --- a/tests/py/ip/sets.t +++ b/tests/py/ip/sets.t @@ -1,9 +1,10 @@ :input;type filter hook input priority 0 :ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 *ip;test-ip4;input *inet;test-inet;input -*netdev;test-netdev;ingress +*netdev;test-netdev;ingress,egress !w type ipv4_addr;ok !x type inet_proto;ok |