summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/packetpath/dumps/policy.json-nft
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2024-04-03 12:28:12 +0200
committerFlorian Westphal <fw@strlen.de>2024-04-25 13:25:19 +0200
commit96a22e33dd26b01a6711412508d28d8cabd66e87 (patch)
treefc6abe8cbb5c2e222bbf1dc516b6d32f8a05680a /tests/shell/testcases/packetpath/dumps/policy.json-nft
parent9da7b00aa886012c0e59e73aa19e05a8d1568540 (diff)
tests: packetpath: add check for drop policy
check that policy can be changed from accept to drop and that the kernel acts on this. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/packetpath/dumps/policy.json-nft')
-rw-r--r--tests/shell/testcases/packetpath/dumps/policy.json-nft121
1 files changed, 121 insertions, 0 deletions
diff --git a/tests/shell/testcases/packetpath/dumps/policy.json-nft b/tests/shell/testcases/packetpath/dumps/policy.json-nft
new file mode 100644
index 00000000..26e8a052
--- /dev/null
+++ b/tests/shell/testcases/packetpath/dumps/policy.json-nft
@@ -0,0 +1,121 @@
+{
+ "nftables": [
+ {
+ "metainfo": {
+ "version": "VERSION",
+ "release_name": "RELEASE_NAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": {
+ "family": "inet",
+ "name": "filter",
+ "handle": 0
+ }
+ },
+ {
+ "chain": {
+ "family": "inet",
+ "table": "filter",
+ "name": "underflow",
+ "handle": 0
+ }
+ },
+ {
+ "chain": {
+ "family": "inet",
+ "table": "filter",
+ "name": "input",
+ "handle": 0,
+ "type": "filter",
+ "hook": "input",
+ "prio": 0,
+ "policy": "drop"
+ }
+ },
+ {
+ "rule": {
+ "family": "inet",
+ "table": "filter",
+ "chain": "input",
+ "handle": 0,
+ "expr": [
+ {
+ "match": {
+ "op": "==",
+ "left": {
+ "payload": {
+ "protocol": "icmp",
+ "field": "type"
+ }
+ },
+ "right": "echo-reply"
+ }
+ },
+ {
+ "accept": null
+ }
+ ]
+ }
+ },
+ {
+ "rule": {
+ "family": "inet",
+ "table": "filter",
+ "chain": "input",
+ "handle": 0,
+ "expr": [
+ {
+ "match": {
+ "op": "==",
+ "left": {
+ "payload": {
+ "protocol": "ip",
+ "field": "saddr"
+ }
+ },
+ "right": "127.0.0.1"
+ }
+ },
+ {
+ "match": {
+ "op": "==",
+ "left": {
+ "payload": {
+ "protocol": "ip",
+ "field": "daddr"
+ }
+ },
+ "right": "127.0.0.2"
+ }
+ },
+ {
+ "counter": {
+ "packets": 3,
+ "bytes": 252
+ }
+ },
+ {
+ "accept": null
+ }
+ ]
+ }
+ },
+ {
+ "rule": {
+ "family": "inet",
+ "table": "filter",
+ "chain": "input",
+ "handle": 0,
+ "expr": [
+ {
+ "goto": {
+ "target": "underflow"
+ }
+ }
+ ]
+ }
+ }
+ ]
+}