diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2020-02-03 11:20:21 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-07 16:57:30 +0100 |
commit | 1f24768c93346bfb70214fcba65a1dcb3c2e7d46 (patch) | |
tree | 9af090c873a86f22aa6c3e1892954ad75d0c6899 /tests | |
parent | aae18ff0b2aa18091c54be5873ddf1de97cd24ad (diff) |
tests: shell: add bit-shift tests.
Add a couple of shell test-cases for setting the CT mark to a bitwise
expression derived from the packet mark and vice versa.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
4 files changed, 34 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/0040mark_shift_0 b/tests/shell/testcases/chains/0040mark_shift_0 new file mode 100755 index 00000000..55447f0b --- /dev/null +++ b/tests/shell/testcases/chains/0040mark_shift_0 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table t + add chain t c { type filter hook output priority mangle; } + add rule t c oif lo ct mark set (meta mark | 0x10) << 8 +" + +$NFT --debug=eval -f - <<< "$RULESET" diff --git a/tests/shell/testcases/chains/0040mark_shift_1 b/tests/shell/testcases/chains/0040mark_shift_1 new file mode 100755 index 00000000..b609f5ef --- /dev/null +++ b/tests/shell/testcases/chains/0040mark_shift_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table t + add chain t c { type filter hook input priority mangle; } + add rule t c iif lo ct mark & 0xff 0x10 meta mark set ct mark >> 8 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft b/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft new file mode 100644 index 00000000..52d59d2c --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft @@ -0,0 +1,6 @@ +table ip t { + chain c { + type filter hook output priority mangle; policy accept; + oif "lo" ct mark set (meta mark | 0x00000010) << 8 + } +} diff --git a/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft b/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft new file mode 100644 index 00000000..56ec8dc7 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft @@ -0,0 +1,6 @@ +table ip t { + chain c { + type filter hook input priority mangle; policy accept; + iif "lo" ct mark & 0x000000ff == 0x00000010 meta mark set ct mark >> 8 + } +} |