summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorJose M. Guisado Gomez <guigom@riseup.net>2020-10-22 21:43:55 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2020-11-02 11:49:52 +0100
commita51a0bec1f698b9980a266e2393d3f80596bbae0 (patch)
treea48de9c9cc160893713c1231434be06309c7a83e /tests
parent0c42a1f2a0cc579181f9bd1adc885c10d0af5808 (diff)
tests: py: add netdev folder and reject.t icmp cases
Add unit tests for the use of reject with icmp inside netdev family. reject.t from inet family couldn't be reused because it was using meta nfproto which is not supported inside netdev. Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r--tests/py/netdev/reject.t20
-rw-r--r--tests/py/netdev/reject.t.payload60
-rwxr-xr-xtests/py/nft-test.py2
3 files changed, 81 insertions, 1 deletions
diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t
new file mode 100644
index 00000000..a4434b6c
--- /dev/null
+++ b/tests/py/netdev/reject.t
@@ -0,0 +1,20 @@
+:ingress;type filter hook ingress device lo priority 0
+
+*netdev;test-netdev;ingress
+
+reject with icmp type host-unreachable;ok;reject
+reject with icmp type net-unreachable;ok;reject
+reject with icmp type prot-unreachable;ok;reject
+reject with icmp type port-unreachable;ok;reject
+reject with icmp type net-prohibited;ok;reject
+reject with icmp type host-prohibited;ok;reject
+reject with icmp type admin-prohibited;ok;reject
+
+reject with icmpv6 type no-route;ok;reject
+reject with icmpv6 type admin-prohibited;ok;reject
+reject with icmpv6 type addr-unreachable;ok;reject
+reject with icmpv6 type port-unreachable;ok;reject
+reject with icmpv6 type policy-fail;ok;reject
+reject with icmpv6 type reject-route;ok;reject
+
+reject;ok
diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload
new file mode 100644
index 00000000..71a66f9d
--- /dev/null
+++ b/tests/py/netdev/reject.t.payload
@@ -0,0 +1,60 @@
+# reject with icmp type host-unreachable
+netdev
+ [ reject type 0 code 1 ]
+
+# reject
+netdev
+ [ reject type 2 code 1 ]
+
+# reject
+netdev
+ [ reject type 2 code 1 ]
+
+# reject with icmp type admin-prohibited
+netdev
+ [ reject type 0 code 13 ]
+
+# reject with icmp type net-unreachable
+netdev
+ [ reject type 0 code 0 ]
+
+# reject with icmp type prot-unreachable
+netdev
+ [ reject type 0 code 2 ]
+
+# reject with icmp type port-unreachable
+netdev
+ [ reject type 0 code 3 ]
+
+# reject with icmp type net-prohibited
+netdev
+ [ reject type 0 code 9 ]
+
+# reject with icmp type host-prohibited
+netdev
+ [ reject type 0 code 10 ]
+
+# reject with icmpv6 type no-route
+netdev
+ [ reject type 0 code 0 ]
+
+# reject with icmpv6 type admin-prohibited
+netdev
+ [ reject type 0 code 1 ]
+
+# reject with icmpv6 type addr-unreachable
+netdev
+ [ reject type 0 code 3 ]
+
+# reject with icmpv6 type port-unreachable
+netdev
+ [ reject type 0 code 4 ]
+
+# reject with icmpv6 type policy-fail
+netdev
+ [ reject type 0 code 5 ]
+
+# reject with icmpv6 type reject-route
+netdev
+ [ reject type 0 code 6 ]
+
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index e7b5e01e..7ca5a22a 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -28,7 +28,7 @@ os.environ['TZ'] = 'UTC-2'
from nftables import Nftables
-TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"]
+TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6", "netdev"]
LOGFILE = "/tmp/nftables-test.log"
log_file = None
table_list = []