diff options
Diffstat (limited to 'tests/shell/testcases/chains')
109 files changed, 8475 insertions, 49 deletions
diff --git a/tests/shell/testcases/chains/0012reject_in_prerouting_1 b/tests/shell/testcases/chains/0012reject_in_prerouting_1 deleted file mode 100755 index 0ee86c11..00000000 --- a/tests/shell/testcases/chains/0012reject_in_prerouting_1 +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e - -$NFT add table t -$NFT add chain t prerouting {type filter hook prerouting priority 0 \; } - -# wrong hook prerouting, only input/forward/output is valid -$NFT add rule t prerouting reject 2>/dev/null || exit 0 -echo "E: accepted reject in prerouting hook" >&2 -exit 1 diff --git a/tests/shell/testcases/chains/0014rename_0 b/tests/shell/testcases/chains/0014rename_0 index bebe48d6..bd84e957 100755 --- a/tests/shell/testcases/chains/0014rename_0 +++ b/tests/shell/testcases/chains/0014rename_0 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash $NFT add table t || exit 1 $NFT add chain t c1 || exit 1 diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index e7612974..ceda1558 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -69,6 +69,7 @@ done family=netdev echo "add table $family x" gen_chains $family ingress filter lo +[ "$NFT_TEST_HAVE_netdev_egress" != n ] && gen_chains $family egress filter lo family=bridge echo "add table $family x" @@ -82,3 +83,8 @@ gen_chains $family postrouting srcnat ) >$tmpfile $NFT -f $tmpfile + +if [ "$NFT_TEST_HAVE_netdev_egress" = n ]; then + echo "Ran a modified version of the test due to NFT_TEST_HAVE_netdev_egress=n" + exit 77 +fi diff --git a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 index d2b1fa43..e4a668e1 100755 --- a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 +++ b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 @@ -2,7 +2,7 @@ for family in ip ip6 inet do - for hook in prerouting input forward output + for hook in prerouting forward output do $NFT add table $family x $NFT add chain $family x y "{ type filter hook $hook priority srcnat; }" &> /dev/null diff --git a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 index d112f2c9..f1b802a0 100755 --- a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 +++ b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 @@ -2,7 +2,7 @@ for family in ip ip6 inet do - for hook in input forward output postrouting + for hook in input forward postrouting do $NFT add table $family x $NFT add chain $family x y "{ type filter hook $hook priority dstnat; }" &> /dev/null diff --git a/tests/shell/testcases/chains/0026prio_netdev_1 b/tests/shell/testcases/chains/0026prio_netdev_1 index aa902e9b..b6fa3db5 100755 --- a/tests/shell/testcases/chains/0026prio_netdev_1 +++ b/tests/shell/testcases/chains/0026prio_netdev_1 @@ -1,7 +1,8 @@ #!/bin/bash family=netdev - hook=ingress + for hook in ingress egress + do for prioname in raw mangle dstnat security srcnat do $NFT add table $family x || exit 1 @@ -12,4 +13,5 @@ family=netdev exit 1 fi done + done exit 0 diff --git a/tests/shell/testcases/chains/0030create_0 b/tests/shell/testcases/chains/0030create_0 index 0b457f91..0b457f91 100644..100755 --- a/tests/shell/testcases/chains/0030create_0 +++ b/tests/shell/testcases/chains/0030create_0 diff --git a/tests/shell/testcases/chains/0032priority_variable_0 b/tests/shell/testcases/chains/0032priority_variable_0 index 51bc5eb1..8f2e57b9 100755 --- a/tests/shell/testcases/chains/0032priority_variable_0 +++ b/tests/shell/testcases/chains/0032priority_variable_0 @@ -6,12 +6,22 @@ set -e RULESET=" define pri = 10 +define post = -10 +define for = \"filter - 100\" table inet global { chain prerouting { type filter hook prerouting priority \$pri policy accept } + chain forward { + type filter hook prerouting priority \$for + policy accept + } + chain postrouting { + type filter hook postrouting priority \$post + policy accept + } }" $NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/chains/0040mark_shift_0 b/tests/shell/testcases/chains/0040mark_shift_0 deleted file mode 100755 index 55447f0b..00000000 --- a/tests/shell/testcases/chains/0040mark_shift_0 +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e - -RULESET=" - add table t - add chain t c { type filter hook output priority mangle; } - add rule t c oif lo ct mark set (meta mark | 0x10) << 8 -" - -$NFT --debug=eval -f - <<< "$RULESET" diff --git a/tests/shell/testcases/chains/0040mark_shift_1 b/tests/shell/testcases/chains/0040mark_shift_1 deleted file mode 100755 index b609f5ef..00000000 --- a/tests/shell/testcases/chains/0040mark_shift_1 +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e - -RULESET=" - add table t - add chain t c { type filter hook input priority mangle; } - add rule t c iif lo ct mark & 0xff 0x10 meta mark set ct mark >> 8 -" - -$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/chains/0041chain_binding_0 b/tests/shell/testcases/chains/0041chain_binding_0 new file mode 100755 index 00000000..141a4b6d --- /dev/null +++ b/tests/shell/testcases/chains/0041chain_binding_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +# no table x, caused segfault in earlier nft releases +$NFT insert rule inet x y handle 107 'goto { log prefix "MOO! "; }' +if [ $? -ne 1 ]; then + exit 1 +fi + +if [ $NFT_TEST_HAVE_chain_binding = "n" ] ; then + echo "Test partially skipped due to NFT_TEST_HAVE_chain_binding=n" + exit 77 +fi + +set -e + +EXPECTED="table inet x { + chain y { + type filter hook input priority 0; + meta l4proto { tcp, udp } th dport 53 jump { + ip saddr { 127.0.0.0/8, 172.23.0.0/16, 192.168.13.0/24 } counter accept + ip6 saddr ::1/128 counter accept + } + } +}" + +$NFT -f - <<< $EXPECTED +$NFT add rule inet x y meta l4proto icmpv6 jump { counter accept\; } +$NFT add rule inet x y meta l4proto sctp jump { drop\; } +$NFT delete rule inet x y handle 13 diff --git a/tests/shell/testcases/chains/0042chain_variable_0 b/tests/shell/testcases/chains/0042chain_variable_0 new file mode 100755 index 00000000..c5de495e --- /dev/null +++ b/tests/shell/testcases/chains/0042chain_variable_0 @@ -0,0 +1,71 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice) + +set -e + +ip link add name d23456789012345 type dummy + + +EXPECTED="define if_main = \"lo\" + +table netdev filter1 { + chain Main_Ingress1 { + type filter hook ingress device \$if_main priority -500; policy accept; + } +}" + +$NFT -f - <<< $EXPECTED + + +EXPECTED="define if_main = \"lo\" + +table netdev filter2 { + chain Main_Ingress2 { + type filter hook ingress devices = { \$if_main, d23456789012345x } priority -500; policy accept; + } +}" + +rc=0 +$NFT -f - <<< $EXPECTED || rc=$? +test "$rc" = 1 +cat <<EOF | $DIFF -u <($NFT list ruleset) - +table netdev filter1 { + chain Main_Ingress1 { + type filter hook ingress device "lo" priority -500; policy accept; + } +} +EOF + + +EXPECTED="define if_main = \"lo\" + +table netdev filter2 { + chain Main_Ingress2 { + type filter hook ingress devices = { \$if_main, d23456789012345 } priority -500; policy accept; + } +}" + +$NFT -f - <<< $EXPECTED + + +if [ "$NFT_TEST_HAVE_netdev_egress" = n ] ; then + echo "Skip parts of the test due to NFT_TEST_HAVE_netdev_egress=n" + exit 77 +fi + + +EXPECTED="define if_main = { lo, d23456789012345 } +define lan_interfaces = { lo } + +table netdev filter3 { + chain Main_Ingress3 { + type filter hook ingress devices = \$if_main priority -500; policy accept; + } + chain Main_Egress3 { + type filter hook egress devices = \$lan_interfaces priority -500; policy accept; + } +}" + +$NFT -f - <<< $EXPECTED + diff --git a/tests/shell/testcases/chains/0043chain_ingress_0 b/tests/shell/testcases/chains/0043chain_ingress_0 new file mode 100755 index 00000000..a6973b99 --- /dev/null +++ b/tests/shell/testcases/chains/0043chain_ingress_0 @@ -0,0 +1,19 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_inet_ingress) + +set -e +RULESET="table inet filter { + chain ingress { + type filter hook ingress device \"lo\" priority filter; policy accept; + } + chain input { + type filter hook input priority filter; policy accept; + } + chain forward { + type filter hook forward priority filter; policy accept; + } +}" + +$NFT -f - <<< "$RULESET" && exit 0 +exit 1 diff --git a/tests/shell/testcases/chains/0044chain_destroy_0 b/tests/shell/testcases/chains/0044chain_destroy_0 new file mode 100755 index 00000000..5c5a10a7 --- /dev/null +++ b/tests/shell/testcases/chains/0044chain_destroy_0 @@ -0,0 +1,12 @@ +#!/bin/bash -e + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_destroy) + +$NFT add table t + +# pass for non-existent chain +$NFT destroy chain t c + +# successfully delete existing chain +$NFT add chain t c +$NFT destroy chain t c diff --git a/tests/shell/testcases/chains/dumps/0001jumps_0.json-nft b/tests/shell/testcases/chains/dumps/0001jumps_0.json-nft new file mode 100644 index 00000000..ceef3224 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0001jumps_0.json-nft @@ -0,0 +1,371 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c3", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c4", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c5", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c6", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c7", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c8", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c9", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c10", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c11", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c12", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c13", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c14", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c15", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c16", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c2", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c3" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c3", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c4" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c4", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c5" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c5", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c6" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c6", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c7" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c7", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c8" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c8", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c9" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c9", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c10" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c10", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c11" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c11", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c12" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c12", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c13" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c13", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c14" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c14", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c15" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c15", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c16" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0002jumps_1.json-nft b/tests/shell/testcases/chains/dumps/0002jumps_1.json-nft new file mode 100644 index 00000000..66f921a0 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0002jumps_1.json-nft @@ -0,0 +1,383 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c3", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c4", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c5", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c6", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c7", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c8", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c9", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c10", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c11", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c12", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c13", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c14", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c15", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c16", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c17", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c2", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c3" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c3", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c4" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c4", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c5" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c5", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c6" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c6", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c7" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c7", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c8" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c8", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c9" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c9", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c10" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c10", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c11" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c11", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c12" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c12", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c13" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c13", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c14" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c14", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c15" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c15", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c16" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0002jumps_1.nft b/tests/shell/testcases/chains/dumps/0002jumps_1.nft new file mode 100644 index 00000000..ed37ad0e --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0002jumps_1.nft @@ -0,0 +1,68 @@ +table ip t { + chain c1 { + type filter hook input priority filter; policy accept; + jump c2 + } + + chain c2 { + jump c3 + } + + chain c3 { + jump c4 + } + + chain c4 { + jump c5 + } + + chain c5 { + jump c6 + } + + chain c6 { + jump c7 + } + + chain c7 { + jump c8 + } + + chain c8 { + jump c9 + } + + chain c9 { + jump c10 + } + + chain c10 { + jump c11 + } + + chain c11 { + jump c12 + } + + chain c12 { + jump c13 + } + + chain c13 { + jump c14 + } + + chain c14 { + jump c15 + } + + chain c15 { + jump c16 + } + + chain c16 { + } + + chain c17 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0003jump_loop_1.json-nft b/tests/shell/testcases/chains/dumps/0003jump_loop_1.json-nft new file mode 100644 index 00000000..ceef3224 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0003jump_loop_1.json-nft @@ -0,0 +1,371 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c3", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c4", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c5", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c6", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c7", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c8", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c9", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c10", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c11", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c12", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c13", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c14", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c15", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c16", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c2", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c3" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c3", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c4" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c4", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c5" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c5", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c6" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c6", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c7" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c7", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c8" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c8", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c9" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c9", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c10" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c10", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c11" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c11", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c12" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c12", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c13" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c13", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c14" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c14", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c15" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c15", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c16" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0003jump_loop_1.nft b/tests/shell/testcases/chains/dumps/0003jump_loop_1.nft new file mode 100644 index 00000000..7054cde4 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0003jump_loop_1.nft @@ -0,0 +1,64 @@ +table ip t { + chain c1 { + jump c2 + } + + chain c2 { + jump c3 + } + + chain c3 { + jump c4 + } + + chain c4 { + jump c5 + } + + chain c5 { + jump c6 + } + + chain c6 { + jump c7 + } + + chain c7 { + jump c8 + } + + chain c8 { + jump c9 + } + + chain c9 { + jump c10 + } + + chain c10 { + jump c11 + } + + chain c11 { + jump c12 + } + + chain c12 { + jump c13 + } + + chain c13 { + jump c14 + } + + chain c14 { + jump c15 + } + + chain c15 { + jump c16 + } + + chain c16 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0004busy_1.json-nft b/tests/shell/testcases/chains/dumps/0004busy_1.json-nft new file mode 100644 index 00000000..314245ff --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0004busy_1.json-nft @@ -0,0 +1,49 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c2" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0004busy_1.nft b/tests/shell/testcases/chains/dumps/0004busy_1.nft new file mode 100644 index 00000000..429dd494 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0004busy_1.nft @@ -0,0 +1,8 @@ +table ip t { + chain c1 { + jump c2 + } + + chain c2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0005busy_map_1.json-nft b/tests/shell/testcases/chains/dumps/0005busy_map_1.json-nft new file mode 100644 index 00000000..ce776822 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0005busy_map_1.json-nft @@ -0,0 +1,66 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "data": { + "set": [ + [ + 1, + { + "jump": { + "target": "c2" + } + } + ] + ] + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0005busy_map_1.nft b/tests/shell/testcases/chains/dumps/0005busy_map_1.nft new file mode 100644 index 00000000..acf23183 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0005busy_map_1.nft @@ -0,0 +1,8 @@ +table ip t { + chain c1 { + tcp dport vmap { 1 : jump c2 } + } + + chain c2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0006masquerade_0.json-nft b/tests/shell/testcases/chains/dumps/0006masquerade_0.json-nft new file mode 100644 index 00000000..b6fc221f --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0006masquerade_0.json-nft @@ -0,0 +1,43 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0, + "type": "nat", + "hook": "postrouting", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "masquerade": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0007masquerade_1.json-nft b/tests/shell/testcases/chains/dumps/0007masquerade_1.json-nft new file mode 100644 index 00000000..98b51044 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0007masquerade_1.json-nft @@ -0,0 +1,30 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0007masquerade_1.nft b/tests/shell/testcases/chains/dumps/0007masquerade_1.nft new file mode 100644 index 00000000..b25355f7 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0007masquerade_1.nft @@ -0,0 +1,5 @@ +table ip t { + chain c1 { + type filter hook output priority filter; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0008masquerade_jump_1.json-nft b/tests/shell/testcases/chains/dumps/0008masquerade_jump_1.json-nft new file mode 100644 index 00000000..3215496f --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0008masquerade_jump_1.json-nft @@ -0,0 +1,51 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "output", + "handle": 0, + "type": "nat", + "hook": "output", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "masquerade": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0008masquerade_jump_1.nft b/tests/shell/testcases/chains/dumps/0008masquerade_jump_1.nft new file mode 100644 index 00000000..49910711 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0008masquerade_jump_1.nft @@ -0,0 +1,9 @@ +table ip t { + chain output { + type nat hook output priority filter; policy accept; + } + + chain c1 { + masquerade + } +} diff --git a/tests/shell/testcases/chains/dumps/0009masquerade_jump_1.json-nft b/tests/shell/testcases/chains/dumps/0009masquerade_jump_1.json-nft new file mode 100644 index 00000000..3215496f --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0009masquerade_jump_1.json-nft @@ -0,0 +1,51 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "output", + "handle": 0, + "type": "nat", + "hook": "output", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "masquerade": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0009masquerade_jump_1.nft b/tests/shell/testcases/chains/dumps/0009masquerade_jump_1.nft new file mode 100644 index 00000000..49910711 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0009masquerade_jump_1.nft @@ -0,0 +1,9 @@ +table ip t { + chain output { + type nat hook output priority filter; policy accept; + } + + chain c1 { + masquerade + } +} diff --git a/tests/shell/testcases/chains/dumps/0010endless_jump_loop_1.json-nft b/tests/shell/testcases/chains/dumps/0010endless_jump_loop_1.json-nft new file mode 100644 index 00000000..db64cdbc --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0010endless_jump_loop_1.json-nft @@ -0,0 +1,26 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0010endless_jump_loop_1.nft b/tests/shell/testcases/chains/dumps/0010endless_jump_loop_1.nft new file mode 100644 index 00000000..1e0d1d60 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0010endless_jump_loop_1.nft @@ -0,0 +1,4 @@ +table ip t { + chain c { + } +} diff --git a/tests/shell/testcases/chains/dumps/0011endless_jump_loop_1.json-nft b/tests/shell/testcases/chains/dumps/0011endless_jump_loop_1.json-nft new file mode 100644 index 00000000..e1a2262f --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0011endless_jump_loop_1.json-nft @@ -0,0 +1,75 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "map": { + "family": "ip", + "name": "m", + "table": "t", + "type": "inet_service", + "handle": 0, + "map": "verdict", + "elem": [ + [ + 2, + { + "jump": { + "target": "c2" + } + } + ] + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "data": "@m" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0011endless_jump_loop_1.nft b/tests/shell/testcases/chains/dumps/0011endless_jump_loop_1.nft new file mode 100644 index 00000000..ca0a7378 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0011endless_jump_loop_1.nft @@ -0,0 +1,13 @@ +table ip t { + map m { + type inet_service : verdict + elements = { 2 : jump c2 } + } + + chain c1 { + tcp dport vmap @m + } + + chain c2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0013rename_0.json-nft b/tests/shell/testcases/chains/dumps/0013rename_0.json-nft new file mode 100644 index 00000000..f89c455a --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0013rename_0.json-nft @@ -0,0 +1,26 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0014rename_0.json-nft b/tests/shell/testcases/chains/dumps/0014rename_0.json-nft new file mode 100644 index 00000000..f4c6855e --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0014rename_0.json-nft @@ -0,0 +1,34 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0014rename_0.nft b/tests/shell/testcases/chains/dumps/0014rename_0.nft new file mode 100644 index 00000000..574c4863 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0014rename_0.nft @@ -0,0 +1,7 @@ +table ip t { + chain c1 { + } + + chain c2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0015check_jump_loop_1.json-nft b/tests/shell/testcases/chains/dumps/0015check_jump_loop_1.json-nft new file mode 100644 index 00000000..314245ff --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0015check_jump_loop_1.json-nft @@ -0,0 +1,49 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c2", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c2" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0015check_jump_loop_1.nft b/tests/shell/testcases/chains/dumps/0015check_jump_loop_1.nft new file mode 100644 index 00000000..429dd494 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0015check_jump_loop_1.nft @@ -0,0 +1,8 @@ +table ip t { + chain c1 { + jump c2 + } + + chain c2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0016delete_handle_0.json-nft b/tests/shell/testcases/chains/dumps/0016delete_handle_0.json-nft new file mode 100644 index 00000000..ca1311db --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0016delete_handle_0.json-nft @@ -0,0 +1,57 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "test-ip", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test-ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "test-ip", + "name": "z", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "test-ip6", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "test-ip6", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "test-ip6", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0017masquerade_jump_1.json-nft b/tests/shell/testcases/chains/dumps/0017masquerade_jump_1.json-nft new file mode 100644 index 00000000..b368c23a --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0017masquerade_jump_1.json-nft @@ -0,0 +1,53 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 4, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "input", + "handle": 0, + "expr": [ + { + "jump": { + "target": "c1" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0017masquerade_jump_1.nft b/tests/shell/testcases/chains/dumps/0017masquerade_jump_1.nft new file mode 100644 index 00000000..636e8440 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0017masquerade_jump_1.nft @@ -0,0 +1,9 @@ +table ip t { + chain input { + type filter hook input priority filter + 4; policy accept; + jump c1 + } + + chain c1 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0018check_jump_loop_1.json-nft b/tests/shell/testcases/chains/dumps/0018check_jump_loop_1.json-nft new file mode 100644 index 00000000..7294c841 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0018check_jump_loop_1.json-nft @@ -0,0 +1,49 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "ap1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "ap2", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "ap1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "ap2" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0018check_jump_loop_1.nft b/tests/shell/testcases/chains/dumps/0018check_jump_loop_1.nft new file mode 100644 index 00000000..437900bc --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0018check_jump_loop_1.nft @@ -0,0 +1,8 @@ +table ip filter { + chain ap1 { + jump ap2 + } + + chain ap2 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0019masquerade_jump_1.json-nft b/tests/shell/testcases/chains/dumps/0019masquerade_jump_1.json-nft new file mode 100644 index 00000000..c164ffb8 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0019masquerade_jump_1.json-nft @@ -0,0 +1,70 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 4, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c1", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "input", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "data": { + "set": [ + [ + "1.1.1.1", + { + "jump": { + "target": "c1" + } + } + ] + ] + } + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0019masquerade_jump_1.nft b/tests/shell/testcases/chains/dumps/0019masquerade_jump_1.nft new file mode 100644 index 00000000..81cf9cc7 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0019masquerade_jump_1.nft @@ -0,0 +1,9 @@ +table ip t { + chain input { + type filter hook input priority filter + 4; policy accept; + ip saddr vmap { 1.1.1.1 : jump c1 } + } + + chain c1 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0020depth_1.json-nft b/tests/shell/testcases/chains/dumps/0020depth_1.json-nft new file mode 100644 index 00000000..31bc2b13 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0020depth_1.json-nft @@ -0,0 +1,475 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a0", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a1", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a2", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a3", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a4", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a5", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a6", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a7", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a8", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a9", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a10", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a11", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a12", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a13", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a14", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a15", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a16", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a17", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a18", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "a19", + "handle": 0 + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a0", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a1", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a2", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a3" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a3", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a4" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a4", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a5" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a5", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a6" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a6", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a7" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a7", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a8" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a8", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a9" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a9", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a10" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a11", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a12" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a12", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a13" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a13", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a14" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a14", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a15" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a15", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a16" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a16", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a17" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a17", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a18" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "a18", + "handle": 0, + "expr": [ + { + "jump": { + "target": "a19" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0020depth_1.nft b/tests/shell/testcases/chains/dumps/0020depth_1.nft new file mode 100644 index 00000000..422c3952 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0020depth_1.nft @@ -0,0 +1,84 @@ +table ip filter { + chain input { + type filter hook input priority filter; policy accept; + jump a1 + } + + chain a0 { + jump a1 + } + + chain a1 { + jump a2 + } + + chain a2 { + jump a3 + } + + chain a3 { + jump a4 + } + + chain a4 { + jump a5 + } + + chain a5 { + jump a6 + } + + chain a6 { + jump a7 + } + + chain a7 { + jump a8 + } + + chain a8 { + jump a9 + } + + chain a9 { + jump a10 + } + + chain a10 { + } + + chain a11 { + jump a12 + } + + chain a12 { + jump a13 + } + + chain a13 { + jump a14 + } + + chain a14 { + jump a15 + } + + chain a15 { + jump a16 + } + + chain a16 { + jump a17 + } + + chain a17 { + jump a18 + } + + chain a18 { + jump a19 + } + + chain a19 { + } +} diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.json-nft b/tests/shell/testcases/chains/dumps/0021prio_0.json-nft new file mode 100644 index 00000000..1a3e1161 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0021prio_0.json-nft @@ -0,0 +1,4743 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingrawm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingrawm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingraw", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingrawp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingrawp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingmanglem11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingmanglem10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingmangle", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingmanglep10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingmanglep11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingfilter", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingsecuritym11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingsecuritym10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingsecurity", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingsecurityp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingsecurityp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputrawm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputrawm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputraw", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputrawp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputrawp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputmanglem11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputmanglem10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputmangle", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputmanglep10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputmanglep11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputfilterm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputfilterm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputfilter", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputfilterp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputfilterp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputsecuritym11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputsecuritym10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputsecurity", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputsecurityp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "inputsecurityp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardrawm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardrawm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardraw", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardrawp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardrawp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardmanglem11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardmanglem10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardmangle", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardmanglep10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardmanglep11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardfilterm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardfilterm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardfilter", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardfilterp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardfilterp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardsecuritym11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardsecuritym10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardsecurity", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardsecurityp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "forwardsecurityp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputrawm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputrawm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputraw", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputrawp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputrawp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputmanglem11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputmanglem10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputmangle", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputmanglep10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputmanglep11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputfilterm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputfilterm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputfilter", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputfilterp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputfilterp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputsecuritym11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputsecuritym10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputsecurity", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputsecurityp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "outputsecurityp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingrawm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingrawm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingraw", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingrawp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingrawp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingmanglem11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingmanglem10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingmangle", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingmanglep10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingmanglep11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingfilter", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsecuritym11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsecuritym10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsecurity", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsecurityp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsecurityp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingdstnatm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -111, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingdstnatm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -110, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingdstnat", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingdstnatp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -90, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "preroutingdstnatp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -89, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsrcnatm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 89, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsrcnatm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 90, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsrcnat", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsrcnatp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 110, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "postroutingsrcnatp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 111, + "policy": "accept" + } + }, + { + "table": { + "family": "ip6", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingrawm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingrawm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingraw", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingrawp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingrawp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingmanglem11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingmanglem10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingmangle", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingmanglep10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingmanglep11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingfilter", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingsecuritym11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingsecuritym10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingsecurity", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingsecurityp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingsecurityp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputrawm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputrawm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputraw", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputrawp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputrawp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputmanglem11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputmanglem10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputmangle", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputmanglep10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputmanglep11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputfilterm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputfilterm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputfilter", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputfilterp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputfilterp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputsecuritym11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputsecuritym10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputsecurity", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputsecurityp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "inputsecurityp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardrawm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardrawm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardraw", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardrawp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardrawp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardmanglem11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardmanglem10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardmangle", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardmanglep10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardmanglep11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardfilterm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardfilterm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardfilter", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardfilterp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardfilterp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardsecuritym11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardsecuritym10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardsecurity", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardsecurityp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "forwardsecurityp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputrawm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputrawm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputraw", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputrawp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputrawp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputmanglem11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputmanglem10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputmangle", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputmanglep10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputmanglep11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputfilterm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputfilterm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputfilter", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputfilterp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputfilterp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputsecuritym11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputsecuritym10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputsecurity", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputsecurityp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "outputsecurityp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingrawm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingrawm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingraw", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingrawp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingrawp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingmanglem11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingmanglem10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingmangle", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingmanglep10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingmanglep11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingfilter", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsecuritym11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsecuritym10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsecurity", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsecurityp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsecurityp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingdstnatm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -111, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingdstnatm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -110, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingdstnat", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingdstnatp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -90, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "preroutingdstnatp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -89, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsrcnatm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 89, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsrcnatm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 90, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsrcnat", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsrcnatp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 110, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "x", + "name": "postroutingsrcnatp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 111, + "policy": "accept" + } + }, + { + "table": { + "family": "inet", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingrawm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingrawm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingraw", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingrawp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingrawp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingmanglem11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingmanglem10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingmangle", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingmanglep10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingmanglep11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingfilter", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingsecuritym11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingsecuritym10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingsecurity", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingsecurityp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingsecurityp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputrawm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputrawm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputraw", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputrawp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputrawp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputmanglem11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputmanglem10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputmangle", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputmanglep10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputmanglep11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputfilterm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputfilterm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputfilter", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputfilterp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputfilterp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputsecuritym11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputsecuritym10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputsecurity", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputsecurityp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "inputsecurityp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardrawm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardrawm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardraw", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardrawp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardrawp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardmanglem11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardmanglem10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardmangle", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardmanglep10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardmanglep11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardfilterm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardfilterm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardfilter", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardfilterp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardfilterp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardsecuritym11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardsecuritym10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardsecurity", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardsecurityp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "forwardsecurityp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputrawm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputrawm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputraw", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputrawp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputrawp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputmanglem11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputmanglem10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputmangle", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputmanglep10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputmanglep11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputfilterm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputfilterm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputfilter", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputfilterp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputfilterp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputsecuritym11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputsecuritym10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputsecurity", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputsecurityp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "outputsecurityp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingrawm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingrawm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingraw", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingrawp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingrawp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingmanglem11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -161, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingmanglem10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -160, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingmangle", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -150, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingmanglep10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -140, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingmanglep11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -139, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingfilter", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsecuritym11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 39, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsecuritym10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 40, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsecurity", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 50, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsecurityp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 60, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsecurityp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 61, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingdstnatm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -111, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingdstnatm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -110, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingdstnat", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingdstnatp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -90, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "preroutingdstnatp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -89, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsrcnatm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 89, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsrcnatm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 90, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsrcnat", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 100, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsrcnatp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 110, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "x", + "name": "postroutingsrcnatp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 111, + "policy": "accept" + } + }, + { + "table": { + "family": "arp", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "inputfilterm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "inputfilterm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "inputfilter", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "inputfilterp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "inputfilterp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "outputfilterm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "outputfilterm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "outputfilter", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "outputfilterp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "arp", + "table": "x", + "name": "outputfilterp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 11, + "policy": "accept" + } + }, + { + "table": { + "family": "netdev", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "ingressfilterm11", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "ingressfilterm10", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "ingressfilter", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "ingressfilterp10", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "ingressfilterp11", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": 11, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "egressfilterm11", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "egress", + "prio": -11, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "egressfilterm10", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "egress", + "prio": -10, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "egressfilter", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "egress", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "egressfilterp10", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "egress", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "x", + "name": "egressfilterp11", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "egress", + "prio": 11, + "policy": "accept" + } + }, + { + "table": { + "family": "bridge", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -211, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -210, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingfilter", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -200, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -190, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -189, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "inputfilterm11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -211, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "inputfilterm10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -210, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "inputfilter", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -200, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "inputfilterp10", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -190, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "inputfilterp11", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -189, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "forwardfilterm11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -211, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "forwardfilterm10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -210, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "forwardfilter", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -200, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "forwardfilterp10", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -190, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "forwardfilterp11", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": -189, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputfilterm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -211, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputfilterm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -210, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputfilter", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -200, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputfilterp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -190, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputfilterp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": -189, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingfilterm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -211, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingfilterm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -210, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingfilter", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -200, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingfilterp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -190, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingfilterp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -189, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingdstnatm11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -311, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingdstnatm10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -310, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingdstnat", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -300, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingdstnatp10", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -290, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "preroutingdstnatp11", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -289, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputoutm11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 89, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputoutm10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 90, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputout", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 100, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputoutp10", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 110, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "outputoutp11", + "handle": 0, + "type": "filter", + "hook": "output", + "prio": 111, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingsrcnatm11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 289, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingsrcnatm10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 290, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingsrcnat", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 300, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingsrcnatp10", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 310, + "policy": "accept" + } + }, + { + "chain": { + "family": "bridge", + "table": "x", + "name": "postroutingsrcnatp11", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": 311, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.nft b/tests/shell/testcases/chains/dumps/0021prio_0.nft index ca94d441..4297d246 100644 --- a/tests/shell/testcases/chains/dumps/0021prio_0.nft +++ b/tests/shell/testcases/chains/dumps/0021prio_0.nft @@ -1382,6 +1382,26 @@ table netdev x { chain ingressfilterp11 { type filter hook ingress device "lo" priority 11; policy accept; } + + chain egressfilterm11 { + type filter hook egress device "lo" priority -11; policy accept; + } + + chain egressfilterm10 { + type filter hook egress device "lo" priority filter - 10; policy accept; + } + + chain egressfilter { + type filter hook egress device "lo" priority filter; policy accept; + } + + chain egressfilterp10 { + type filter hook egress device "lo" priority filter + 10; policy accept; + } + + chain egressfilterp11 { + type filter hook egress device "lo" priority 11; policy accept; + } } table bridge x { chain preroutingfilterm11 { diff --git a/tests/shell/testcases/chains/dumps/0022prio_dummy_1.json-nft b/tests/shell/testcases/chains/dumps/0022prio_dummy_1.json-nft new file mode 100644 index 00000000..15ec0aac --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0022prio_dummy_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0022prio_dummy_1.nft b/tests/shell/testcases/chains/dumps/0022prio_dummy_1.nft new file mode 100644 index 00000000..5d4d2caf --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0022prio_dummy_1.nft @@ -0,0 +1,2 @@ +table ip x { +} diff --git a/tests/shell/testcases/chains/dumps/0023prio_inet_srcnat_1.json-nft b/tests/shell/testcases/chains/dumps/0023prio_inet_srcnat_1.json-nft new file mode 100644 index 00000000..72e0d438 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0023prio_inet_srcnat_1.json-nft @@ -0,0 +1,32 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "x", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0023prio_inet_srcnat_1.nft b/tests/shell/testcases/chains/dumps/0023prio_inet_srcnat_1.nft new file mode 100644 index 00000000..46912eaa --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0023prio_inet_srcnat_1.nft @@ -0,0 +1,6 @@ +table ip x { +} +table ip6 x { +} +table inet x { +} diff --git a/tests/shell/testcases/chains/dumps/0024prio_inet_dstnat_1.json-nft b/tests/shell/testcases/chains/dumps/0024prio_inet_dstnat_1.json-nft new file mode 100644 index 00000000..72e0d438 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0024prio_inet_dstnat_1.json-nft @@ -0,0 +1,32 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "table": { + "family": "ip6", + "name": "x", + "handle": 0 + } + }, + { + "table": { + "family": "inet", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0024prio_inet_dstnat_1.nft b/tests/shell/testcases/chains/dumps/0024prio_inet_dstnat_1.nft new file mode 100644 index 00000000..46912eaa --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0024prio_inet_dstnat_1.nft @@ -0,0 +1,6 @@ +table ip x { +} +table ip6 x { +} +table inet x { +} diff --git a/tests/shell/testcases/chains/dumps/0025prio_arp_1.json-nft b/tests/shell/testcases/chains/dumps/0025prio_arp_1.json-nft new file mode 100644 index 00000000..17410e32 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0025prio_arp_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "arp", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0025prio_arp_1.nft b/tests/shell/testcases/chains/dumps/0025prio_arp_1.nft new file mode 100644 index 00000000..7483cdaa --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0025prio_arp_1.nft @@ -0,0 +1,2 @@ +table arp x { +} diff --git a/tests/shell/testcases/chains/dumps/0026prio_netdev_1.json-nft b/tests/shell/testcases/chains/dumps/0026prio_netdev_1.json-nft new file mode 100644 index 00000000..7d78bd67 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0026prio_netdev_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0026prio_netdev_1.nft b/tests/shell/testcases/chains/dumps/0026prio_netdev_1.nft new file mode 100644 index 00000000..aa571e00 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0026prio_netdev_1.nft @@ -0,0 +1,2 @@ +table netdev x { +} diff --git a/tests/shell/testcases/chains/dumps/0027prio_bridge_dstnat_1.json-nft b/tests/shell/testcases/chains/dumps/0027prio_bridge_dstnat_1.json-nft new file mode 100644 index 00000000..af6ff0a4 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0027prio_bridge_dstnat_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "bridge", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0027prio_bridge_dstnat_1.nft b/tests/shell/testcases/chains/dumps/0027prio_bridge_dstnat_1.nft new file mode 100644 index 00000000..d17be818 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0027prio_bridge_dstnat_1.nft @@ -0,0 +1,2 @@ +table bridge x { +} diff --git a/tests/shell/testcases/chains/dumps/0028prio_bridge_out_1.json-nft b/tests/shell/testcases/chains/dumps/0028prio_bridge_out_1.json-nft new file mode 100644 index 00000000..af6ff0a4 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0028prio_bridge_out_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "bridge", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0028prio_bridge_out_1.nft b/tests/shell/testcases/chains/dumps/0028prio_bridge_out_1.nft new file mode 100644 index 00000000..d17be818 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0028prio_bridge_out_1.nft @@ -0,0 +1,2 @@ +table bridge x { +} diff --git a/tests/shell/testcases/chains/dumps/0029prio_bridge_srcnat_1.json-nft b/tests/shell/testcases/chains/dumps/0029prio_bridge_srcnat_1.json-nft new file mode 100644 index 00000000..af6ff0a4 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0029prio_bridge_srcnat_1.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "bridge", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0029prio_bridge_srcnat_1.nft b/tests/shell/testcases/chains/dumps/0029prio_bridge_srcnat_1.nft new file mode 100644 index 00000000..d17be818 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0029prio_bridge_srcnat_1.nft @@ -0,0 +1,2 @@ +table bridge x { +} diff --git a/tests/shell/testcases/chains/dumps/0030create_0.json-nft b/tests/shell/testcases/chains/dumps/0030create_0.json-nft new file mode 100644 index 00000000..b6088c80 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0030create_0.json-nft @@ -0,0 +1,26 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "x", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "x", + "name": "y", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0031priority_variable_0.json-nft b/tests/shell/testcases/chains/dumps/0031priority_variable_0.json-nft new file mode 100644 index 00000000..9572eda3 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0031priority_variable_0.json-nft @@ -0,0 +1,30 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "global", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "global", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0031priority_variable_0.nft b/tests/shell/testcases/chains/dumps/0031priority_variable_0.nft new file mode 100644 index 00000000..f4093097 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0031priority_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0032priority_variable_0.json-nft b/tests/shell/testcases/chains/dumps/0032priority_variable_0.json-nft new file mode 100644 index 00000000..3044a668 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0032priority_variable_0.json-nft @@ -0,0 +1,54 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "global", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "global", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 10, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "global", + "name": "forward", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "global", + "name": "postrouting", + "handle": 0, + "type": "filter", + "hook": "postrouting", + "prio": -10, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0032priority_variable_0.nft b/tests/shell/testcases/chains/dumps/0032priority_variable_0.nft new file mode 100644 index 00000000..1a1b0794 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0032priority_variable_0.nft @@ -0,0 +1,13 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain forward { + type filter hook prerouting priority dstnat; policy accept; + } + + chain postrouting { + type filter hook postrouting priority filter - 10; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0033priority_variable_1.json-nft b/tests/shell/testcases/chains/dumps/0033priority_variable_1.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0033priority_variable_1.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0033priority_variable_1.nft b/tests/shell/testcases/chains/dumps/0033priority_variable_1.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0033priority_variable_1.nft diff --git a/tests/shell/testcases/chains/dumps/0034priority_variable_1.json-nft b/tests/shell/testcases/chains/dumps/0034priority_variable_1.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0034priority_variable_1.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0034priority_variable_1.nft b/tests/shell/testcases/chains/dumps/0034priority_variable_1.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0034priority_variable_1.nft diff --git a/tests/shell/testcases/chains/dumps/0035policy_variable_0.json-nft b/tests/shell/testcases/chains/dumps/0035policy_variable_0.json-nft new file mode 100644 index 00000000..9572eda3 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0035policy_variable_0.json-nft @@ -0,0 +1,30 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "global", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "global", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0035policy_variable_0.nft b/tests/shell/testcases/chains/dumps/0035policy_variable_0.nft new file mode 100644 index 00000000..f4093097 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0035policy_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0036policy_variable_0.json-nft b/tests/shell/testcases/chains/dumps/0036policy_variable_0.json-nft new file mode 100644 index 00000000..fc688463 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0036policy_variable_0.json-nft @@ -0,0 +1,30 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "global", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "global", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": 0, + "policy": "drop" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0036policy_variable_0.nft b/tests/shell/testcases/chains/dumps/0036policy_variable_0.nft new file mode 100644 index 00000000..d729e1ea --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0036policy_variable_0.nft @@ -0,0 +1,5 @@ +table inet global { + chain prerouting { + type filter hook prerouting priority filter; policy drop; + } +} diff --git a/tests/shell/testcases/chains/dumps/0037policy_variable_1.json-nft b/tests/shell/testcases/chains/dumps/0037policy_variable_1.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0037policy_variable_1.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0037policy_variable_1.nft b/tests/shell/testcases/chains/dumps/0037policy_variable_1.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0037policy_variable_1.nft diff --git a/tests/shell/testcases/chains/dumps/0038policy_variable_1.json-nft b/tests/shell/testcases/chains/dumps/0038policy_variable_1.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0038policy_variable_1.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0038policy_variable_1.nft b/tests/shell/testcases/chains/dumps/0038policy_variable_1.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0038policy_variable_1.nft diff --git a/tests/shell/testcases/chains/dumps/0039negative_priority_0.json-nft b/tests/shell/testcases/chains/dumps/0039negative_priority_0.json-nft new file mode 100644 index 00000000..94218a8d --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0039negative_priority_0.json-nft @@ -0,0 +1,30 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": -30, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0039negative_priority_0.nft b/tests/shell/testcases/chains/dumps/0039negative_priority_0.nft new file mode 100644 index 00000000..20f8272a --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0039negative_priority_0.nft @@ -0,0 +1,5 @@ +table ip t { + chain c { + type filter hook input priority -30; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft b/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft deleted file mode 100644 index 52d59d2c..00000000 --- a/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft +++ /dev/null @@ -1,6 +0,0 @@ -table ip t { - chain c { - type filter hook output priority mangle; policy accept; - oif "lo" ct mark set (meta mark | 0x00000010) << 8 - } -} diff --git a/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft b/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft deleted file mode 100644 index 56ec8dc7..00000000 --- a/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft +++ /dev/null @@ -1,6 +0,0 @@ -table ip t { - chain c { - type filter hook input priority mangle; policy accept; - iif "lo" ct mark & 0x000000ff == 0x00000010 meta mark set ct mark >> 8 - } -} diff --git a/tests/shell/testcases/chains/dumps/0041chain_binding_0.nft b/tests/shell/testcases/chains/dumps/0041chain_binding_0.nft new file mode 100644 index 00000000..520203d8 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0041chain_binding_0.nft @@ -0,0 +1,12 @@ +table inet x { + chain y { + type filter hook input priority filter; policy accept; + meta l4proto { tcp, udp } th dport 53 jump { + ip saddr { 127.0.0.0/8, 172.23.0.0/16, 192.168.13.0/24 } counter packets 0 bytes 0 accept + ip6 saddr ::1 counter packets 0 bytes 0 accept + } + meta l4proto ipv6-icmp jump { + counter packets 0 bytes 0 accept + } + } +} diff --git a/tests/shell/testcases/chains/dumps/0042chain_variable_0.json-nft b/tests/shell/testcases/chains/dumps/0042chain_variable_0.json-nft new file mode 100644 index 00000000..4059e85b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0042chain_variable_0.json-nft @@ -0,0 +1,90 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "filter1", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "filter1", + "name": "Main_Ingress1", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": -500, + "policy": "accept" + } + }, + { + "table": { + "family": "netdev", + "name": "filter2", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "filter2", + "name": "Main_Ingress2", + "handle": 0, + "dev": [ + "d23456789012345", + "lo" + ], + "type": "filter", + "hook": "ingress", + "prio": -500, + "policy": "accept" + } + }, + { + "table": { + "family": "netdev", + "name": "filter3", + "handle": 0 + } + }, + { + "chain": { + "family": "netdev", + "table": "filter3", + "name": "Main_Ingress3", + "handle": 0, + "dev": [ + "d23456789012345", + "lo" + ], + "type": "filter", + "hook": "ingress", + "prio": -500, + "policy": "accept" + } + }, + { + "chain": { + "family": "netdev", + "table": "filter3", + "name": "Main_Egress3", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "egress", + "prio": -500, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft new file mode 100644 index 00000000..84a908d3 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft @@ -0,0 +1,19 @@ +table netdev filter1 { + chain Main_Ingress1 { + type filter hook ingress device "lo" priority -500; policy accept; + } +} +table netdev filter2 { + chain Main_Ingress2 { + type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept; + } +} +table netdev filter3 { + chain Main_Ingress3 { + type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept; + } + + chain Main_Egress3 { + type filter hook egress device "lo" priority -500; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0043chain_ingress_0.json-nft b/tests/shell/testcases/chains/dumps/0043chain_ingress_0.json-nft new file mode 100644 index 00000000..6753658e --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0043chain_ingress_0.json-nft @@ -0,0 +1,55 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "ingress", + "handle": 0, + "dev": "lo", + "type": "filter", + "hook": "ingress", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "forward", + "handle": 0, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0043chain_ingress_0.nft b/tests/shell/testcases/chains/dumps/0043chain_ingress_0.nft new file mode 100644 index 00000000..8483b265 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0043chain_ingress_0.nft @@ -0,0 +1,13 @@ +table inet filter { + chain ingress { + type filter hook ingress device "lo" priority filter; policy accept; + } + + chain input { + type filter hook input priority filter; policy accept; + } + + chain forward { + type filter hook forward priority filter; policy accept; + } +} diff --git a/tests/shell/testcases/chains/dumps/0044chain_destroy_0.json-nft b/tests/shell/testcases/chains/dumps/0044chain_destroy_0.json-nft new file mode 100644 index 00000000..e0e56fec --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0044chain_destroy_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/0044chain_destroy_0.nft b/tests/shell/testcases/chains/dumps/0044chain_destroy_0.nft new file mode 100644 index 00000000..985768ba --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0044chain_destroy_0.nft @@ -0,0 +1,2 @@ +table ip t { +} diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_0.json-nft b/tests/shell/testcases/chains/dumps/netdev_chain_0.json-nft new file mode 100644 index 00000000..7d78bd67 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_0.json-nft @@ -0,0 +1,18 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "netdev", + "name": "x", + "handle": 0 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_0.nft b/tests/shell/testcases/chains/dumps/netdev_chain_0.nft new file mode 100644 index 00000000..aa571e00 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_0.nft @@ -0,0 +1,2 @@ +table netdev x { +} diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_autoremove.json-nft b/tests/shell/testcases/chains/dumps/netdev_chain_autoremove.json-nft new file mode 100644 index 00000000..546cc597 --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_autoremove.json-nft @@ -0,0 +1,11 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + } + ] +} diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_autoremove.nft b/tests/shell/testcases/chains/dumps/netdev_chain_autoremove.nft new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_autoremove.nft diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_dev_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_chain_dev_gone.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_dev_gone.nodump diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_multidev_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_chain_multidev_gone.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_multidev_gone.nodump diff --git a/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump diff --git a/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump diff --git a/tests/shell/testcases/chains/netdev_chain_0 b/tests/shell/testcases/chains/netdev_chain_0 new file mode 100755 index 00000000..a323e6ec --- /dev/null +++ b/tests/shell/testcases/chains/netdev_chain_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_without_device) + +set -e + +iface_cleanup() { + ip link del d0 &>/dev/null || : + ip link del d1 &>/dev/null || : + ip link del d2 &>/dev/null || : +} +trap 'iface_cleanup' EXIT +iface_cleanup + +ip link add d0 type dummy +ip link add d1 type dummy +ip link add d2 type dummy + +RULESET="table netdev x { + chain y { + type filter hook ingress priority 0; policy accept; + } +}" + +$NFT -f - <<< "$RULESET" + +$NFT add chain netdev x y '{ devices = { d0 }; }' +$NFT add chain netdev x y '{ devices = { d1, d2, lo }; }' +$NFT delete chain netdev x y '{ devices = { lo }; }' diff --git a/tests/shell/testcases/chains/netdev_chain_autoremove b/tests/shell/testcases/chains/netdev_chain_autoremove new file mode 100755 index 00000000..21f3ad29 --- /dev/null +++ b/tests/shell/testcases/chains/netdev_chain_autoremove @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +# Test auto-removal of chain hook on netns removal +unshare -n bash -e -c "ip link add br0 type bridge; \ + $NFT add table netdev test; \ + $NFT add chain netdev test ingress { type filter hook ingress device \"br0\" priority 0\; policy drop\; } ; \ +" diff --git a/tests/shell/testcases/chains/netdev_chain_dev_gone b/tests/shell/testcases/chains/netdev_chain_dev_gone new file mode 100755 index 00000000..99933a31 --- /dev/null +++ b/tests/shell/testcases/chains/netdev_chain_dev_gone @@ -0,0 +1,34 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_inet_ingress) + +set -e + +iface_cleanup() { + ip link del d0 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +ip link add d0 type dummy + +load_ruleset() { + family=$1 + + # Test auto-removal of chain hook on device removal + RULESET="table $family x { + chain x {} + chain w { + ip daddr 8.7.6.0/24 jump x + } + chain y { + type filter hook ingress device \"d0\" priority 0; + ip saddr { 1.2.3.4, 2.3.4.5 } counter + ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x } + } +}" + $NFT -c -f - <<< $RULESET + $NFT -f - <<< $RULESET +} + +load_ruleset "inet" +load_ruleset "netdev" diff --git a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove new file mode 100755 index 00000000..3093ce25 --- /dev/null +++ b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove @@ -0,0 +1,11 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice) + +set -e + +ip link add dummy0 type dummy +ip link add dummy1 type dummy +$NFT add table netdev test { flags dormant\; } +$NFT add chain netdev test ingress { type filter hook ingress devices = { "dummy0", "dummy1" } priority 0\; policy drop\; } +ip link del dummy0 diff --git a/tests/shell/testcases/chains/netdev_chain_multidev_gone b/tests/shell/testcases/chains/netdev_chain_multidev_gone new file mode 100755 index 00000000..e82698a7 --- /dev/null +++ b/tests/shell/testcases/chains/netdev_chain_multidev_gone @@ -0,0 +1,41 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_chain_binding) +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice) + +set -e + +iface_cleanup() { + ip link del d0 &>/dev/null || : + ip link del d1 &>/dev/null || : + ip link del d2 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +ip link add d0 type dummy +ip link add d1 type dummy +ip link add d2 type dummy + +load_ruleset() { + family=$1 + + # Test auto-removal of chain hook on device removal + RULESET="table $family x { + chain x {} + chain w { + ip daddr 8.7.6.0/24 jump { + ip daddr vmap { 8.7.6.3 : jump x, 8.7.6.4 : jump x } + } + } + chain y { + type filter hook ingress devices = { d0, d1, d2 } priority 0; + ip saddr { 1.2.3.4, 2.3.4.5 } counter + ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x } + } +}" + $NFT -c -f - <<< $RULESET + $NFT -f - <<< $RULESET +} + +load_ruleset "inet" +load_ruleset "netdev" diff --git a/tests/shell/testcases/chains/netdev_multidev_netns_gone b/tests/shell/testcases/chains/netdev_multidev_netns_gone new file mode 100755 index 00000000..31ab29bd --- /dev/null +++ b/tests/shell/testcases/chains/netdev_multidev_netns_gone @@ -0,0 +1,43 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_chain_binding) +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice) + +set -e + +rnd=$(mktemp -u XXXXXXXX) +ns1="nft1ns-$rnd" + +iface_cleanup() { + ip netns del $ns1 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +load_ruleset() { + family=$1 + + ip netns add $ns1 + ip -net $ns1 link add d0 type dummy + ip -net $ns1 link add d1 type dummy + ip -net $ns1 link add d2 type dummy + + # Test auto-removal of chain hook on device removal + RULESET="table $family x { + chain x {} + chain w { + ip daddr 8.7.6.0/24 jump { + ip daddr vmap { 8.7.6.3 : jump x, 8.7.6.4 : jump x } + } + } + chain y { + type filter hook ingress devices = { d0, d1, d2 } priority 0; + ip saddr { 1.2.3.4, 2.3.4.5 } counter + ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x } + } +}" + ip netns exec $ns1 $NFT -f - <<< $RULESET + ip netns del $ns1 +} + +load_ruleset "inet" +load_ruleset "netdev" diff --git a/tests/shell/testcases/chains/netdev_netns_gone b/tests/shell/testcases/chains/netdev_netns_gone new file mode 100755 index 00000000..3a92c99e --- /dev/null +++ b/tests/shell/testcases/chains/netdev_netns_gone @@ -0,0 +1,37 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_inet_ingress) + +set -e + +rnd=$(mktemp -u XXXXXXXX) +ns1="nft1ns-$rnd" + +iface_cleanup() { + ip netns del $ns1 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +load_ruleset() { + family=$1 + + ip netns add $ns1 + ip -net $ns1 link add d0 type dummy + + RULESET="table $family x { + chain x {} + chain w { + ip daddr 8.7.6.0/24 jump x + } + chain y { + type filter hook ingress device \"d0\" priority 0; + ip saddr { 1.2.3.4, 2.3.4.5 } counter + ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x } + } +}" + ip netns exec $ns1 $NFT -f - <<< $RULESET + ip netns del $ns1 +} + +load_ruleset "inet" +load_ruleset "netdev" |