diff options
Diffstat (limited to 'tests/shell/testcases/packetpath/dumps')
7 files changed, 857 insertions, 0 deletions
diff --git a/tests/shell/testcases/packetpath/dumps/payload.nodump b/tests/shell/testcases/packetpath/dumps/payload.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/payload.nodump diff --git a/tests/shell/testcases/packetpath/dumps/policy.json-nft b/tests/shell/testcases/packetpath/dumps/policy.json-nft new file mode 100644 index 00000000..26e8a052 --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/policy.json-nft @@ -0,0 +1,121 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "underflow", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "drop" + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-reply" + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "127.0.0.1" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": "127.0.0.2" + } + }, + { + "counter": { + "packets": 3, + "bytes": 252 + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "goto": { + "target": "underflow" + } + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/packetpath/dumps/policy.nft b/tests/shell/testcases/packetpath/dumps/policy.nft new file mode 100644 index 00000000..e625ea6c --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/policy.nft @@ -0,0 +1,11 @@ +table inet filter { + chain underflow { + } + + chain input { + type filter hook input priority filter; policy drop; + icmp type echo-reply accept + ip saddr 127.0.0.1 ip daddr 127.0.0.2 counter packets 3 bytes 252 accept + goto underflow + } +} diff --git a/tests/shell/testcases/packetpath/dumps/set_lookups.json-nft b/tests/shell/testcases/packetpath/dumps/set_lookups.json-nft new file mode 100644 index 00000000..24363f90 --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/set_lookups.json-nft @@ -0,0 +1,674 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "t", + "handle": 0 + } + }, + { + "chain": { + "family": "ip", + "table": "t", + "name": "c", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "set": { + "family": "ip", + "name": "s", + "table": "t", + "type": [ + "ipv4_addr", + "iface_index" + ], + "handle": 0, + "flags": [ + "interval" + ], + "elem": [ + { + "concat": [ + "127.0.0.1", + "lo" + ] + }, + { + "concat": [ + "127.0.0.2", + "lo" + ] + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "s2", + "table": "t", + "type": [ + "ipv4_addr", + "iface_index" + ], + "handle": 0, + "elem": [ + { + "concat": [ + "127.0.0.1", + "lo" + ] + }, + { + "concat": [ + "127.0.0.2", + "lo" + ] + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "s3", + "table": "t", + "type": "iface_index", + "handle": 0, + "elem": [ + "lo" + ] + } + }, + { + "set": { + "family": "ip", + "name": "s4", + "table": "t", + "type": "iface_index", + "handle": 0, + "flags": [ + "interval" + ], + "elem": [ + "lo" + ] + } + }, + { + "set": { + "family": "ip", + "name": "nomatch", + "table": "t", + "type": [ + "ipv4_addr", + "iface_index" + ], + "handle": 0, + "elem": [ + { + "concat": [ + "127.0.0.3", + "lo" + ] + } + ] + } + }, + { + "set": { + "family": "ip", + "name": "nomatch2", + "table": "t", + "type": [ + "ipv4_addr", + "iface_index" + ], + "handle": 0, + "elem": [ + { + "concat": [ + "127.0.0.2", + "90000" + ] + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "meta": { + "key": "iif" + } + } + ] + }, + "right": "@s" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "lo" + ] + }, + "right": "@s" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "lo" + ] + }, + "right": "@s" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "meta": { + "key": "iif" + } + } + ] + }, + "right": "@s2" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "lo" + ] + }, + "right": "@s2" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "lo" + ] + }, + "right": "@s2" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "lo" + ] + }, + "right": "@s" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "lo" + ] + }, + "right": "@s2" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iif" + } + }, + "right": "@s3" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "icmp", + "field": "type" + } + }, + "right": "echo-request" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iif" + } + }, + "right": "@s4" + } + }, + { + "counter": { + "packets": 1, + "bytes": 84 + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "lo" + ] + }, + "right": "@nomatch" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "t", + "chain": "c", + "handle": 0, + "expr": [ + { + "match": { + "op": "==", + "left": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + { + "meta": { + "key": "iif" + } + } + ] + }, + "right": "@nomatch2" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + } + ] +} diff --git a/tests/shell/testcases/packetpath/dumps/set_lookups.nft b/tests/shell/testcases/packetpath/dumps/set_lookups.nft new file mode 100644 index 00000000..7566f557 --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/set_lookups.nft @@ -0,0 +1,51 @@ +table ip t { + set s { + type ipv4_addr . iface_index + flags interval + elements = { 127.0.0.1 . "lo", + 127.0.0.2 . "lo" } + } + + set s2 { + typeof ip saddr . iif + elements = { 127.0.0.1 . "lo", + 127.0.0.2 . "lo" } + } + + set s3 { + type iface_index + elements = { "lo" } + } + + set s4 { + type iface_index + flags interval + elements = { "lo" } + } + + set nomatch { + typeof ip saddr . iif + elements = { 127.0.0.3 . "lo" } + } + + set nomatch2 { + type ipv4_addr . iface_index + elements = { 127.0.0.2 . 90000 } + } + + chain c { + type filter hook input priority filter; policy accept; + icmp type echo-request ip saddr . iif @s counter packets 1 bytes 84 + icmp type echo-request ip saddr . "lo" @s counter packets 1 bytes 84 + icmp type echo-request ip saddr . "lo" @s counter packets 1 bytes 84 + icmp type echo-request ip saddr . iif @s2 counter packets 1 bytes 84 + icmp type echo-request ip saddr . "lo" @s2 counter packets 1 bytes 84 + icmp type echo-request ip saddr . "lo" @s2 counter packets 1 bytes 84 + icmp type echo-request ip daddr . "lo" @s counter packets 1 bytes 84 + icmp type echo-request ip daddr . "lo" @s2 counter packets 1 bytes 84 + icmp type echo-request iif @s3 counter packets 1 bytes 84 + icmp type echo-request iif @s4 counter packets 1 bytes 84 + ip daddr . "lo" @nomatch counter packets 0 bytes 0 drop + ip daddr . iif @nomatch2 counter packets 0 bytes 0 drop + } +} diff --git a/tests/shell/testcases/packetpath/dumps/tcp_options.nodump b/tests/shell/testcases/packetpath/dumps/tcp_options.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/tcp_options.nodump diff --git a/tests/shell/testcases/packetpath/dumps/vlan_8021ad_tag.nodump b/tests/shell/testcases/packetpath/dumps/vlan_8021ad_tag.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/packetpath/dumps/vlan_8021ad_tag.nodump |