summaryrefslogtreecommitdiffstats
path: root/tests/py/ip/ct.t.json
Commit message (Collapse)AuthorAgeFilesLines
* tests: py: extend test-cases for mark statements with bitwise expressionsPablo Neira Ayuso2023-03-281-0/+96
| | | | | | | | | | Add more tests to cover bitwise operation. Shift operations are used on constant value which are reduced at evaluation time. Shift takes precendence over AND and OR operations, otherwise use parens to override this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: py: add test-cases for ct and packet mark payload expressionsJeremy Sowden2023-03-281-0/+58
| | | | | | | | Add new test-cases to verify that defining a rule that sets the ct or packet mark to a value derived from a payload works correctly. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* json: ct: add missing test inputFlorian Westphal2021-01-261-0/+79
| | | | | | | ERROR: did not find JSON equivalent for rule 'meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e }' ERROR: did not find JSON equivalent for rule 'ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 }' Signed-off-by: Florian Westphal <fw@strlen.de>
* json: ct: add missing ruleFlorian Westphal2021-01-211-0/+30
| | | | | | ERROR: did not find JSON equivalent for rule 'meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 }' Signed-off-by: Florian Westphal <fw@strlen.de>
* ct: support for NFT_CT_{SRC,DST}_{IP,IP6}Pablo Neira Ayuso2019-06-211-16/+8
| | | | | | | | | | | | | | | | | These keys are available since kernel >= 4.17. You can still use NFT_CT_{SRC,DST}, however, you need to specify 'meta protocol' in first place to provide layer 3 context. Note that NFT_CT_{SRC,DST} are broken with set, maps and concatenations. This patch is implicitly fixing these cases. If your kernel is < 4.17, you can still use address matching via explicit meta nfproto: meta nfproto ipv4 ct original saddr 1.2.3.4 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Make match op mandatory, introduce 'in' operatorPhil Sutter2018-08-301-0/+13
| | | | | | | | This special operator is required for cases where missing operator does not lead to same results as equal operator, i.e. with bitmasks on RHS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Support testing JSON input and output as wellPhil Sutter2018-05-111-0/+213
This extends nft-test.py by optional JSON testing capabilities, activated via '-j'/'--enable-json' parameter). JSON testing happens for all rules which are supposed to work: After a rule has been added and the existing tests (payload, ruleset listing output) have been performed, basically the same test is done again using a recorded JSON equivalent and (if necessary) a recorded listing output. The code tries to ease new test case creation overhead by auto-generating JSON equivalent input via listing the (non-JSON) rule in JSON format. Also, differing netlink debug and listing output are stored in *.got files to assist in analyzing/fixing failing test cases. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>