summaryrefslogtreecommitdiffstats
path: root/tests/py/ip/ip.t
Commit message (Collapse)AuthorAgeFilesLines
* src: quote user-defined strings when used from rule selectorsPablo Neira Ayuso2016-08-181-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The following selectors display strings using quotes: * meta iifname * meta oifname * meta ibriport * meta obriport However, the following do not: * meta oif * meta iif * meta skuid * meta skgid * meta iifgroup * meta oifgroup * meta rtclassid * ct label Given they refer to user-defined values, neither keywords nor internal built-in known values, let's quote the output of this. This patch modifies symbolic_constant_print() so we can signal this to indicate if the string needs to be quoted. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: ip payload set support for ecn and dscpFlorian Westphal2016-08-011-0/+5
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: add basic payload testsFlorian Westphal2016-07-211-0/+5
| | | | | | | | | | payload set operations should work at least for byte-sized quantities >= 2 byte. Before adding support for odd-sized writes (ecn, dscp, ip6 flowlabel ...) add a bunch of tests to cover current state. Signed-off-by: Florian Westphal <fw@strlen.de>
* payload: don't update protocol context if we can't find a descriptionFlorian Westphal2016-06-071-0/+3
| | | | | | | | | | | | | | Since commit 20b1131c07acd2fc ("payload: fix stacked headers protocol context tracking") we deref null pointer if we can't find a description for the desired protocol, so "ip protocol 254" crashes while testing protocols 6 or 17 (tcp, udp) works. Also add a test case for this. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1072 Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add dscp supportPablo Neira Ayuso2016-05-111-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This supports both IPv4: # nft --debug=netlink add rule filter forward ip dscp cs1 counter ip filter forward [ payload load 1b @ network header + 1 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000080 ] [ counter pkts 0 bytes 0 ] And also IPv6, note that in this case we take two bytes from the payload: # nft --debug=netlink add rule ip6 filter input ip6 dscp cs4 counter ip6 filter input [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000008 ] [ counter pkts 0 bytes 0 ] Given the DSCP is split in two bytes, the less significant nibble of the first byte and the two most significant 2 bits of the second byte. The 8 bit traffic class in RFC2460 after the version field are used for DSCP (6 bit) and ECN (2 bit). Support for ECN comes in a follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: netdev family with ingress chainPablo Neira Ayuso2016-01-131-0/+2
| | | | | | | This patch enables tests for the new netdev family and its ingress chain. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: don't test log statement from protocol matchPablo Neira Ayuso2016-01-131-6/+6
| | | | | | | | | | | | I think this unit tests should be self-contained at some level. The shell/ directory should be used to catch regressions at ruleset level, ie. these kind of combinations. Another motivation is that I want that netdev/ingress gets tested (coming in a follow up patch), and we don't support log there yet, so I would need to skip this test for that case. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: update test files syntaxPablo M. Bermudo Garay2016-01-121-2/+3
| | | | | | | | The test files have been adapted to the syntax defined in the previous commit "tests/py: modify supported test file syntax" Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/: rearrange tests directoryArturo Borrero2015-12-151-0/+117
Rearrange the directory to obtain a better organization of files and tests-suites. We end with a tree like this: tests | .--- py .--- shell .--- files This was suggested by Pablo. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>