summaryrefslogtreecommitdiffstats
path: root/tests/py/ip6/icmpv6.t.json
Commit message (Collapse)AuthorAgeFilesLines
* tests: py: complete icmp and icmpv6 updatePablo Neira Ayuso2024-04-041-4/+4
| | | | | | | Update json update and leftover payload update to complete 5fecd2a6ef61 ("src: disentangle ICMP code types"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* icmpv6: Allow matching target address in NS/NA, redirect and MLDNicolas Cavallari2023-10-061-0/+260
| | | | | | | | | | | | | | | It was currently not possible to match the target address of a neighbor solicitation or neighbor advertisement against a dynamic set, unlike in IPv4. Since they are many ICMPv6 messages with an address at the same offset, allow filtering on the target address for all icmp types that have one. While at it, also allow matching the destination address of an ICMPv6 redirect. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: add a icmp-reply only and icmpv6 id test casesFlorian Westphal2021-06-171-0/+61
| | | | | | | | | | | | | | | | | | Check that nft doesn't remove the dependency in these cases: icmp type echo-reply icmp id 1 ("icmp id" matches both echo request and reply). Add icmpv6 test cases. These fail without the previous patches: add rule ip6 test-ip6 input icmpv6 id 1: 'icmpv6 id 1' mismatches 'icmpv6 type { echo-request, echo-reply} icmpv6 parameter-problem 65536/16' add rule ip6 test-ip6 input icmpv6 type echo-reply icmpv6 id 65534': 'icmpv6 type echo-reply icmpv6 id 65534' mismatches 'icmpv6 type echo-reply @th,32,16 65534' Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: remove redundant test casesFlorian Westphal2021-06-071-240/+0
| | | | | | | | | | | | | Check for ... 23-42 ... ... { 23-42 } ... and remove the latter. Followup patch will translate the former to the latter during evaluation step to avoid the unneded anon set. A separate test case will be added that checks for such rewrites. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/py: Add a test sanitizer and fix its findingsPhil Sutter2021-02-041-6/+5
| | | | | | | | | | | | | | | | This is just basic housekeeping: - Remove duplicate tests in any of the *.t files - Remove explicit output if equal to command itself in *.t files - Remove duplicate payload records in any of the *.t.payload* files - Remove stale payload records (for which no commands exist in the respective *.t file - Remove duplicate/stale entries in any of the *.t.json files In some cases, tests were added instead of removing a stale payload record if it fit nicely into the sequence of tests. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: add icmp/6 test where dependency should be left aloneFlorian Westphal2021-02-011-0/+28
| | | | | | These tests fail: nft should leave the type as-is. Signed-off-by: Florian Westphal <fw@strlen.de>
* json: fix icmpv6.t test casesFlorian Westphal2021-01-211-6/+21
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* Revert "tests: py: remove single-value-anon-set test cases"Pablo Neira Ayuso2019-05-241-0/+241
| | | | This reverts commit d03bcb669c0c645190df9bd166f53380bcac7862.
* tests: py: remove single-value-anon-set test casesFlorian Westphal2019-05-191-241/+0
| | | | | | | | future change will rewrite all single-element anon sets to a cmp op. Retain a few test cases to later check that the rewrite is correct, but remove all others. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/py: Fix JSON for icmp*.tPhil Sutter2018-09-131-3/+3
| | | | | | | | | A recent change to ip/icmp.t and ip6/icmpv6.t did not update JSON equivalents accordingly, fix this. Fixes: 0f44d4f627535 ("proto: fix icmp/icmpv6 code datatype") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* JSON: Make match op mandatory, introduce 'in' operatorPhil Sutter2018-08-301-0/+45
| | | | | | | | This special operator is required for cases where missing operator does not lead to same results as equal operator, i.e. with bitmasks on RHS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Review payload expressionPhil Sutter2018-08-301-59/+59
| | | | | | | | | | | For raw payloads, property "name" is not needed, it's clearly identified by base/offset/len properties. In non-raw payload expressions, rename property "name" to "protocol" as suggested during NFWS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Support testing JSON input and output as wellPhil Sutter2018-05-111-0/+1257
This extends nft-test.py by optional JSON testing capabilities, activated via '-j'/'--enable-json' parameter). JSON testing happens for all rules which are supposed to work: After a rule has been added and the existing tests (payload, ruleset listing output) have been performed, basically the same test is done again using a recorded JSON equivalent and (if necessary) a recorded listing output. The code tries to ease new test case creation overhead by auto-generating JSON equivalent input via listing the (non-JSON) rule in JSON format. Also, differing netlink debug and listing output are stored in *.got files to assist in analyzing/fixing failing test cases. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>