From 7fa2b0534745f53881ec74a0a73d4f870ea4b026 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 22 Mar 2016 14:06:09 +0100 Subject: tests/shell: add chain validations tests Some basic test regarding chains: jumps and validations. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/chains/0001jumps_0 | 17 +++++++++++++++++ tests/shell/testcases/chains/0002jumps_1 | 22 ++++++++++++++++++++++ tests/shell/testcases/chains/0003jump_loop_1 | 21 +++++++++++++++++++++ tests/shell/testcases/chains/0004busy_1 | 11 +++++++++++ tests/shell/testcases/chains/0005busy_map_1 | 11 +++++++++++ tests/shell/testcases/chains/0006masquerade_0 | 7 +++++++ tests/shell/testcases/chains/0007masquerade_1 | 9 +++++++++ tests/shell/testcases/chains/0008masquerade_jump_1 | 11 +++++++++++ tests/shell/testcases/chains/0009masquerade_jump_1 | 11 +++++++++++ 9 files changed, 120 insertions(+) create mode 100755 tests/shell/testcases/chains/0001jumps_0 create mode 100755 tests/shell/testcases/chains/0002jumps_1 create mode 100755 tests/shell/testcases/chains/0003jump_loop_1 create mode 100755 tests/shell/testcases/chains/0004busy_1 create mode 100755 tests/shell/testcases/chains/0005busy_map_1 create mode 100755 tests/shell/testcases/chains/0006masquerade_0 create mode 100755 tests/shell/testcases/chains/0007masquerade_1 create mode 100755 tests/shell/testcases/chains/0008masquerade_jump_1 create mode 100755 tests/shell/testcases/chains/0009masquerade_jump_1 (limited to 'tests') diff --git a/tests/shell/testcases/chains/0001jumps_0 b/tests/shell/testcases/chains/0001jumps_0 new file mode 100755 index 00000000..b39df386 --- /dev/null +++ b/tests/shell/testcases/chains/0001jumps_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e + +MAX_JUMPS=16 + +$NFT add table t + +for i in $(seq 1 $MAX_JUMPS) +do + $NFT add chain t c${i} +done + +for i in $(seq 1 $((MAX_JUMPS - 1))) +do + $NFT add rule t c${i} jump c$((i + 1)) +done diff --git a/tests/shell/testcases/chains/0002jumps_1 b/tests/shell/testcases/chains/0002jumps_1 new file mode 100755 index 00000000..0cc89288 --- /dev/null +++ b/tests/shell/testcases/chains/0002jumps_1 @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +MAX_JUMPS=16 + +$NFT add table t + +for i in $(seq 1 $MAX_JUMPS) +do + $NFT add chain t c${i} +done + +for i in $(seq 1 $((MAX_JUMPS - 1))) +do + $NFT add rule t c${i} jump c$((i + 1)) +done + +# this last jump should fail: too many links +$NFT add chain t c$((MAX_JUMPS + 1)) +$NFT add rule t c${MAX_JUMPS} jump c$((MAX_JUMPS + 1)) 2>/dev/null +echo "E: max jumps ignored?" >&2 diff --git a/tests/shell/testcases/chains/0003jump_loop_1 b/tests/shell/testcases/chains/0003jump_loop_1 new file mode 100755 index 00000000..f74361f2 --- /dev/null +++ b/tests/shell/testcases/chains/0003jump_loop_1 @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +MAX_JUMPS=16 + +$NFT add table t + +for i in $(seq 1 $MAX_JUMPS) +do + $NFT add chain t c${i} +done + +for i in $(seq 1 $((MAX_JUMPS - 1))) +do + $NFT add rule t c${i} jump c$((i + 1)) +done + +# this last jump should fail: loop +$NFT add rule t c${MAX_JUMPS} jump c1 2>/dev/null +echo "E: loop of jumps ignored?" >&2 diff --git a/tests/shell/testcases/chains/0004busy_1 b/tests/shell/testcases/chains/0004busy_1 new file mode 100755 index 00000000..cc9a0dad --- /dev/null +++ b/tests/shell/testcases/chains/0004busy_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 +$NFT add chain t c2 +$NFT add rule t c1 jump c2 +# kernel should return EBUSY +$NFT delete chain t c2 2>/dev/null +echo "E: deleted a busy chain?" >&2 diff --git a/tests/shell/testcases/chains/0005busy_map_1 b/tests/shell/testcases/chains/0005busy_map_1 new file mode 100755 index 00000000..93eca827 --- /dev/null +++ b/tests/shell/testcases/chains/0005busy_map_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 +$NFT add chain t c2 +$NFT add rule t c1 tcp dport vmap { 1 : jump c2 } +# kernel should return EBUSY +$NFT delete chain t c2 2>/dev/null +echo "E: deleted a busy chain?" >&2 diff --git a/tests/shell/testcases/chains/0006masquerade_0 b/tests/shell/testcases/chains/0006masquerade_0 new file mode 100755 index 00000000..79349988 --- /dev/null +++ b/tests/shell/testcases/chains/0006masquerade_0 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 {type nat hook postrouting priority 0 \; } +$NFT add rule t c1 masquerade diff --git a/tests/shell/testcases/chains/0007masquerade_1 b/tests/shell/testcases/chains/0007masquerade_1 new file mode 100755 index 00000000..4e98d106 --- /dev/null +++ b/tests/shell/testcases/chains/0007masquerade_1 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 {type filter hook output priority 0 \; } +# wrong hook output, only postrouting is valid +$NFT add rule t c1 masquerade 2>/dev/null +echo "E: accepted masquerade in output hook" >&2 diff --git a/tests/shell/testcases/chains/0008masquerade_jump_1 b/tests/shell/testcases/chains/0008masquerade_jump_1 new file mode 100755 index 00000000..7754ed03 --- /dev/null +++ b/tests/shell/testcases/chains/0008masquerade_jump_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t output {type nat hook output priority 0 \; } +$NFT add chain t c1 +$NFT add rule t c1 masquerade +# kernel should return EOPNOTSUPP +$NFT add rule t output jump c1 2>/dev/null +echo "E: accepted masquerade in output hook" >&2 diff --git a/tests/shell/testcases/chains/0009masquerade_jump_1 b/tests/shell/testcases/chains/0009masquerade_jump_1 new file mode 100755 index 00000000..684d4417 --- /dev/null +++ b/tests/shell/testcases/chains/0009masquerade_jump_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t output {type nat hook output priority 0 \; } +$NFT add chain t c1 +$NFT add rule t c1 masquerade +# kernel should return EOPNOTSUPP +$NFT add rule t output tcp dport vmap {1 :jump c1 } 2>/dev/null +echo "E: accepted masquerade in output hook in a vmap" >&2 -- cgit v1.2.3