summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xtests/iptables.sh9
-rw-r--r--tests/match_target.t8
2 files changed, 17 insertions, 0 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh
index 03d2e09..c5b9bf7 100755
--- a/tests/iptables.sh
+++ b/tests/iptables.sh
@@ -99,9 +99,18 @@ timeout)
$ipset n test hash:ip,port timeout 2
$cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist
;;
+mangle)
+ $ipset n test hash:net $family skbinfo 2>/dev/null
+ $ipset a test 10.255.0.0/16 skbmark 0x1234 2>/dev/null
+ $cmd -t mangle -A INPUT -j SET --map-set test src --map-mark
+ $cmd -t mangle -A INPUT -m mark --mark 0x1234 -j LOG --log-prefix "in set mark: "
+ $cmd -t mangle -A INPUT -s 10.255.0.0/16 -j DROP
+ ;;
stop)
$cmd -F
$cmd -X
+ $cmd -F -t mangle
+ $cmd -X -t mangle
$ipset -F 2>/dev/null
$ipset -X 2>/dev/null
;;
diff --git a/tests/match_target.t b/tests/match_target.t
index cab8184..1739fae 100644
--- a/tests/match_target.t
+++ b/tests/match_target.t
@@ -80,4 +80,12 @@
0 ipset test test 10.255.255.64,icmp:host-prohibited
# Destroy sets and rules
0 ./iptables.sh inet stop
+# Create test set and iptables rules
+0 ./iptables.sh inet mangle
+# Send probe packet from 10.255.255.64,udp:1025
+0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1
+# Check that proper sets matched and target worked
+0 ./check_klog.sh 10.255.255.64 udp 1025 mark
+# Destroy sets and rules
+0 ./iptables.sh inet stop
# eof