libxt_TOS: add tests for translation infrastructure

This patch checks that the iptables TOS to nftables translation works fine. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Harsha Sharma <harshasharmaiitr@gmail.com> 2017-10-17 17:59:37 +0530
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-10-17 14:38:01 +0200
commit: 23e6ed71eeb80c484e9ed5f7dde3158d658d7f94 (patch)
tree: d44f886d857e1e3177875046a71b54d1d4f7f565
parent: 9564595e60b466f170b4761c1df38f0011451497 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/extensions/libxt_TOS.txlate b/extensions/libxt_TOS.txlate
new file mode 100644
index 00000000..0952310e
--- /dev/null
+++ b/extensions/libxt_TOS.txlate
@@ -0,0 +1,23 @@
+ip6tables-translate -A INPUT -j TOS --set-tos 0x1f
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x07
+
+ip6tables-translate -A INPUT -j TOS --set-tos 0xff
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x3f
+
+ip6tables-translate -A INPUT -j TOS --set-tos Minimize-Delay
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x04
+
+ip6tables-translate -A INPUT -j TOS --set-tos Minimize-Cost
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x00
+
+ip6tables-translate -A INPUT -j TOS --set-tos Normal-Service
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x00
+
+ip6tables-translate -A INPUT -j TOS --and-tos 0x12
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x00
+
+ip6tables-translate -A INPUT -j TOS --or-tos 0x12
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x04
+
+ip6tables-translate -A INPUT -j TOS --xor-tos 0x12
+nft add rule ip6 filter INPUT counter ip6 dscp set 0x04
author	Harsha Sharma <harshasharmaiitr@gmail.com>	2017-10-17 17:59:37 +0530
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-10-17 14:38:01 +0200
commit	23e6ed71eeb80c484e9ed5f7dde3158d658d7f94 (patch)
tree	d44f886d857e1e3177875046a71b54d1d4f7f565
parent	9564595e60b466f170b4761c1df38f0011451497 (diff)