summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_hashlimit.txlate
Commit message (Collapse)AuthorAgeFilesLines
* extensions: change expected output for new formatFlorian Westphal2022-11-301-2/+2
| | | | | | | | Now that xtables-translate encloses the entire command line in ', update the test cases accordingly. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: libxt_conntrack: Drop extra whitespace in xlatePhil Sutter2022-11-291-2/+2
| | | | | | | | No point in having this. Interestingly, other test cases even made up for it. Fixes: 0afd957f6bc03 ("extensions: libxt_state: add translation to nft") Signed-off-by: Phil Sutter <phil@nwl.cc>
* libxtables: xt_xlate_add() to take care of spacingPhil Sutter2022-11-291-2/+2
| | | | | | | | | | | | | | | | | | Try to eliminate most of the whitespace issues by separating strings from separate xt_xlate_add() calls by whitespace if needed. Cover the common case of consecutive range, list or MAC/IP address printing by inserting whitespace only if the string to be appended starts with an alphanumeric character or a brace. The latter helps to make spacing in anonymous sets consistent. Provide *_nospc() variants which disable the auto-spacing for the mandatory exception to the rule. Make things round by dropping any trailing whitespace before returning the buffer via xt_xlate_get(). Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: hashlimit: Rename 'flow table' keyword to metershyam saini2018-01-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | After nft v0.8.1 "flow table" is renamed as meter. This should reflect in iptables to nftables translation. Before this patch: $ iptables-translate -A INPUT -m tcp -p tcp --dport 80 -m hashlimit --hashlimit-above 200/sec --hashlimit-mode srcip,dstport --hashlimit-name http1 -j DROP nft add rule ip filter INPUT tcp dport 80 flow table http1 { tcp dport . ip saddr limit rate over 200/second } counter drop After this patch: $ iptables-translate -A INPUT -m tcp -p tcp --dport 80 -m hashlimit --hashlimit-upto 200 --hashlimit-mode srcip --hashlimit-name http3 --hashlimit-srcmask 24 -j DROP nft add rule ip filter INPUT tcp dport 80 meter http3 { ip saddr and 255.255.255.0 limit rate 200/second } counter drop Signed-off-by: shyam saini <mayhs11saini@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add regression tests for xtables-translatePablo M. Bermudo Garay2017-04-071-0/+5
This test suite is intended to detect regressions in the translation infrastructure. The script checks if ip[6]tables-translate produces the expected output, otherwise it prints the wrong translation and the expected one. ** Arguments --all # Show also passed tests [test] # Run only the specified test file ** Test files structure Test files are located under extensions directory. Every file contains tests about specific extension translations. A test file name must end with ".txlate". Inside the files, every single test is defined by two consecutive lines: ip[6]tables-translate command and expected result. One blank line is left between tests by convention. e.g. $ cat extensions/libxt_cpu.txlate iptables-translate -A INPUT -p tcp --dport 80 -m cpu --cpu 0 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu 0 counter accept iptables-translate -A INPUT -p tcp --dport 80 -m cpu ! --cpu 1 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu != 1 counter accept Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>