summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Sowden <jeremy@azazel.net>2020-02-03 11:20:21 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2020-02-07 16:57:30 +0100
commit1f24768c93346bfb70214fcba65a1dcb3c2e7d46 (patch)
tree9af090c873a86f22aa6c3e1892954ad75d0c6899
parentaae18ff0b2aa18091c54be5873ddf1de97cd24ad (diff)
tests: shell: add bit-shift tests.
Add a couple of shell test-cases for setting the CT mark to a bitwise expression derived from the packet mark and vice versa. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rwxr-xr-xtests/shell/testcases/chains/0040mark_shift_011
-rwxr-xr-xtests/shell/testcases/chains/0040mark_shift_111
-rw-r--r--tests/shell/testcases/chains/dumps/0040mark_shift_0.nft6
-rw-r--r--tests/shell/testcases/chains/dumps/0040mark_shift_1.nft6
4 files changed, 34 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/0040mark_shift_0 b/tests/shell/testcases/chains/0040mark_shift_0
new file mode 100755
index 00000000..55447f0b
--- /dev/null
+++ b/tests/shell/testcases/chains/0040mark_shift_0
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+RULESET="
+ add table t
+ add chain t c { type filter hook output priority mangle; }
+ add rule t c oif lo ct mark set (meta mark | 0x10) << 8
+"
+
+$NFT --debug=eval -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/chains/0040mark_shift_1 b/tests/shell/testcases/chains/0040mark_shift_1
new file mode 100755
index 00000000..b609f5ef
--- /dev/null
+++ b/tests/shell/testcases/chains/0040mark_shift_1
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+RULESET="
+ add table t
+ add chain t c { type filter hook input priority mangle; }
+ add rule t c iif lo ct mark & 0xff 0x10 meta mark set ct mark >> 8
+"
+
+$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft b/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft
new file mode 100644
index 00000000..52d59d2c
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0040mark_shift_0.nft
@@ -0,0 +1,6 @@
+table ip t {
+ chain c {
+ type filter hook output priority mangle; policy accept;
+ oif "lo" ct mark set (meta mark | 0x00000010) << 8
+ }
+}
diff --git a/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft b/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft
new file mode 100644
index 00000000..56ec8dc7
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0040mark_shift_1.nft
@@ -0,0 +1,6 @@
+table ip t {
+ chain c {
+ type filter hook input priority mangle; policy accept;
+ iif "lo" ct mark & 0x000000ff == 0x00000010 meta mark set ct mark >> 8
+ }
+}