diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-22 22:06:16 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 21:14:30 +0200 |
commit | 4b0f2a712b5792d2842d89fe68d4230e0eb05c7e (patch) | |
tree | 954a866715d95529e65f39c3ff90920973186ac1 /tests/py/arp/arp.t | |
parent | eeda228c2d1719f5b6276b40ad14a5b3c3e88536 (diff) |
src: support for arp sender and target ethernet and IPv4 addresses
# nft add table arp x
# nft add chain arp x y { type filter hook input priority 0\; }
# nft add rule arp x y arp saddr ip 192.168.2.1 counter
Testing this:
# ip neigh flush dev eth0
# ping 8.8.8.8
# nft list ruleset
table arp x {
chain y {
type filter hook input priority filter; policy accept;
arp saddr ip 192.168.2.1 counter packets 1 bytes 46
}
}
You can also specify hardware sender address, eg.
# nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/arp/arp.t')
-rw-r--r-- | tests/py/arp/arp.t | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/py/arp/arp.t b/tests/py/arp/arp.t index d62cc546..86bab523 100644 --- a/tests/py/arp/arp.t +++ b/tests/py/arp/arp.t @@ -55,4 +55,9 @@ arp operation != inreply;ok arp operation != nak;ok arp operation != reply;ok -meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 @nh,192,32 3232272144 @nh,144,48 set 18838586676582 +arp saddr ip 1.2.3.4;ok +arp daddr ip 4.3.2.1;ok +arp saddr ether aa:bb:cc:aa:bb:cc;ok +arp daddr ether aa:bb:cc:aa:bb:cc;ok + +meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 arp daddr ip 192.168.143.16 arp daddr ether set 11:22:33:44:55:66 |