diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-26 12:24:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-26 23:08:14 +0200 |
commit | 567ea4774e13b1f3b06f42c74b9bd32453d70164 (patch) | |
tree | 147e68dc5721430e8089e705b2089057adea848c /tests/py/inet | |
parent | 058a943cefbdde9aee273115624de27cf15dd3f3 (diff) |
netlink_delinearize: incorrect meta protocol dependency kill
meta protocol is meaningful in bridge, netdev and inet families, do
not remove this.
Fixes: 056aaa3e6dc6 ("netlink_delinearize: Refactor meta_may_dependency_kill()")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet')
-rw-r--r-- | tests/py/inet/meta.t | 4 | ||||
-rw-r--r-- | tests/py/inet/meta.t.json | 54 | ||||
-rw-r--r-- | tests/py/inet/meta.t.payload | 18 |
3 files changed, 76 insertions, 0 deletions
diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t index 3638898b..423cc5f3 100644 --- a/tests/py/inet/meta.t +++ b/tests/py/inet/meta.t @@ -12,6 +12,10 @@ meta nfproto ipv4 tcp dport 22;ok meta nfproto ipv4 ip saddr 1.2.3.4;ok;ip saddr 1.2.3.4 meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6 meta nfproto ipv4 counter ip saddr 1.2.3.4;ok + +meta protocol ip udp dport 67;ok +meta protocol ip6 udp dport 67;ok + meta ipsec exists;ok meta secpath missing;ok;meta ipsec missing meta ibrname "br0";fail diff --git a/tests/py/inet/meta.t.json b/tests/py/inet/meta.t.json index 5c0e7d2e..723a36f7 100644 --- a/tests/py/inet/meta.t.json +++ b/tests/py/inet/meta.t.json @@ -235,3 +235,57 @@ } } ] + +# meta protocol ip udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] + +# meta protocol ip6 udp dport 67 +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "udp" + } + }, + "op": "==", + "right": 67 + } + } +] diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload index 6ccf6d24..fd054549 100644 --- a/tests/py/inet/meta.t.payload +++ b/tests/py/inet/meta.t.payload @@ -79,3 +79,21 @@ inet test-inet input [ ct load mark => reg 1 ] [ bitwise reg 1 = ( reg 1 >> 0x00000008 ) ] [ meta set mark with reg 1 ] + +# meta protocol ip udp dport 67 +inet test-inet input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] + +# meta protocol ip6 udp dport 67 +inet test-inet input + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00004300 ] |