diff options
author | Florian Westphal <fw@strlen.de> | 2018-05-09 12:18:20 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-05-09 12:18:20 +0200 |
commit | 2efbdf7b8fcf79f3fa8a6471d2eca00df0c91108 (patch) | |
tree | a7020e985b188bd249202594a0ed8cf94f1d829c /tests/py/inet | |
parent | 71624f25f22b1d750bb532ced75e080b4123fb56 (diff) |
tests: py: allow to specify sets with a timeout
Not usable yet, as the set timeout netlink output isn't captured so far,
but it adds groundwork to add this as a follow-up.
Set definition syntax changes a little, if you want to
add multiple elements they now have to be separated by "," just
like in nftables.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/py/inet')
-rw-r--r-- | tests/py/inet/sets.t | 18 | ||||
-rw-r--r-- | tests/py/inet/sets.t.payload.bridge | 15 | ||||
-rw-r--r-- | tests/py/inet/sets.t.payload.inet | 17 | ||||
-rw-r--r-- | tests/py/inet/sets.t.payload.netdev | 16 |
4 files changed, 66 insertions, 0 deletions
diff --git a/tests/py/inet/sets.t b/tests/py/inet/sets.t new file mode 100644 index 00000000..8f1cbff7 --- /dev/null +++ b/tests/py/inet/sets.t @@ -0,0 +1,18 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 + +*inet;test-inet;input +*bridge;test-inet;input +*netdev;test-netdev;ingress + +!set1 type ipv4_addr timeout 60s;ok +?set1 192.168.3.4 timeout 30s, 10.2.1.1;ok + +!set2 type ipv6_addr timeout 23d23h59m59s;ok +?set2 dead::beef timeout 1s;ok + +ip saddr @set1 drop;ok +ip saddr != @set2 drop;fail + +ip6 daddr != @set2 accept;ok +ip6 daddr @set1 drop;fail diff --git a/tests/py/inet/sets.t.payload.bridge b/tests/py/inet/sets.t.payload.bridge new file mode 100644 index 00000000..6f21f827 --- /dev/null +++ b/tests/py/inet/sets.t.payload.bridge @@ -0,0 +1,15 @@ +# ip saddr @set1 drop +bridge test-inet input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip6 daddr != @set2 accept +bridge test-inet input + [ payload load 2b @ link header + 12 => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ lookup reg 1 set set2 0x1 ] + [ immediate reg 0 accept ] diff --git a/tests/py/inet/sets.t.payload.inet b/tests/py/inet/sets.t.payload.inet new file mode 100644 index 00000000..1584fc07 --- /dev/null +++ b/tests/py/inet/sets.t.payload.inet @@ -0,0 +1,17 @@ +# ip saddr @set1 drop +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip6 daddr != @set2 accept +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ lookup reg 1 set set2 0x1 ] + [ immediate reg 0 accept ] + + diff --git a/tests/py/inet/sets.t.payload.netdev b/tests/py/inet/sets.t.payload.netdev new file mode 100644 index 00000000..9c94e384 --- /dev/null +++ b/tests/py/inet/sets.t.payload.netdev @@ -0,0 +1,16 @@ +# ip saddr @set1 drop +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ payload load 4b @ network header + 12 => reg 1 ] + [ lookup reg 1 set set1 ] + [ immediate reg 0 drop ] + +# ip6 daddr != @set2 accept +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 24 => reg 1 ] + [ lookup reg 1 set set2 0x1 ] + [ immediate reg 0 accept ] + |