diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-12 15:12:22 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-13 13:03:03 +0100 |
commit | c2494dd6daac9a91f090504de6d38b7f404f0c1f (patch) | |
tree | 4bc598ec00b1a1fb20ceed24c784a8ad9edc7e24 /tests/py/ip6 | |
parent | 905e9d2d09ae9d0032436c1b443ca91c65283c19 (diff) |
tests/py: netdev family with ingress chain
This patch enables tests for the new netdev family and its ingress
chain.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6')
-rw-r--r-- | tests/py/ip6/sets.t | 2 | ||||
-rw-r--r-- | tests/py/ip6/sets.t.payload.netdev | 8 | ||||
-rw-r--r-- | tests/py/ip6/vmap.t | 2 | ||||
-rw-r--r-- | tests/py/ip6/vmap.t.payload.netdev | 420 |
4 files changed, 432 insertions, 0 deletions
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t index e0daa3ab..4bfa6146 100644 --- a/tests/py/ip6/sets.t +++ b/tests/py/ip6/sets.t @@ -1,7 +1,9 @@ :input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 *ip6;test-ip6;input *inet;test-inet;input +*netdev;test-netdev;ingress !set_ipv6_add1 ipv6_addr;ok !set_inet1 inet_proto;ok diff --git a/tests/py/ip6/sets.t.payload.netdev b/tests/py/ip6/sets.t.payload.netdev new file mode 100644 index 00000000..8f432d03 --- /dev/null +++ b/tests/py/ip6/sets.t.payload.netdev @@ -0,0 +1,8 @@ +# ip6 saddr @set2 drop +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set set2 ] + [ immediate reg 0 drop ] + diff --git a/tests/py/ip6/vmap.t b/tests/py/ip6/vmap.t index 6a3a004e..434f5d92 100644 --- a/tests/py/ip6/vmap.t +++ b/tests/py/ip6/vmap.t @@ -1,7 +1,9 @@ :input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 *ip6;test-ip6;input *inet;test-inet;input +*netdev;test-netdev;ingress ip6 saddr vmap { abcd::3 : accept };ok ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234:1234;fail diff --git a/tests/py/ip6/vmap.t.payload.netdev b/tests/py/ip6/vmap.t.payload.netdev new file mode 100644 index 00000000..3bacb88f --- /dev/null +++ b/tests/py/ip6/vmap.t.payload.netdev @@ -0,0 +1,420 @@ +# ip6 saddr vmap { abcd::3 : accept } +map%d test-netdev b +map%d test-netdev 0 + element 0000cdab 00000000 00000000 03000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34120000 34123412 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 34123412 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34120000 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00003412 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34120000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 00003412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 00003412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00000000 34123412 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 34120000 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00000000 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00003412 34120000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 00000000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 00003412 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 00000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00000000 34120000 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 00000000 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00000000 34120000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00003412 00000000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 00000000 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 00003412 00000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00000000 00000000 34123412 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 00000000 34120000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00000000 00000000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00003412 00000000 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 00000000 00000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00000000 00000000 34120000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 00000000 00000000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00000000 00000000 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00003412 00000000 00000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234:1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00000000 00000000 00000000 34123412 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 00000000 00000000 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 00000000 00000000 00000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::1234 : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00000000 00000000 00000000 34120000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { 1234:: : accept} +map%d test-netdev b +map%d test-netdev 0 + element 00003412 00000000 00000000 00000000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap { ::/64 : accept} +map%d test-netdev f +map%d test-netdev 0 + element 00000000 00000000 00000000 00000000 : 0 [end] element 00000000 01000000 00000000 00000000 : 1 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:: : accept, ::aaaa : drop} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 aaaa0000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept, ::bbbb : drop} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 bbbb0000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::cccc : drop} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 cccc0000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + +# ip6 saddr vmap {1234:1234:1234:1234:1234:1234:aaaa:::accept,::dddd: drop} +map%d test-netdev b +map%d test-netdev 0 + element 34123412 34123412 34123412 0000aaaa : 0 [end] element 00000000 00000000 00000000 dddd0000 : 0 [end] +netdev test-netdev ingress + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ payload load 16b @ network header + 8 => reg 1 ] + [ lookup reg 1 set map%d dreg 0 ] + |