diff options
author | Phil Sutter <phil@nwl.cc> | 2021-01-26 18:37:12 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-01-27 17:21:25 +0100 |
commit | 7ca3368cd7575e710114fc60e8ecc8ffba95154d (patch) | |
tree | 554026eda46d9f43cc58d63152934f765a03061d /tests/py/netdev/reject.t.json | |
parent | a206f22bdbd03a9c8dcf2f98e3ed7566b198d281 (diff) |
reject: Unify inet, netdev and bridge delinearization
Postprocessing for inet family did not attempt to kill any existing
payload dependency, although it is perfectly fine to do so. The mere
culprit is to not abbreviate default code rejects as that would drop
needed protocol info as a side-effect. Since postprocessing is then
almost identical to that of bridge and netdev families, merge them.
While being at it, extend tests/py/netdev/reject.t by a few more tests
taken from inet/reject.t so this covers icmpx rejects as well.
Cc: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'tests/py/netdev/reject.t.json')
-rw-r--r-- | tests/py/netdev/reject.t.json | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/tests/py/netdev/reject.t.json b/tests/py/netdev/reject.t.json index ffc72794..21e6ebb5 100644 --- a/tests/py/netdev/reject.t.json +++ b/tests/py/netdev/reject.t.json @@ -128,6 +128,26 @@ } ] +# mark 12345 reject with tcp reset +[ + { + "match": { + "left": { + "meta": { + "key": "mark" + } + }, + "op": "==", + "right": 12345 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + # reject [ { @@ -135,3 +155,163 @@ } ] +# meta protocol ip reject +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": null + } +] + +# meta protocol ip6 reject +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": null + } +] + +# reject with icmpx type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmpx" + } + } +] + +# reject with icmpx type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpx" + } + } +] + +# reject with icmpx type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# reject with icmpx type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] + +# meta protocol ip reject with icmp type host-unreachable +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# meta protocol ip6 reject with icmpv6 type no-route +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# meta protocol ip reject with icmpx type admin-prohibited +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# meta protocol ip6 reject with icmpx type admin-prohibited +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + |