diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2016-03-22 14:06:09 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-23 12:09:29 +0100 |
commit | 7fa2b0534745f53881ec74a0a73d4f870ea4b026 (patch) | |
tree | ca2e06bcc30a239c50947fbc820388474b5a652c /tests/shell/testcases/chains | |
parent | 4de76d7f998ed7ef4698f4f5135457b4f58591a2 (diff) |
tests/shell: add chain validations tests
Some basic test regarding chains: jumps and validations.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/chains')
-rwxr-xr-x | tests/shell/testcases/chains/0001jumps_0 | 17 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0002jumps_1 | 22 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0003jump_loop_1 | 21 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0004busy_1 | 11 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0005busy_map_1 | 11 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0006masquerade_0 | 7 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0007masquerade_1 | 9 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0008masquerade_jump_1 | 11 | ||||
-rwxr-xr-x | tests/shell/testcases/chains/0009masquerade_jump_1 | 11 |
9 files changed, 120 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/0001jumps_0 b/tests/shell/testcases/chains/0001jumps_0 new file mode 100755 index 00000000..b39df386 --- /dev/null +++ b/tests/shell/testcases/chains/0001jumps_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e + +MAX_JUMPS=16 + +$NFT add table t + +for i in $(seq 1 $MAX_JUMPS) +do + $NFT add chain t c${i} +done + +for i in $(seq 1 $((MAX_JUMPS - 1))) +do + $NFT add rule t c${i} jump c$((i + 1)) +done diff --git a/tests/shell/testcases/chains/0002jumps_1 b/tests/shell/testcases/chains/0002jumps_1 new file mode 100755 index 00000000..0cc89288 --- /dev/null +++ b/tests/shell/testcases/chains/0002jumps_1 @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +MAX_JUMPS=16 + +$NFT add table t + +for i in $(seq 1 $MAX_JUMPS) +do + $NFT add chain t c${i} +done + +for i in $(seq 1 $((MAX_JUMPS - 1))) +do + $NFT add rule t c${i} jump c$((i + 1)) +done + +# this last jump should fail: too many links +$NFT add chain t c$((MAX_JUMPS + 1)) +$NFT add rule t c${MAX_JUMPS} jump c$((MAX_JUMPS + 1)) 2>/dev/null +echo "E: max jumps ignored?" >&2 diff --git a/tests/shell/testcases/chains/0003jump_loop_1 b/tests/shell/testcases/chains/0003jump_loop_1 new file mode 100755 index 00000000..f74361f2 --- /dev/null +++ b/tests/shell/testcases/chains/0003jump_loop_1 @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +MAX_JUMPS=16 + +$NFT add table t + +for i in $(seq 1 $MAX_JUMPS) +do + $NFT add chain t c${i} +done + +for i in $(seq 1 $((MAX_JUMPS - 1))) +do + $NFT add rule t c${i} jump c$((i + 1)) +done + +# this last jump should fail: loop +$NFT add rule t c${MAX_JUMPS} jump c1 2>/dev/null +echo "E: loop of jumps ignored?" >&2 diff --git a/tests/shell/testcases/chains/0004busy_1 b/tests/shell/testcases/chains/0004busy_1 new file mode 100755 index 00000000..cc9a0dad --- /dev/null +++ b/tests/shell/testcases/chains/0004busy_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 +$NFT add chain t c2 +$NFT add rule t c1 jump c2 +# kernel should return EBUSY +$NFT delete chain t c2 2>/dev/null +echo "E: deleted a busy chain?" >&2 diff --git a/tests/shell/testcases/chains/0005busy_map_1 b/tests/shell/testcases/chains/0005busy_map_1 new file mode 100755 index 00000000..93eca827 --- /dev/null +++ b/tests/shell/testcases/chains/0005busy_map_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 +$NFT add chain t c2 +$NFT add rule t c1 tcp dport vmap { 1 : jump c2 } +# kernel should return EBUSY +$NFT delete chain t c2 2>/dev/null +echo "E: deleted a busy chain?" >&2 diff --git a/tests/shell/testcases/chains/0006masquerade_0 b/tests/shell/testcases/chains/0006masquerade_0 new file mode 100755 index 00000000..79349988 --- /dev/null +++ b/tests/shell/testcases/chains/0006masquerade_0 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 {type nat hook postrouting priority 0 \; } +$NFT add rule t c1 masquerade diff --git a/tests/shell/testcases/chains/0007masquerade_1 b/tests/shell/testcases/chains/0007masquerade_1 new file mode 100755 index 00000000..4e98d106 --- /dev/null +++ b/tests/shell/testcases/chains/0007masquerade_1 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 {type filter hook output priority 0 \; } +# wrong hook output, only postrouting is valid +$NFT add rule t c1 masquerade 2>/dev/null +echo "E: accepted masquerade in output hook" >&2 diff --git a/tests/shell/testcases/chains/0008masquerade_jump_1 b/tests/shell/testcases/chains/0008masquerade_jump_1 new file mode 100755 index 00000000..7754ed03 --- /dev/null +++ b/tests/shell/testcases/chains/0008masquerade_jump_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t output {type nat hook output priority 0 \; } +$NFT add chain t c1 +$NFT add rule t c1 masquerade +# kernel should return EOPNOTSUPP +$NFT add rule t output jump c1 2>/dev/null +echo "E: accepted masquerade in output hook" >&2 diff --git a/tests/shell/testcases/chains/0009masquerade_jump_1 b/tests/shell/testcases/chains/0009masquerade_jump_1 new file mode 100755 index 00000000..684d4417 --- /dev/null +++ b/tests/shell/testcases/chains/0009masquerade_jump_1 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t output {type nat hook output priority 0 \; } +$NFT add chain t c1 +$NFT add rule t c1 masquerade +# kernel should return EOPNOTSUPP +$NFT add rule t output tcp dport vmap {1 :jump c1 } 2>/dev/null +echo "E: accepted masquerade in output hook in a vmap" >&2 |