diff options
| author | Florian Westphal <fw@strlen.de> | 2024-02-14 11:41:30 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-02-14 11:54:32 +0100 |
| commit | 40afa4bb2c7c7c8d488a8d44830c6b72cd98c640 (patch) | |
| tree | d26d6745574b8008a24f95c4329f5d2ba5d971a6 /tests/shell/testcases/packetpath/set_lookups | |
| parent | 2b24dd29c5fa1c7e4cf44f0753752d25106273a0 (diff) | |
tests: shell: permit use of host-endian constant values in set lookup keys
extend an existing test case with the afl input to cover in/output.
A new test case is added to test linearization, delinearization and
matching
Fixes: c0080feb0d03 ("evaluate: permit use of host-endian constant values in set lookup keys")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/packetpath/set_lookups')
| -rwxr-xr-x | tests/shell/testcases/packetpath/set_lookups | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/tests/shell/testcases/packetpath/set_lookups b/tests/shell/testcases/packetpath/set_lookups new file mode 100755 index 00000000..84a0000a --- /dev/null +++ b/tests/shell/testcases/packetpath/set_lookups @@ -0,0 +1,64 @@ +#!/bin/bash + +set -e + +$NFT -f /dev/stdin <<"EOF" +table ip t { + set s { + type ipv4_addr . iface_index + flags interval + elements = { 127.0.0.1 . 1 } + } + + set s2 { + typeof ip saddr . meta iif + elements = { 127.0.0.1 . 1 } + } + + set s3 { + type iface_index + elements = { "lo" } + } + + set s4 { + type iface_index + flags interval + elements = { "lo" } + } + + set nomatch { + typeof ip saddr . meta iif + elements = { 127.0.0.3 . 1 } + } + + set nomatch2 { + type ipv4_addr . iface_index + elements = { 127.0.0.2 . 90000 } + } + + chain c { + type filter hook input priority filter; + icmp type echo-request ip saddr . meta iif @s counter + icmp type echo-request ip saddr . 1 @s counter + icmp type echo-request ip saddr . "lo" @s counter + icmp type echo-request ip saddr . meta iif @s2 counter + icmp type echo-request ip saddr . 1 @s2 counter + icmp type echo-request ip saddr . "lo" @s2 counter + + icmp type echo-request ip daddr . "lo" @s counter + icmp type echo-request ip daddr . "lo" @s2 counter + + icmp type echo-request meta iif @s3 counter + icmp type echo-request meta iif @s4 counter + + ip daddr . 1 @nomatch counter drop + ip daddr . meta iif @nomatch2 counter drop + } +} +EOF + +$NFT add element t s { 127.0.0.2 . 1 } +$NFT add element t s2 { 127.0.0.2 . "lo" } + +ip link set lo up +ping -q -c 1 127.0.0.2 > /dev/null |