diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/py/inet/reject.t | 33 | ||||
-rw-r--r-- | tests/py/inet/reject.t.json.output | 195 | ||||
-rw-r--r-- | tests/py/netdev/reject.t | 20 | ||||
-rw-r--r-- | tests/py/netdev/reject.t.json | 180 | ||||
-rw-r--r-- | tests/py/netdev/reject.t.payload | 60 |
5 files changed, 292 insertions, 196 deletions
diff --git a/tests/py/inet/reject.t b/tests/py/inet/reject.t index 0e8966c9..a9ecd2ea 100644 --- a/tests/py/inet/reject.t +++ b/tests/py/inet/reject.t @@ -2,33 +2,32 @@ *inet;test-inet;input -# The output is specific for inet family -reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable -reject with icmp type net-unreachable;ok;meta nfproto ipv4 reject with icmp type net-unreachable -reject with icmp type prot-unreachable;ok;meta nfproto ipv4 reject with icmp type prot-unreachable -reject with icmp type port-unreachable;ok;meta nfproto ipv4 reject -reject with icmp type net-prohibited;ok;meta nfproto ipv4 reject with icmp type net-prohibited -reject with icmp type host-prohibited;ok;meta nfproto ipv4 reject with icmp type host-prohibited -reject with icmp type admin-prohibited;ok;meta nfproto ipv4 reject with icmp type admin-prohibited - -reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route -reject with icmpv6 type admin-prohibited;ok;meta nfproto ipv6 reject with icmpv6 type admin-prohibited -reject with icmpv6 type addr-unreachable;ok;meta nfproto ipv6 reject with icmpv6 type addr-unreachable -reject with icmpv6 type port-unreachable;ok;meta nfproto ipv6 reject +reject with icmp type host-unreachable;ok +reject with icmp type net-unreachable;ok +reject with icmp type prot-unreachable;ok +reject with icmp type port-unreachable;ok +reject with icmp type net-prohibited;ok +reject with icmp type host-prohibited;ok +reject with icmp type admin-prohibited;ok + +reject with icmpv6 type no-route;ok +reject with icmpv6 type admin-prohibited;ok +reject with icmpv6 type addr-unreachable;ok +reject with icmpv6 type port-unreachable;ok mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset reject;ok -meta nfproto ipv4 reject;ok -meta nfproto ipv6 reject;ok +meta nfproto ipv4 reject;ok;reject with icmp type port-unreachable +meta nfproto ipv6 reject;ok;reject with icmpv6 type port-unreachable reject with icmpx type host-unreachable;ok reject with icmpx type no-route;ok reject with icmpx type admin-prohibited;ok reject with icmpx type port-unreachable;ok;reject -meta nfproto ipv4 reject with icmp type host-unreachable;ok -meta nfproto ipv6 reject with icmpv6 type no-route;ok +meta nfproto ipv4 reject with icmp type host-unreachable;ok;reject with icmp type host-unreachable +meta nfproto ipv6 reject with icmpv6 type no-route;ok;reject with icmpv6 type no-route meta nfproto ipv6 reject with icmp type host-unreachable;fail meta nfproto ipv4 ip protocol icmp reject with icmpv6 type no-route;fail diff --git a/tests/py/inet/reject.t.json.output b/tests/py/inet/reject.t.json.output index 73846fb0..6e18b96b 100644 --- a/tests/py/inet/reject.t.json.output +++ b/tests/py/inet/reject.t.json.output @@ -1,145 +1,70 @@ -# reject with icmp type host-unreachable +# mark 12345 reject with tcp reset [ { "match": { "left": { - "meta": { "key": "nfproto" } + "meta": { "key": "l4proto" } }, "op": "==", - "right": "ipv4" + "right": 6 } }, { - "reject": { - "expr": "host-unreachable", - "type": "icmp" - } - } -] - -# reject with icmp type net-unreachable -[ - { "match": { "left": { - "meta": { "key": "nfproto" } + "meta": { "key": "mark" } }, "op": "==", - "right": "ipv4" + "right": 12345 } }, { "reject": { - "expr": "net-unreachable", - "type": "icmp" + "type": "tcp reset" } } ] -# reject with icmp type prot-unreachable +# meta nfproto ipv4 reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "prot-unreachable", + "expr": "port-unreachable", "type": "icmp" } } ] -# reject with icmp type port-unreachable +# meta nfproto ipv6 reject [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { - "reject": null - } -] - -# reject with icmp type net-prohibited -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "net-prohibited", - "type": "icmp" + "expr": "port-unreachable", + "type": "icmpv6" } } ] -# reject with icmp type host-prohibited +# reject with icmpx type port-unreachable [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { - "reject": { - "expr": "host-prohibited", - "type": "icmp" - } + "reject": null } ] -# reject with icmp type admin-prohibited +# meta nfproto ipv4 reject with icmp type host-unreachable [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv4" - } - }, - { "reject": { - "expr": "admin-prohibited", + "expr": "host-unreachable", "type": "icmp" } } ] -# reject with icmpv6 type no-route +# meta nfproto ipv6 reject with icmpv6 type no-route [ { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { "reject": { "expr": "no-route", "type": "icmpv6" @@ -147,91 +72,3 @@ } ] -# reject with icmpv6 type admin-prohibited -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": { - "expr": "admin-prohibited", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type addr-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": { - "expr": "addr-unreachable", - "type": "icmpv6" - } - } -] - -# reject with icmpv6 type port-unreachable -[ - { - "match": { - "left": { - "meta": { "key": "nfproto" } - }, - "op": "==", - "right": "ipv6" - } - }, - { - "reject": null - } -] - -# mark 12345 reject with tcp reset -[ - { - "match": { - "left": { - "meta": { "key": "l4proto" } - }, - "op": "==", - "right": 6 - } - }, - { - "match": { - "left": { - "meta": { "key": "mark" } - }, - "op": "==", - "right": 12345 - } - }, - { - "reject": { - "type": "tcp reset" - } - } -] - -# reject with icmpx type port-unreachable -[ - { - "reject": null - } -] - diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t index 8f8c4e03..af109086 100644 --- a/tests/py/netdev/reject.t +++ b/tests/py/netdev/reject.t @@ -17,4 +17,24 @@ reject with icmpv6 type port-unreachable;ok reject with icmpv6 type policy-fail;ok reject with icmpv6 type reject-route;ok +mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset + reject;ok +meta protocol ip reject;ok;reject with icmp type port-unreachable +meta protocol ip6 reject;ok;reject with icmpv6 type port-unreachable + +reject with icmpx type host-unreachable;ok +reject with icmpx type no-route;ok +reject with icmpx type admin-prohibited;ok +reject with icmpx type port-unreachable;ok;reject + +meta protocol ip reject with icmp type host-unreachable;ok;reject with icmp type host-unreachable +meta protocol ip6 reject with icmpv6 type no-route;ok;reject with icmpv6 type no-route + +meta protocol ip6 reject with icmp type host-unreachable;fail +meta protocol ip ip protocol icmp reject with icmpv6 type no-route;fail +meta protocol ip6 ip protocol icmp reject with icmp type host-unreachable;fail +meta l4proto udp reject with tcp reset;fail + +meta protocol ip reject with icmpx type admin-prohibited;ok +meta protocol ip6 reject with icmpx type admin-prohibited;ok diff --git a/tests/py/netdev/reject.t.json b/tests/py/netdev/reject.t.json index ffc72794..21e6ebb5 100644 --- a/tests/py/netdev/reject.t.json +++ b/tests/py/netdev/reject.t.json @@ -128,6 +128,26 @@ } ] +# mark 12345 reject with tcp reset +[ + { + "match": { + "left": { + "meta": { + "key": "mark" + } + }, + "op": "==", + "right": 12345 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + # reject [ { @@ -135,3 +155,163 @@ } ] +# meta protocol ip reject +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": null + } +] + +# meta protocol ip6 reject +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": null + } +] + +# reject with icmpx type host-unreachable +[ + { + "reject": { + "expr": "host-unreachable", + "type": "icmpx" + } + } +] + +# reject with icmpx type no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpx" + } + } +] + +# reject with icmpx type admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# reject with icmpx type port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpx" + } + } +] + +# meta protocol ip reject with icmp type host-unreachable +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": { + "expr": "host-unreachable", + "type": "icmp" + } + } +] + +# meta protocol ip6 reject with icmpv6 type no-route +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# meta protocol ip reject with icmpx type admin-prohibited +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + +# meta protocol ip6 reject with icmpx type admin-prohibited +[ + { + "match": { + "left": { + "meta": { + "key": "protocol" + } + }, + "op": "==", + "right": "ip6" + } + }, + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpx" + } + } +] + diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload index aead4127..5f76b091 100644 --- a/tests/py/netdev/reject.t.payload +++ b/tests/py/netdev/reject.t.payload @@ -76,7 +76,67 @@ netdev [ cmp eq reg 1 0x0000dd86 ] [ reject type 0 code 6 ] +# mark 12345 reject with tcp reset +netdev + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x00003039 ] + [ reject type 1 code 0 ] + # reject netdev [ reject type 2 code 1 ] +# meta protocol ip reject +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 3 ] + +# meta protocol ip6 reject +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 4 ] + +# reject with icmpx type host-unreachable +netdev + [ reject type 2 code 2 ] + +# reject with icmpx type no-route +netdev + [ reject type 2 code 0 ] + +# reject with icmpx type admin-prohibited +netdev + [ reject type 2 code 3 ] + +# reject with icmpx type port-unreachable +netdev + [ reject type 2 code 1 ] + +# meta protocol ip reject with icmp type host-unreachable +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 0 code 1 ] + +# meta protocol ip6 reject with icmpv6 type no-route +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 0 code 0 ] + +# meta protocol ip reject with icmpx type admin-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x00000008 ] + [ reject type 2 code 3 ] + +# meta protocol ip6 reject with icmpx type admin-prohibited +netdev + [ meta load protocol => reg 1 ] + [ cmp eq reg 1 0x0000dd86 ] + [ reject type 2 code 3 ] + |