summaryrefslogtreecommitdiffstats
path: root/tests/py/inet/meta.t
Commit message (Collapse)AuthorAgeFilesLines
* tests: py: add bit-shift tests.Jeremy Sowden2020-02-071-0/+1
| | | | | | | | Add a couple of Python test-cases for setting the CT mark to a bitwise expression derived from the packet mark and vice versa. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rename meta secpath to meta ipsecFlorian Westphal2018-09-211-2/+2
| | | | | | | for symmetry with 'rt ipsec'. "meta secpath" still works. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use ibrname and obrnamePablo Neira Ayuso2018-04-191-2/+2
| | | | | | | | | Legacy tool name is 'brctl' and so the 'br' prefix is already known. If we use ibrname and obrname it looks consistent with iifname and oifname. So let's this instead of ibridgename and obridgename since Florian likes this too. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rename ibrportname, obrportnameFlorian Westphal2018-04-171-0/+2
| | | | | | | | | | | | | | | For bridge, iifname is the port name, whereas 'ibrport' is the logical name of the bridge ("br0") the port ("iifname") is enslaved to. So, 'ibrport' is a misnomer. libnftl calls these 'bri_iifname' and 'bri_oifname', which is good but using 'briiifname' in nft is rather ugly, so use 'ibridgename' and 'obridgename' instead. Old names are still recognized, listing shows the new names. Signed-off-by: Florian Westphal <fw@strlen.de>
* meta: add secpath supportFlorian Westphal2018-01-161-0/+2
| | | | | | | | | This can be used to check if a packet has a secpath attached to it, i.e. was subject to ipsec processing. Example: add rule inet raw prerouting meta secpath exists accept Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: nft removes required inet dependency expressionsFlorian Westphal2017-10-261-1/+5
| | | | | | | | | | | +inet/meta.t: line: 10: 'add rule inet t input meta nfproto ipv6 tcp dport 22': 'meta nfproto ipv6 tcp dport 22' mismatches 'tcp dport 22' +inet/meta.t: line: 11: 'add rule inet t input meta nfproto ipv4 tcp dport 22': 'meta nfproto ipv4 tcp dport 22' mismatches 'tcp dport 22' +inet/meta.t: line: 13: 'add rule inet t input meta nfproto ipv6 meta l4proto tcp': 'meta nfproto ipv6 meta l4proto 6' mismatches 'meta l4proto 6' +inet/ip_tcp.t: line: 20: 'src/nft add rule inet test input ether type ip tcp dport 22': 'ether type ip tcp dport 22' mismatches 'tcp dport 22' All of these are actual errors, i.e. meaning of rule is changed. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: restrict meta nfproto test cases to inet familyFlorian Westphal2017-06-181-0/+10
Followup patch will reject meta nfproto for non-inet families. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>