summaryrefslogtreecommitdiffstats
path: root/tests/py/ip6
Commit message (Collapse)AuthorAgeFilesLines
* tests/py: explicitly indication of set type and flags from test definitionsPablo Neira Ayuso2016-04-271-5/+5
| | | | | | | | | This patch adds explicit set type in test definitions, as well as flags. This has triggered a rework that starts by introducing a Set class to make this whole code more extensible and maintainable. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* payload: only merge if adjacent and combined size fits into a registerFlorian Westphal2016-04-193-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add rule ip6 filter input ip6 saddr ::1/128 ip6 daddr ::1/128 fails, we ask to compare a 32byte immediate which is not supported: [ payload load 32b @ network header + 8 => reg 1 ] [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 0x00000000 0x00000000 0x00000000 0x02000000 ] We would need to use two cmps in this case, i.e.: [ payload load 32b @ network header + 8 => reg 1 ] [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ] [ cmp eq reg 2 0x00000000 0x00000000 0x00000000 0x02000000 ] Seems however that this requires a bit more changes to how nft handles register allocations, we'd also need to undo the constant merge. Lets disable merging for now so that we generate [ payload load 16b @ network header + 8 => reg 1 ] [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ] [ payload load 16b @ network header + 24 => reg 1 ] [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x02000000 ] ... if merge would bring us over the 128 bit register size. Closes: http://bugzilla.netfilter.org/show_bug.cgi?id=1032 Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: frag: enable more testsFlorian Westphal2016-03-103-3/+49
| | | | | | a couple of tests were disabled since nft did not support this. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: frag: enable more testsFlorian Westphal2016-03-103-4/+72
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: extend masquerade to cover ports tooPablo Neira Ayuso2016-03-032-0/+19
| | | | | | Tests new masquerade port range support (available since 4.6-rc). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add/fix inet+exthdr testsFlorian Westphal2016-03-025-0/+327
| | | | | | | | exhdr needs to be treated as if we'd test an ipv6 header field, i.e. inet, bridge, netdev need to add a dependency on ipv6 protocol. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* evaluate: enforce ip6 proto with exthdr expressionFlorian Westphal2016-03-022-0/+172
| | | | | | | | | | | | | | Don't allow use of exthdr with e.g. ip family. Move frag.t to ip6 directory and don't use it with ipv4 anymore. This change causes major test failures for all exthdr users since they now fail with inet/bridge/netdev families. Will be resolved in a later patch -- we need to add an ipv6 dependency for them. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* proto: use parameter-problem for icmpv6 typePablo Neira Ayuso2016-02-012-0/+9
| | | | | | | To keep it consistent with icmpv4 naming. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=911 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: test port ranges and maps for redirectPablo Neira Ayuso2016-01-312-0/+23
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ip6: Add tests for icmpv6 packet typesShivani Bhardwaj2016-01-312-0/+10
| | | | | | | | Add tests for the icmpv6 packet types policy-fail and reject-route to be used with REJECT target. Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add two map test casesFlorian Westphal2016-01-262-0/+15
| | | | | | | | One normal map lookup, one with an explicit binop. The latter is supposed to also work with the followup patch applied. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: netdev family with ingress chainPablo Neira Ayuso2016-01-134-0/+432
| | | | | | | This patch enables tests for the new netdev family and its ingress chain. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: don't test log statement from protocol matchPablo Neira Ayuso2016-01-133-10/+6
| | | | | | | | | | | | I think this unit tests should be self-contained at some level. The shell/ directory should be used to catch regressions at ruleset level, ie. these kind of combinations. Another motivation is that I want that netdev/ingress gets tested (coming in a follow up patch), and we don't support log there yet, so I would need to skip this test for that case. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: update test files syntaxPablo M. Bermudo Garay2016-01-1216-27/+41
| | | | | | | | The test files have been adapted to the syntax defined in the previous commit "tests/py: modify supported test file syntax" Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/: rearrange tests directoryArturo Borrero2015-12-1539-0/+4151
Rearrange the directory to obtain a better organization of files and tests-suites. We end with a tree like this: tests | .--- py .--- shell .--- files This was suggested by Pablo. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>