From ed2426bccd3ea954adc8a010bf1736e8ed6a81b9 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 23 Jun 2022 16:28:42 +0200 Subject: tests/py: Add a test for failing ipsec after counter This is a bug in parser/scanner due to scoping: | Error: syntax error, unexpected string, expecting saddr or daddr | add rule ip ipsec-ip4 ipsec-forw counter ipsec out ip daddr 192.168.1.2 | ^^^^^ Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- tests/py/inet/ipsec.t | 2 ++ tests/py/inet/ipsec.t.json | 21 +++++++++++++++++++++ tests/py/inet/ipsec.t.payload | 6 ++++++ 3 files changed, 29 insertions(+) (limited to 'tests/py/inet') diff --git a/tests/py/inet/ipsec.t b/tests/py/inet/ipsec.t index e924e9bc..b18df395 100644 --- a/tests/py/inet/ipsec.t +++ b/tests/py/inet/ipsec.t @@ -19,3 +19,5 @@ ipsec in ip6 daddr dead::beef;ok ipsec out ip6 saddr dead::feed;ok ipsec in spnum 256 reqid 1;fail + +counter ipsec out ip daddr 192.168.1.2;ok diff --git a/tests/py/inet/ipsec.t.json b/tests/py/inet/ipsec.t.json index d7d3a03c..18a64f35 100644 --- a/tests/py/inet/ipsec.t.json +++ b/tests/py/inet/ipsec.t.json @@ -134,3 +134,24 @@ } } ] + +# counter ipsec out ip daddr 192.168.1.2 +[ + { + "counter": null + }, + { + "match": { + "left": { + "ipsec": { + "dir": "out", + "family": "ip", + "key": "daddr", + "spnum": 0 + } + }, + "op": "==", + "right": "192.168.1.2" + } + } +] diff --git a/tests/py/inet/ipsec.t.payload b/tests/py/inet/ipsec.t.payload index c46a2263..9648255d 100644 --- a/tests/py/inet/ipsec.t.payload +++ b/tests/py/inet/ipsec.t.payload @@ -37,3 +37,9 @@ ip ipsec-ip4 ipsec-forw [ xfrm load out 0 saddr6 => reg 1 ] [ cmp eq reg 1 0x0000adde 0x00000000 0x00000000 0xedfe0000 ] +# counter ipsec out ip daddr 192.168.1.2 +ip ipsec-ip4 ipsec-forw + [ counter pkts 0 bytes 0 ] + [ xfrm load out 0 daddr4 => reg 1 ] + [ cmp eq reg 1 0x0201a8c0 ] + -- cgit v1.2.3