From 40afa4bb2c7c7c8d488a8d44830c6b72cd98c640 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 14 Feb 2024 11:41:30 +0100
Subject: tests: shell: permit use of host-endian constant values in set lookup
 keys

extend an existing test case with the afl input to cover in/output.

A new test case is added to test linearization, delinearization and
matching

Fixes: c0080feb0d03 ("evaluate: permit use of host-endian constant values in set lookup keys")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/packetpath/set_lookups | 64 ++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100755 tests/shell/testcases/packetpath/set_lookups

(limited to 'tests/shell/testcases/packetpath/set_lookups')

diff --git a/tests/shell/testcases/packetpath/set_lookups b/tests/shell/testcases/packetpath/set_lookups
new file mode 100755
index 00000000..84a0000a
--- /dev/null
+++ b/tests/shell/testcases/packetpath/set_lookups
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -e
+
+$NFT -f /dev/stdin <<"EOF"
+table ip t {
+	set s {
+		type ipv4_addr . iface_index
+		flags interval
+		elements = { 127.0.0.1 . 1 }
+	}
+
+	set s2 {
+		typeof ip saddr . meta iif
+		elements = { 127.0.0.1 . 1 }
+	}
+
+	set s3 {
+		type iface_index
+		elements = { "lo" }
+	}
+
+	set s4 {
+		type iface_index
+		flags interval
+		elements = { "lo" }
+	}
+
+	set nomatch {
+		typeof ip saddr . meta iif
+		elements = { 127.0.0.3 . 1 }
+	}
+
+	set nomatch2 {
+		type ipv4_addr . iface_index
+		elements = { 127.0.0.2 . 90000 }
+	}
+
+	chain c {
+		type filter hook input priority filter;
+		icmp type echo-request ip saddr . meta iif @s counter
+		icmp type echo-request ip saddr . 1 @s counter
+		icmp type echo-request ip saddr . "lo" @s counter
+		icmp type echo-request ip saddr . meta iif @s2 counter
+		icmp type echo-request ip saddr . 1 @s2 counter
+		icmp type echo-request ip saddr . "lo" @s2 counter
+
+		icmp type echo-request ip daddr . "lo" @s counter
+		icmp type echo-request ip daddr . "lo" @s2 counter
+
+		icmp type echo-request meta iif @s3 counter
+		icmp type echo-request meta iif @s4 counter
+
+		ip daddr . 1 @nomatch counter drop
+		ip daddr . meta iif @nomatch2 counter drop
+	}
+}
+EOF
+
+$NFT add element t s { 127.0.0.2 . 1 }
+$NFT add element t s2 { 127.0.0.2 . "lo" }
+
+ip link set lo up
+ping -q -c 1 127.0.0.2 > /dev/null
-- 
cgit v1.2.3