diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
| commit | 971e619d8602fa52b1bfcb3ea65b7ab96be85318 (patch) | |
| tree | 26feb2498c72b796e07b86349d17f544046de279 /tests/py/ip/ip.t | |
| parent | Initial commit. (diff) | |
| download | nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.tar.xz nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.zip | |
Adding upstream version 1.0.9.upstream/1.0.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/py/ip/ip.t')
| -rw-r--r-- | tests/py/ip/ip.t | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t new file mode 100644 index 0000000..720d9ae --- /dev/null +++ b/tests/py/ip/ip.t @@ -0,0 +1,135 @@ +:input;type filter hook input priority 0 +:ingress;type filter hook ingress device lo priority 0 +:egress;type filter hook egress device lo priority 0 + +*ip;test-ip4;input +*inet;test-inet;input +*bridge;test-bridge;input +*netdev;test-netdev;ingress,egress + +- ip version 2;ok + +# bug ip hdrlength +- ip hdrlength 10;ok +- ip hdrlength != 5;ok +- ip hdrlength 5-8;ok +- ip hdrlength != 3-13;ok +- ip hdrlength {3, 5, 6, 8};ok +- ip hdrlength != {3, 5, 7, 8};ok +- ip hdrlength { 3-5};ok +- ip hdrlength != { 3-59};ok +# ip hdrlength 12 +# <cmdline>:1:1-38: Error: Could not process rule: Invalid argument +# add rule ip test input ip hdrlength 12 +# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +# <cmdline>:1:37-38: Error: Value 22 exceeds valid range 0-15 +# add rule ip test input ip hdrlength 22 + +ip dscp cs1;ok +ip dscp != cs1;ok +ip dscp 0x38;ok;ip dscp cs7 +ip dscp != 0x20;ok;ip dscp != cs4 +ip dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef};ok +- ip dscp {0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38, 0x00, 0x0a, 0x0c, 0x0e, 0x12, 0x14, 0x16, 0x1a, 0x1c, 0x1e, 0x22, 0x24, 0x26, 0x2e};ok +ip dscp != {cs0, cs3};ok +ip dscp vmap { cs1 : continue , cs4 : accept } counter;ok + +ip length 232;ok +ip length != 233;ok +ip length 333-435;ok +ip length != 333-453;ok +ip length { 333, 553, 673, 838};ok +ip length != { 333, 553, 673, 838};ok + +ip id 22;ok +ip id != 233;ok +ip id 33-45;ok +ip id != 33-45;ok +ip id { 33, 55, 67, 88};ok +ip id != { 33, 55, 67, 88};ok + +ip frag-off 0xde accept;ok +ip frag-off != 0xe9;ok +ip frag-off 0x21-0x2d;ok +ip frag-off != 0x21-0x2d;ok +ip frag-off { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off != { 0x21, 0x37, 0x43, 0x58};ok +ip frag-off & 0x1fff != 0x0;ok +ip frag-off & 0x2000 != 0x0;ok +ip frag-off & 0x4000 != 0x0;ok + +ip ttl 0 drop;ok +ip ttl 233;ok +ip ttl 33-55;ok +ip ttl != 45-50;ok +ip ttl {43, 53, 45 };ok +ip ttl != {43, 53, 45 };ok + +ip protocol tcp;ok;ip protocol 6 +ip protocol != tcp;ok;ip protocol != 6 +ip protocol { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept +ip protocol != { icmp, esp, ah, comp, udp, udplite, tcp, dccp, sctp} accept;ok;ip protocol != { 33, 136, 17, 51, 50, 6, 132, 1, 108} accept + +ip protocol 255;ok +ip protocol 256;fail + +ip checksum 13172 drop;ok +ip checksum 22;ok +ip checksum != 233;ok +ip checksum 33-45;ok +ip checksum != 33-45;ok +ip checksum { 33, 55, 67, 88};ok +ip checksum != { 33, 55, 67, 88};ok + +ip saddr set {192.19.1.2, 191.1.22.1};fail + +ip saddr 192.168.2.0/24;ok +ip saddr != 192.168.2.0/24;ok +ip saddr 192.168.3.1 ip daddr 192.168.3.100;ok +ip saddr != 1.1.1.1;ok +ip saddr 1.1.1.1;ok +ip daddr 192.168.0.1-192.168.0.250;ok +ip daddr 10.0.0.0-10.255.255.255;ok +ip daddr 172.16.0.0-172.31.255.255;ok +ip daddr 192.168.3.1-192.168.4.250;ok +ip daddr != 192.168.0.1-192.168.0.250;ok +ip daddr { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok +ip daddr != { 192.168.5.1, 192.168.5.2, 192.168.5.3 } accept;ok + +ip daddr 192.168.1.2-192.168.1.55;ok +ip daddr != 192.168.1.2-192.168.1.55;ok +ip saddr 192.168.1.3-192.168.33.55;ok +ip saddr != 192.168.1.3-192.168.33.55;ok + +ip daddr 192.168.0.1;ok +ip daddr 192.168.0.1 drop;ok +ip daddr 192.168.0.2;ok + +ip saddr & 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1 +ip saddr & 0.0.0.255 < 0.0.0.127;ok + +ip saddr & 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16 + +ip version 4 ip hdrlength 5;ok +ip hdrlength 0;ok +ip hdrlength 15;ok +ip hdrlength vmap { 0-4 : drop, 5 : accept, 6 : continue } counter;ok +ip hdrlength 16;fail + +# limit impact to lo +iif "lo" ip daddr set 127.0.0.1;ok +iif "lo" ip checksum set 0;ok +iif "lo" ip id set 0;ok +iif "lo" ip ecn set 1;ok;iif "lo" ip ecn set ect1 +iif "lo" ip ecn set ce;ok +iif "lo" ip ttl set 23;ok +iif "lo" ip protocol set 1;ok + +iif "lo" ip dscp set af23;ok +iif "lo" ip dscp set cs0;ok + +ip saddr . ip daddr { 192.0.2.1 . 10.0.0.1-10.0.0.2 };ok +ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept };ok + +ip saddr 1.2.3.4 ip daddr 3.4.5.6;ok +ip saddr 1.2.3.4 counter ip daddr 3.4.5.6;ok |