summaryrefslogtreecommitdiffstats
path: root/tests/py/netdev
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-09 13:08:37 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-09 13:08:37 +0000
commit971e619d8602fa52b1bfcb3ea65b7ab96be85318 (patch)
tree26feb2498c72b796e07b86349d17f544046de279 /tests/py/netdev
parentInitial commit. (diff)
downloadnftables-upstream.tar.xz
nftables-upstream.zip
Adding upstream version 1.0.9.upstream/1.0.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/py/netdev')
-rw-r--r--tests/py/netdev/dup.t8
-rw-r--r--tests/py/netdev/dup.t.json30
-rw-r--r--tests/py/netdev/dup.t.payload14
-rw-r--r--tests/py/netdev/fwd.t9
-rw-r--r--tests/py/netdev/fwd.t.json47
-rw-r--r--tests/py/netdev/fwd.t.json.output27
-rw-r--r--tests/py/netdev/fwd.t.payload20
-rw-r--r--tests/py/netdev/reject.t40
-rw-r--r--tests/py/netdev/reject.t.json293
-rw-r--r--tests/py/netdev/reject.t.payload142
10 files changed, 630 insertions, 0 deletions
diff --git a/tests/py/netdev/dup.t b/tests/py/netdev/dup.t
new file mode 100644
index 0000000..5632802
--- /dev/null
+++ b/tests/py/netdev/dup.t
@@ -0,0 +1,8 @@
+:ingress;type filter hook ingress device lo priority 0
+:egress;type filter hook egress device lo priority 0
+
+*netdev;test-netdev;ingress,egress
+
+dup to "lo";ok
+dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"};ok
+
diff --git a/tests/py/netdev/dup.t.json b/tests/py/netdev/dup.t.json
new file mode 100644
index 0000000..dc56f64
--- /dev/null
+++ b/tests/py/netdev/dup.t.json
@@ -0,0 +1,30 @@
+# dup to "lo"
+[
+ {
+ "dup": {
+ "addr": "lo"
+ }
+ }
+]
+
+# dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"}
+[
+ {
+ "dup": {
+ "addr": {
+ "map": {
+ "key": {
+ "meta": { "key": "mark" }
+ },
+ "data": {
+ "set": [
+ [ 1, "lo" ],
+ [ 2, "lo" ]
+ ]
+ }
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/netdev/dup.t.payload b/tests/py/netdev/dup.t.payload
new file mode 100644
index 0000000..51ff782
--- /dev/null
+++ b/tests/py/netdev/dup.t.payload
@@ -0,0 +1,14 @@
+# dup to "lo"
+netdev test-netdev ingress
+ [ immediate reg 1 0x00000001 ]
+ [ dup sreg_dev 1 ]
+
+# dup to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000001 : 00000001 0 [end] element 00000002 : 00000001 0 [end]
+netdev test-netdev ingress
+ [ meta load mark => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ dup sreg_dev 1 ]
+
diff --git a/tests/py/netdev/fwd.t b/tests/py/netdev/fwd.t
new file mode 100644
index 0000000..6051560
--- /dev/null
+++ b/tests/py/netdev/fwd.t
@@ -0,0 +1,9 @@
+:ingress;type filter hook ingress device lo priority 0
+:egress;type filter hook egress device lo priority 0
+
+*netdev;test-netdev;ingress,egress
+
+fwd to "lo";ok
+fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"};ok
+
+fwd ip to 192.168.2.200 device "lo";ok
diff --git a/tests/py/netdev/fwd.t.json b/tests/py/netdev/fwd.t.json
new file mode 100644
index 0000000..583606c
--- /dev/null
+++ b/tests/py/netdev/fwd.t.json
@@ -0,0 +1,47 @@
+# fwd to "lo"
+[
+ {
+ "fwd": {
+ "dev": "lo"
+ }
+ }
+]
+
+# fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"}
+[
+ {
+ "fwd": {
+ "dev": {
+ "map": {
+ "key": {
+ "meta": { "key": "mark" }
+ },
+ "data": {
+ "set": [
+ [
+ "0x00000001",
+ "lo"
+ ],
+ [
+ "0x00000002",
+ "lo"
+ ]
+ ]
+ }
+ }
+ }
+ }
+ }
+]
+
+# fwd ip to 192.168.2.200 device "lo"
+[
+ {
+ "fwd": {
+ "addr": "192.168.2.200",
+ "dev": "lo",
+ "family": "ip"
+ }
+ }
+]
+
diff --git a/tests/py/netdev/fwd.t.json.output b/tests/py/netdev/fwd.t.json.output
new file mode 100644
index 0000000..8433e49
--- /dev/null
+++ b/tests/py/netdev/fwd.t.json.output
@@ -0,0 +1,27 @@
+# fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"}
+[
+ {
+ "fwd": {
+ "dev": {
+ "map": {
+ "key": {
+ "meta": { "key": "mark" }
+ },
+ "data": {
+ "set": [
+ [
+ 1,
+ "lo"
+ ],
+ [
+ 2,
+ "lo"
+ ]
+ ]
+ }
+ }
+ }
+ }
+ }
+]
+
diff --git a/tests/py/netdev/fwd.t.payload b/tests/py/netdev/fwd.t.payload
new file mode 100644
index 0000000..f03077a
--- /dev/null
+++ b/tests/py/netdev/fwd.t.payload
@@ -0,0 +1,20 @@
+# fwd to "lo"
+netdev test-netdev ingress
+ [ immediate reg 1 0x00000001 ]
+ [ fwd sreg_dev 1 ]
+
+# fwd to meta mark map { 0x00000001 : "lo", 0x00000002 : "lo"}
+__map%d test-netdev b
+__map%d test-netdev 0
+ element 00000001 : 00000001 0 [end] element 00000002 : 00000001 0 [end]
+netdev test-netdev ingress
+ [ meta load mark => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ fwd sreg_dev 1 ]
+
+# fwd ip to 192.168.2.200 device "lo"
+netdev test-netdev ingress
+ [ immediate reg 1 0x00000001 ]
+ [ immediate reg 2 0xc802a8c0 ]
+ [ fwd sreg_dev 1 sreg_addr 2 nfproto 2 ]
+
diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t
new file mode 100644
index 0000000..c66e649
--- /dev/null
+++ b/tests/py/netdev/reject.t
@@ -0,0 +1,40 @@
+:ingress;type filter hook ingress device lo priority 0
+
+*netdev;test-netdev;ingress
+
+reject with icmp host-unreachable;ok
+reject with icmp net-unreachable;ok
+reject with icmp prot-unreachable;ok
+reject with icmp port-unreachable;ok
+reject with icmp net-prohibited;ok
+reject with icmp host-prohibited;ok
+reject with icmp admin-prohibited;ok
+
+reject with icmpv6 no-route;ok
+reject with icmpv6 admin-prohibited;ok
+reject with icmpv6 addr-unreachable;ok
+reject with icmpv6 port-unreachable;ok
+reject with icmpv6 policy-fail;ok
+reject with icmpv6 reject-route;ok
+
+mark 12345 reject with tcp reset;ok;meta l4proto 6 meta mark 0x00003039 reject with tcp reset
+
+reject;ok
+meta protocol ip reject;ok;reject with icmp port-unreachable
+meta protocol ip6 reject;ok;reject with icmpv6 port-unreachable
+
+reject with icmpx host-unreachable;ok
+reject with icmpx no-route;ok
+reject with icmpx admin-prohibited;ok
+reject with icmpx port-unreachable;ok;reject
+
+meta protocol ip reject with icmp host-unreachable;ok;reject with icmp host-unreachable
+meta protocol ip6 reject with icmpv6 no-route;ok;reject with icmpv6 no-route
+
+meta protocol ip6 reject with icmp host-unreachable;fail
+meta protocol ip ip protocol icmp reject with icmpv6 no-route;fail
+meta protocol ip6 ip protocol icmp reject with icmp host-unreachable;fail
+meta l4proto udp reject with tcp reset;fail
+
+meta protocol ip reject with icmpx admin-prohibited;ok
+meta protocol ip6 reject with icmpx admin-prohibited;ok
diff --git a/tests/py/netdev/reject.t.json b/tests/py/netdev/reject.t.json
new file mode 100644
index 0000000..9968aaf
--- /dev/null
+++ b/tests/py/netdev/reject.t.json
@@ -0,0 +1,293 @@
+# reject with icmp host-unreachable
+[
+ {
+ "reject": {
+ "expr": "host-unreachable",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmp net-unreachable
+[
+ {
+ "reject": {
+ "expr": "net-unreachable",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmp prot-unreachable
+[
+ {
+ "reject": {
+ "expr": "prot-unreachable",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmp port-unreachable
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmp net-prohibited
+[
+ {
+ "reject": {
+ "expr": "net-prohibited",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmp host-prohibited
+[
+ {
+ "reject": {
+ "expr": "host-prohibited",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmp admin-prohibited
+[
+ {
+ "reject": {
+ "expr": "admin-prohibited",
+ "type": "icmp"
+ }
+ }
+]
+
+# reject with icmpv6 no-route
+[
+ {
+ "reject": {
+ "expr": "no-route",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 admin-prohibited
+[
+ {
+ "reject": {
+ "expr": "admin-prohibited",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 addr-unreachable
+[
+ {
+ "reject": {
+ "expr": "addr-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 port-unreachable
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 policy-fail
+[
+ {
+ "reject": {
+ "expr": "policy-fail",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpv6 reject-route
+[
+ {
+ "reject": {
+ "expr": "reject-route",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# mark 12345 reject with tcp reset
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "mark"
+ }
+ },
+ "op": "==",
+ "right": 12345
+ }
+ },
+ {
+ "reject": {
+ "type": "tcp reset"
+ }
+ }
+]
+
+# reject
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpx"
+ }
+ }
+]
+
+# meta protocol ip reject
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmp"
+ }
+ }
+]
+
+# meta protocol ip6 reject
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# reject with icmpx host-unreachable
+[
+ {
+ "reject": {
+ "expr": "host-unreachable",
+ "type": "icmpx"
+ }
+ }
+]
+
+# reject with icmpx no-route
+[
+ {
+ "reject": {
+ "expr": "no-route",
+ "type": "icmpx"
+ }
+ }
+]
+
+# reject with icmpx admin-prohibited
+[
+ {
+ "reject": {
+ "expr": "admin-prohibited",
+ "type": "icmpx"
+ }
+ }
+]
+
+# reject with icmpx port-unreachable
+[
+ {
+ "reject": {
+ "expr": "port-unreachable",
+ "type": "icmpx"
+ }
+ }
+]
+
+# meta protocol ip reject with icmp host-unreachable
+[
+ {
+ "reject": {
+ "expr": "host-unreachable",
+ "type": "icmp"
+ }
+ }
+]
+
+# meta protocol ip6 reject with icmpv6 no-route
+[
+ {
+ "reject": {
+ "expr": "no-route",
+ "type": "icmpv6"
+ }
+ }
+]
+
+# meta protocol ip reject with icmpx admin-prohibited
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "protocol"
+ }
+ },
+ "op": "==",
+ "right": "ip"
+ }
+ },
+ {
+ "reject": {
+ "expr": "admin-prohibited",
+ "type": "icmpx"
+ }
+ }
+]
+
+# meta protocol ip6 reject with icmpx admin-prohibited
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "protocol"
+ }
+ },
+ "op": "==",
+ "right": "ip6"
+ }
+ },
+ {
+ "reject": {
+ "expr": "admin-prohibited",
+ "type": "icmpx"
+ }
+ }
+]
+
diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload
new file mode 100644
index 0000000..d014ada
--- /dev/null
+++ b/tests/py/netdev/reject.t.payload
@@ -0,0 +1,142 @@
+# reject with icmp host-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 1 ]
+
+# reject with icmp net-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 0 ]
+
+# reject with icmp prot-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 2 ]
+
+# reject with icmp port-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 3 ]
+
+# reject with icmp net-prohibited
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 9 ]
+
+# reject with icmp host-prohibited
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 10 ]
+
+# reject with icmp admin-prohibited
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 13 ]
+
+# reject with icmpv6 no-route
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 0 ]
+
+# reject with icmpv6 admin-prohibited
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 1 ]
+
+# reject with icmpv6 addr-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 3 ]
+
+# reject with icmpv6 port-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 4 ]
+
+# reject with icmpv6 policy-fail
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 5 ]
+
+# reject with icmpv6 reject-route
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 6 ]
+
+# mark 12345 reject with tcp reset
+netdev
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ meta load mark => reg 1 ]
+ [ cmp eq reg 1 0x00003039 ]
+ [ reject type 1 code 0 ]
+
+# reject
+netdev
+ [ reject type 2 code 1 ]
+
+# meta protocol ip reject
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 3 ]
+
+# meta protocol ip6 reject
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 4 ]
+
+# reject with icmpx host-unreachable
+netdev
+ [ reject type 2 code 2 ]
+
+# reject with icmpx no-route
+netdev
+ [ reject type 2 code 0 ]
+
+# reject with icmpx admin-prohibited
+netdev
+ [ reject type 2 code 3 ]
+
+# reject with icmpx port-unreachable
+netdev
+ [ reject type 2 code 1 ]
+
+# meta protocol ip reject with icmp host-unreachable
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 0 code 1 ]
+
+# meta protocol ip6 reject with icmpv6 no-route
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 0 code 0 ]
+
+# meta protocol ip reject with icmpx admin-prohibited
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x00000008 ]
+ [ reject type 2 code 3 ]
+
+# meta protocol ip6 reject with icmpx admin-prohibited
+netdev
+ [ meta load protocol => reg 1 ]
+ [ cmp eq reg 1 0x0000dd86 ]
+ [ reject type 2 code 3 ]
+