diff options
Diffstat (limited to '')
| -rw-r--r-- | tests/py/ip6/reject.t | 16 | ||||
| -rw-r--r-- | tests/py/ip6/reject.t.json | 95 | ||||
| -rw-r--r-- | tests/py/ip6/reject.t.json.output | 28 | ||||
| -rw-r--r-- | tests/py/ip6/reject.t.payload.ip6 | 40 |
4 files changed, 179 insertions, 0 deletions
diff --git a/tests/py/ip6/reject.t b/tests/py/ip6/reject.t new file mode 100644 index 0000000..bfdd094 --- /dev/null +++ b/tests/py/ip6/reject.t @@ -0,0 +1,16 @@ +:output;type filter hook output priority 0 + +*ip6;test-ip6;output + +reject;ok +reject with icmpv6 no-route;ok +reject with icmpv6 admin-prohibited;ok +reject with icmpv6 addr-unreachable;ok +reject with icmpv6 port-unreachable;ok;reject +reject with icmpv6 policy-fail;ok +reject with icmpv6 reject-route;ok +reject with icmpv6 3;ok;reject with icmpv6 addr-unreachable +mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset + +reject with icmpv6 host-unreachable;fail +reject with icmp host-unreachable;fail diff --git a/tests/py/ip6/reject.t.json b/tests/py/ip6/reject.t.json new file mode 100644 index 0000000..312a7da --- /dev/null +++ b/tests/py/ip6/reject.t.json @@ -0,0 +1,95 @@ +# reject +[ + { + "reject": null + } +] + +# reject with icmpv6 no-route +[ + { + "reject": { + "expr": "no-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 admin-prohibited +[ + { + "reject": { + "expr": "admin-prohibited", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 addr-unreachable +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 port-unreachable +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 policy-fail +[ + { + "reject": { + "expr": "policy-fail", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 reject-route +[ + { + "reject": { + "expr": "reject-route", + "type": "icmpv6" + } + } +] + +# reject with icmpv6 3 +[ + { + "reject": { + "expr": "addr-unreachable", + "type": "icmpv6" + } + } +] + +# mark 0x80000000 reject with tcp reset +[ + { + "match": { + "left": { + "meta": { "key": "mark" } + }, + "op": "==", + "right": "0x80000000" + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + diff --git a/tests/py/ip6/reject.t.json.output b/tests/py/ip6/reject.t.json.output new file mode 100644 index 0000000..04f12f5 --- /dev/null +++ b/tests/py/ip6/reject.t.json.output @@ -0,0 +1,28 @@ +# reject +[ + { + "reject": { + "expr": "port-unreachable", + "type": "icmpv6" + } + } +] + +# mark 0x80000000 reject with tcp reset +[ + { + "match": { + "left": { + "meta": { "key": "mark" } + }, + "op": "==", + "right": 2147483648 + } + }, + { + "reject": { + "type": "tcp reset" + } + } +] + diff --git a/tests/py/ip6/reject.t.payload.ip6 b/tests/py/ip6/reject.t.payload.ip6 new file mode 100644 index 0000000..3d4321b --- /dev/null +++ b/tests/py/ip6/reject.t.payload.ip6 @@ -0,0 +1,40 @@ +# reject +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with icmpv6 no-route +ip6 test-ip6 output + [ reject type 0 code 0 ] + +# reject with icmpv6 admin-prohibited +ip6 test-ip6 output + [ reject type 0 code 1 ] + +# reject with icmpv6 addr-unreachable +ip6 test-ip6 output + [ reject type 0 code 3 ] + +# reject with icmpv6 port-unreachable +ip6 test-ip6 output + [ reject type 0 code 4 ] + +# reject with icmpv6 policy-fail +ip6 test-ip6 output + [ reject type 0 code 5 ] + +# reject with icmpv6 reject-route +ip6 test-ip6 output + [ reject type 0 code 6 ] + +# reject with icmpv6 3 +ip6 test-ip6 output + [ reject type 0 code 3 ] + +# mark 0x80000000 reject with tcp reset +ip6 test-ip6 output + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load mark => reg 1 ] + [ cmp eq reg 1 0x80000000 ] + [ reject type 1 code 0 ] + |