[nft PATCH 3/3] test: update and add the reject tests for ip, ip6, bridge and inet.

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Alvaro Neira Ayuso <alvaroneay@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [nft PATCH 3/3] test: update and add the reject tests for ip, ip6, bridge and inet.
Date: Sat, 11 Oct 2014 16:11:12 +0200	[thread overview]
Message-ID: <1413036673-23022-3-git-send-email-alvaroneay@gmail.com> (raw)
In-Reply-To: <1413036673-23022-1-git-send-email-alvaroneay@gmail.com>

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 tests/regression/bridge/reject.t |    9 +++++++++
 tests/regression/inet/reject.t   |   12 ++++++++++++
 tests/regression/ip/reject.t     |    6 +++++-
 tests/regression/ip6/reject.t    |    6 +++++-
 4 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 tests/regression/bridge/reject.t
 create mode 100644 tests/regression/inet/reject.t

diff --git a/tests/regression/bridge/reject.t b/tests/regression/bridge/reject.t
new file mode 100644
index 0000000..5676755
--- /dev/null
+++ b/tests/regression/bridge/reject.t
@@ -0,0 +1,9 @@
+*bridge;test-bridge
+:input;type filter hook input priority 0
+
+reject with icmp type host-unreachable;ok;ether type ip reject with icmp type host-unreachable
+reject with icmpv6 type no-route;ok;ether type ip6 reject with icmpv6 type no-route
+ether type ip reject with icmp type host-unreachable;ok
+ether type ip6 reject with icmp type host-unreachable;fail
+reject with icmpx type host-unreachable;ok
+reject with icmpx type no-route;ok
diff --git a/tests/regression/inet/reject.t b/tests/regression/inet/reject.t
new file mode 100644
index 0000000..6e5d593
--- /dev/null
+++ b/tests/regression/inet/reject.t
@@ -0,0 +1,12 @@
+*inet;test-inet
+:input;type filter hook input priority 0
+
+reject with icmp type host-unreachable;ok;meta nfproto ipv4 reject with icmp type host-unreachable
+reject with icmpv6 type no-route;ok;meta nfproto ipv6 reject with icmpv6 type no-route
+udp dport 9999 reject with icmpv6 type no-route;ok;meta nfproto ipv6 meta l4proto 17 udp dport 9999 reject with icmpv6 type no-route
+reject with tcp reset;ok;meta l4proto 6 reject with tcp reset
+reject;ok
+meta nfproto ipv4 reject with icmp type host-unreachable;ok
+meta nfproto ipv6 reject with icmp type host-unreachable;fail
+reject with icmpx type host-unreachable;ok
+reject with icmpx type no-route;ok
diff --git a/tests/regression/ip/reject.t b/tests/regression/ip/reject.t
index e7fb15b..13fb4a3 100644
--- a/tests/regression/ip/reject.t
+++ b/tests/regression/ip/reject.t
@@ -1,5 +1,9 @@
 *ip;test-ip4
-*ip;test-inet
 :output;type filter hook output priority 0
 
 reject;ok
+udp dport 9999 reject with icmp type host-unreachable;ok
+tcp dport 9999 reject;ok
+reject with tcp reset;ok;ip protocol 6 reject with tcp reset
+reject with icmp type no-route;fail
+reject with icmpv6 type no-route;fail
diff --git a/tests/regression/ip6/reject.t b/tests/regression/ip6/reject.t
index b49c50b..92edcb7 100644
--- a/tests/regression/ip6/reject.t
+++ b/tests/regression/ip6/reject.t
@@ -1,5 +1,9 @@
 *ip6;test-ip6
-*inet;test-inet
 :output;type filter hook output priority 0
 
 reject;ok
+reject with icmpv6 type host-unreachable;fail
+reject with icmp type host-unreachable;fail
+tcp dport 9999 reject with icmpv6 type admin-prohibited;ok
+udp dport 9999 reject;ok
+reject with tcp reset;ok;ip6 nexthdr 6 reject with tcp reset
-- 
1.7.10.4

     prev parent reply	other threads:[~2014-10-11 14:11 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-11 14:11 [nft PATCH 1/3] evaluate: fix a crash if we specify ether type or meta nfproto in reject Alvaro Neira Ayuso
2014-10-11 14:11 ` [nft PATCH 2/3] delinearize: list the icmpx reason with the string associated Alvaro Neira Ayuso
2014-10-11 14:11 ` Alvaro Neira Ayuso [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5676755 dfblob:6e5d593 dfblob:e7fb15b dfblob:13fb4a3
dfblob:b49c50b dfblob:92edcb7 )
 OR (
bs:"[nft PATCH 3/3] test: update and add the reject tests for ip, ip6, bridge and inet." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1413036673-23022-3-git-send-email-alvaroneay@gmail.com \
    --to=alvaroneay@gmail.com \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).