From: Jose M. Guisado Gomez <guigom@riseup.net>
Date: Thu, 22 Oct 2020 19:43:55 +0000 (+0200)
Subject: tests: py: add netdev folder and reject.t icmp cases
X-Git-Tag: v0.9.8~53
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a51a0bec1f698b9980a266e2393d3f80596bbae0;p=thirdparty%2Fnftables.git

tests: py: add netdev folder and reject.t icmp cases

Add unit tests for the use of reject with icmp inside netdev family.

reject.t from inet family couldn't be reused because it was using
meta nfproto which is not supported inside netdev.

Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t
new file mode 100644
index 00000000..a4434b6c
--- /dev/null
+++ b/tests/py/netdev/reject.t
@@ -0,0 +1,20 @@
+:ingress;type filter hook ingress device lo priority 0
+
+*netdev;test-netdev;ingress
+
+reject with icmp type host-unreachable;ok;reject
+reject with icmp type net-unreachable;ok;reject
+reject with icmp type prot-unreachable;ok;reject
+reject with icmp type port-unreachable;ok;reject
+reject with icmp type net-prohibited;ok;reject
+reject with icmp type host-prohibited;ok;reject
+reject with icmp type admin-prohibited;ok;reject
+
+reject with icmpv6 type no-route;ok;reject
+reject with icmpv6 type admin-prohibited;ok;reject
+reject with icmpv6 type addr-unreachable;ok;reject
+reject with icmpv6 type port-unreachable;ok;reject
+reject with icmpv6 type policy-fail;ok;reject
+reject with icmpv6 type reject-route;ok;reject
+
+reject;ok
diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload
new file mode 100644
index 00000000..71a66f9d
--- /dev/null
+++ b/tests/py/netdev/reject.t.payload
@@ -0,0 +1,60 @@
+# reject with icmp type host-unreachable
+netdev 
+  [ reject type 0 code 1 ]
+
+# reject
+netdev 
+  [ reject type 2 code 1 ]
+
+# reject
+netdev 
+  [ reject type 2 code 1 ]
+
+# reject with icmp type admin-prohibited
+netdev 
+  [ reject type 0 code 13 ]
+
+# reject with icmp type net-unreachable
+netdev 
+  [ reject type 0 code 0 ]
+
+# reject with icmp type prot-unreachable
+netdev 
+  [ reject type 0 code 2 ]
+
+# reject with icmp type port-unreachable
+netdev 
+  [ reject type 0 code 3 ]
+
+# reject with icmp type net-prohibited
+netdev 
+  [ reject type 0 code 9 ]
+
+# reject with icmp type host-prohibited
+netdev 
+  [ reject type 0 code 10 ]
+
+# reject with icmpv6 type no-route
+netdev 
+  [ reject type 0 code 0 ]
+
+# reject with icmpv6 type admin-prohibited
+netdev 
+  [ reject type 0 code 1 ]
+
+# reject with icmpv6 type addr-unreachable
+netdev 
+  [ reject type 0 code 3 ]
+
+# reject with icmpv6 type port-unreachable
+netdev 
+  [ reject type 0 code 4 ]
+
+# reject with icmpv6 type policy-fail
+netdev 
+  [ reject type 0 code 5 ]
+
+# reject with icmpv6 type reject-route
+netdev 
+  [ reject type 0 code 6 ]
+
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index e7b5e01e..7ca5a22a 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -28,7 +28,7 @@ os.environ['TZ'] = 'UTC-2'
 
 from nftables import Nftables
 
-TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"]
+TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6", "netdev"]
 LOGFILE = "/tmp/nftables-test.log"
 log_file = None
 table_list = []