From 743071a345c5687ffea172bd119b0355d38d7c8f Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Fri, 17 Mar 2023 10:16:54 +0100 Subject: [PATCH] tests: shell: add test-cases for ct and packet mark payload expressions Add new test-cases to verify that defining a rule that sets the ct or packet mark to a value derived from a payload works correctly. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/bitwise/0040mark_binop_2 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_3 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_4 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_5 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_6 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_7 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_8 | 11 +++++++++++ tests/shell/testcases/bitwise/0040mark_binop_9 | 11 +++++++++++ .../testcases/bitwise/dumps/0040mark_binop_2.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_3.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_4.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_5.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_6.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_7.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_8.nft | 6 ++++++ .../testcases/bitwise/dumps/0040mark_binop_9.nft | 6 ++++++ 16 files changed, 136 insertions(+) create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_2 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_3 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_4 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_5 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_6 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_7 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_8 create mode 100755 tests/shell/testcases/bitwise/0040mark_binop_9 create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_2.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_3.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_4.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_5.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_6.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_7.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_8.nft create mode 100644 tests/shell/testcases/bitwise/dumps/0040mark_binop_9.nft diff --git a/tests/shell/testcases/bitwise/0040mark_binop_2 b/tests/shell/testcases/bitwise/0040mark_binop_2 new file mode 100755 index 000000000..94ebe976c --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_2 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table t + add chain t c { type filter hook output priority filter; } + add rule t c ct mark set ip dscp lshift 2 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_3 b/tests/shell/testcases/bitwise/0040mark_binop_3 new file mode 100755 index 000000000..b491565ca --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_3 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table t + add chain t c { type filter hook input priority filter; } + add rule t c meta mark set ip dscp lshift 2 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_4 b/tests/shell/testcases/bitwise/0040mark_binop_4 new file mode 100755 index 000000000..adc5f25ba --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_4 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table t + add chain t c { type filter hook output priority filter; } + add rule t c ct mark set ip dscp lshift 26 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_5 b/tests/shell/testcases/bitwise/0040mark_binop_5 new file mode 100755 index 000000000..286b7b1fc --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_5 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table t + add chain t c { type filter hook input priority filter; } + add rule t c meta mark set ip dscp lshift 26 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_6 b/tests/shell/testcases/bitwise/0040mark_binop_6 new file mode 100755 index 000000000..9ea82952e --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_6 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table ip6 t + add chain ip6 t c { type filter hook output priority filter; } + add rule ip6 t c ct mark set ip6 dscp lshift 2 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_7 b/tests/shell/testcases/bitwise/0040mark_binop_7 new file mode 100755 index 000000000..ff9cfb55a --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_7 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table ip6 t + add chain ip6 t c { type filter hook input priority filter; } + add rule ip6 t c meta mark set ip6 dscp lshift 2 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_8 b/tests/shell/testcases/bitwise/0040mark_binop_8 new file mode 100755 index 000000000..b348ee936 --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_8 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table ip6 t + add chain ip6 t c { type filter hook output priority filter; } + add rule ip6 t c ct mark set ip6 dscp lshift 26 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/0040mark_binop_9 b/tests/shell/testcases/bitwise/0040mark_binop_9 new file mode 100755 index 000000000..d19447d42 --- /dev/null +++ b/tests/shell/testcases/bitwise/0040mark_binop_9 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +RULESET=" + add table ip6 t + add chain ip6 t c { type filter hook input priority filter; } + add rule ip6 t c meta mark set ip6 dscp lshift 26 or 0x10 +" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_2.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_2.nft new file mode 100644 index 000000000..2b9be36e2 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_2.nft @@ -0,0 +1,6 @@ +table ip t { + chain c { + type filter hook output priority filter; policy accept; + ct mark set ip dscp << 2 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_3.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_3.nft new file mode 100644 index 000000000..8206fec04 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_3.nft @@ -0,0 +1,6 @@ +table ip t { + chain c { + type filter hook input priority filter; policy accept; + meta mark set ip dscp << 2 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_4.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_4.nft new file mode 100644 index 000000000..91d9f5662 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_4.nft @@ -0,0 +1,6 @@ +table ip t { + chain c { + type filter hook output priority filter; policy accept; + ct mark set ip dscp << 26 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_5.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_5.nft new file mode 100644 index 000000000..f2b51eb80 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_5.nft @@ -0,0 +1,6 @@ +table ip t { + chain c { + type filter hook input priority filter; policy accept; + meta mark set ip dscp << 26 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_6.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_6.nft new file mode 100644 index 000000000..cf7be90c3 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_6.nft @@ -0,0 +1,6 @@ +table ip6 t { + chain c { + type filter hook output priority filter; policy accept; + ct mark set ip6 dscp << 2 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_7.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_7.nft new file mode 100644 index 000000000..a9663e621 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_7.nft @@ -0,0 +1,6 @@ +table ip6 t { + chain c { + type filter hook input priority filter; policy accept; + meta mark set ip6 dscp << 2 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_8.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_8.nft new file mode 100644 index 000000000..04b866ad6 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_8.nft @@ -0,0 +1,6 @@ +table ip6 t { + chain c { + type filter hook output priority filter; policy accept; + ct mark set ip6 dscp << 26 | 0x10 + } +} diff --git a/tests/shell/testcases/bitwise/dumps/0040mark_binop_9.nft b/tests/shell/testcases/bitwise/dumps/0040mark_binop_9.nft new file mode 100644 index 000000000..d4745ea49 --- /dev/null +++ b/tests/shell/testcases/bitwise/dumps/0040mark_binop_9.nft @@ -0,0 +1,6 @@ +table ip6 t { + chain c { + type filter hook input priority filter; policy accept; + meta mark set ip6 dscp << 26 | 0x10 + } +} -- 2.47.2