|
|
136e2c |
From b705a39b0a37b9b855b1ded6b4a2d4a919d293e3 Mon Sep 17 00:00:00 2001
|
|
|
136e2c |
From: Eric Garver <eric@garver.life>
|
|
|
136e2c |
Date: Tue, 16 Apr 2019 10:44:32 -0400
|
|
|
136e2c |
Subject: [PATCH 28/73] test: add tests for rich rule mark action
|
|
|
136e2c |
|
|
|
136e2c |
Coverage for gh478.
|
|
|
136e2c |
|
|
|
136e2c |
(cherry picked from commit 5840e1eea18a7a0070488491791a601905b90059)
|
|
|
136e2c |
(cherry picked from commit d4c829bc667547e9ff2669b26164da9636b8b0ce)
|
|
|
136e2c |
---
|
|
|
136e2c |
src/tests/regression.at | 1 +
|
|
|
136e2c |
src/tests/regression/gh478.at | 30 ++++++++++++++++++++++++++++++
|
|
|
136e2c |
2 files changed, 31 insertions(+)
|
|
|
136e2c |
create mode 100644 src/tests/regression/gh478.at
|
|
|
136e2c |
|
|
|
136e2c |
diff --git a/src/tests/regression.at b/src/tests/regression.at
|
|
|
136e2c |
index b6954f2c0fce..ab11a013897c 100644
|
|
|
136e2c |
--- a/src/tests/regression.at
|
|
|
136e2c |
+++ b/src/tests/regression.at
|
|
|
136e2c |
@@ -17,3 +17,4 @@ m4_include([regression/rhbz1601610.at])
|
|
|
136e2c |
m4_include([regression/gh303.at])
|
|
|
136e2c |
m4_include([regression/gh335.at])
|
|
|
136e2c |
m4_include([regression/gh482.at])
|
|
|
136e2c |
+m4_include([regression/gh478.at])
|
|
|
136e2c |
diff --git a/src/tests/regression/gh478.at b/src/tests/regression/gh478.at
|
|
|
136e2c |
new file mode 100644
|
|
|
136e2c |
index 000000000000..5d5966513753
|
|
|
136e2c |
--- /dev/null
|
|
|
136e2c |
+++ b/src/tests/regression/gh478.at
|
|
|
136e2c |
@@ -0,0 +1,30 @@
|
|
|
136e2c |
+FWD_START_TEST([rich rule marks every packet])
|
|
|
136e2c |
+AT_KEYWORDS(rich mark gh478)
|
|
|
136e2c |
+
|
|
|
136e2c |
+FWD_CHECK([-q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10'])
|
|
|
136e2c |
+FWD_CHECK([-q --add-rich-rule='rule protocol value=icmp mark set=11'])
|
|
|
136e2c |
+FWD_CHECK([-q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12'])
|
|
|
136e2c |
+
|
|
|
136e2c |
+m4_if(nftables, FIREWALL_BACKEND, [
|
|
|
136e2c |
+ NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl
|
|
|
136e2c |
+ table inet firewalld {
|
|
|
136e2c |
+ chain mangle_PRE_public_allow {
|
|
|
136e2c |
+ tcp dport 1234 mark set 0x0000000a
|
|
|
136e2c |
+ meta l4proto icmp mark set 0x0000000b
|
|
|
136e2c |
+ tcp sport 4321 mark set 0x0000000c
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+ }
|
|
|
136e2c |
+ ])], [
|
|
|
136e2c |
+ IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl
|
|
|
136e2c |
+ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa
|
|
|
136e2c |
+ MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb
|
|
|
136e2c |
+ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc
|
|
|
136e2c |
+ ])
|
|
|
136e2c |
+ IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl
|
|
|
136e2c |
+ MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa
|
|
|
136e2c |
+ MARK icmp ::/0 ::/0 MARK set 0xb
|
|
|
136e2c |
+ MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc
|
|
|
136e2c |
+ ])
|
|
|
136e2c |
+])
|
|
|
136e2c |
+
|
|
|
136e2c |
+FWD_END_TEST
|
|
|
136e2c |
--
|
|
|
136e2c |
2.20.1
|
|
|
136e2c |
|