| Message ID | 1465822435-39991-1-git-send-email-zlpnobody@163.com |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On Mon, Jun 13, 2016 at 08:53:55PM +0800, Liping Zhang wrote: > From: Liping Zhang <liping.zhang@spreadtrum.com> > > Add some tests for endless jump loop validation. Applied, thanks for adding new tests to catch this problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/tests/shell/testcases/chains/0010endless_jump_loop_1 b/tests/shell/testcases/chains/0010endless_jump_loop_1 new file mode 100755 index 0000000..dba70e1 --- /dev/null +++ b/tests/shell/testcases/chains/0010endless_jump_loop_1 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c +# kernel should return ELOOP +$NFT add rule t c tcp dport vmap {1 : jump c} 2>/dev/null +echo "E: accepted endless jump loop in a vmap" >&2 diff --git a/tests/shell/testcases/chains/0011endless_jump_loop_1 b/tests/shell/testcases/chains/0011endless_jump_loop_1 new file mode 100755 index 0000000..adbff8d --- /dev/null +++ b/tests/shell/testcases/chains/0011endless_jump_loop_1 @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t c1 +$NFT add chain t c2 +$NFT add map t m {type inet_service : verdict \;} +$NFT add element t m {2 : jump c2} +$NFT add rule t c1 tcp dport vmap @m + +# kernel should return ELOOP +$NFT add element t m {1 : jump c1} 2>/dev/null +echo "E: accepted endless jump loop in a vmap" >&2