From patchwork Fri Aug 24 15:47:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= X-Patchwork-Id: 961901 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hZF39l5V"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41xlzy3KXHz9s0n for ; Sat, 25 Aug 2018 01:48:14 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726508AbeHXTXZ (ORCPT ); Fri, 24 Aug 2018 15:23:25 -0400 Received: from mail-wm0-f42.google.com ([74.125.82.42]:53208 "EHLO mail-wm0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726268AbeHXTXZ (ORCPT ); Fri, 24 Aug 2018 15:23:25 -0400 Received: by mail-wm0-f42.google.com with SMTP id y139-v6so2002649wmc.2 for ; Fri, 24 Aug 2018 08:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=R2RW4gLYJHpbpEPG95aQZDhdHJVDtnknVfwtGPy5F5g=; b=hZF39l5VViFhuGaEUVHihZnBtjyoAw4nSMJPYZcFvE71JxhYEUzmOpKpWxdJQxw1GZ qh2kIuFGcyYJEd1RFhwybSYHL5hLO9TsNYramaqRImaXqcyumvvCXNXIDpZ35QpDJMu2 BI0MIv+Uc93/FnQ+kcv6Y0uWIzSYI8abgfI6cR5PIuv/t9Pm4XZ2QYFyXbrwJll5R1rV J4AP6DnRXDZaH2KKq7nCpiV3wsdEczY0moMaE0CEv9jzY+DTnq2A7c/eYh0SEThQu7qr R98oOI76BBSM05916VbGdqo1QxEUvEy7ZUy5R/r5DZc6q9r6f0PDNQGHRY0uCgb+6pTb qDlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=R2RW4gLYJHpbpEPG95aQZDhdHJVDtnknVfwtGPy5F5g=; b=jkGV0kmfYtQITTcNFQHOnmmHiwSda36kyj6hF5Z1ez3AywIu08yY59qP+Vx2sTNSPQ rjhhOI4AkMul11ZLlhQ6/8xvQGjXCVPRtAWeIV09qoyqFZAzCaRHdoFy4uQ7j8uK55nK Zpah+/OC2IR8242gjg6yXwgkaiPSWuR7zj6SdKNv+CeWgVQjgf6vF3AX0++4Gtx13eCr Ie+6PhJnbKDEmDCs+2Mlc5yVVFb9SkfSgrvLuKlZrPCTN9KBcpGpsk5fZqKDmss/+rEC 0d6iA3B1cyGkkXIOmTvd90hwczuGXXtTrhiAiipUpsKytxWYmdo4kqYwIdBNUgPOL5BT 6jxw== X-Gm-Message-State: APzg51B5bleulB0J9ehd4gebwhEmx79bPFIt2VVsjd5w5MdtqxMc9xO3 Ff9BUbqFd7iWmHJXr3TF5nXx6gvH X-Google-Smtp-Source: ANB0VdZ+Om/vqeV1ua6ZuS7ZOszhJkCWvhy6umfzCB6rEtkK/Byb5wVR6JU4W/JRSn3PbIUvssL9iA== X-Received: by 2002:a1c:1a48:: with SMTP id a69-v6mr1651367wma.43.1535125688457; Fri, 24 Aug 2018 08:48:08 -0700 (PDT) Received: from ecklm-lapos.localdomain (netacc-gpn-4-103-186.pool.telenor.hu. [84.224.103.186]) by smtp.gmail.com with ESMTPSA id r140-v6sm2415069wmd.7.2018.08.24.08.48.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Aug 2018 08:48:08 -0700 (PDT) From: =?utf-8?b?TcOhdMOpIEVja2w=?= To: netfilter-devel@vger.kernel.org Subject: [PATCH nft 1/2] test: shell: Test cases for standard chain prios Date: Fri, 24 Aug 2018 17:47:15 +0200 Message-Id: <20180824154715.31008-1-ecklm94@gmail.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Máté Eckl --- The indention of the bash files is intentional to conform single value assignments to for-loop assignments. tests/shell/testcases/chains/0021prio_0 | 97 ++ tests/shell/testcases/chains/0022prio_dummy_1 | 7 + .../testcases/chains/0023prio_inet_srcnat_1 | 16 + .../testcases/chains/0024prio_inet_dstnat_1 | 16 + tests/shell/testcases/chains/0025prio_arp_1 | 17 + .../shell/testcases/chains/0026prio_netdev_1 | 15 + .../testcases/chains/0027prio_bridge_dstnat_1 | 15 + .../testcases/chains/0028prio_bridge_out_1 | 15 + .../testcases/chains/0029prio_bridge_srcnat_1 | 15 + .../testcases/chains/dumps/0021prio_0.nft | 1546 +++++++++++++++++ 10 files changed, 1759 insertions(+) create mode 100755 tests/shell/testcases/chains/0021prio_0 create mode 100755 tests/shell/testcases/chains/0022prio_dummy_1 create mode 100755 tests/shell/testcases/chains/0023prio_inet_srcnat_1 create mode 100755 tests/shell/testcases/chains/0024prio_inet_dstnat_1 create mode 100755 tests/shell/testcases/chains/0025prio_arp_1 create mode 100755 tests/shell/testcases/chains/0026prio_netdev_1 create mode 100755 tests/shell/testcases/chains/0027prio_bridge_dstnat_1 create mode 100755 tests/shell/testcases/chains/0028prio_bridge_out_1 create mode 100755 tests/shell/testcases/chains/0029prio_bridge_srcnat_1 create mode 100644 tests/shell/testcases/chains/dumps/0021prio_0.nft diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 new file mode 100755 index 0000000..ada1d92 --- /dev/null +++ b/tests/shell/testcases/chains/0021prio_0 @@ -0,0 +1,97 @@ +#!/bin/bash + +set -e + +format_offset () { + i=$1 + if ((i == 0)) + then + echo "" + elif ((i > 0)) + then + echo "+$i" + else + echo "$i" + fi +} + +chainname () { + hook=$1 + prioname=$2 + priooffset=$3 + + echo "${hook}${prioname}${priooffset}" | tr "\-+" "mp" +} + +gen_chains () { + family=$1 + hook=$2 + prioname=$3 + + for i in -11 -10 0 10 11 + do + offset=`format_offset $i` + $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook priority $prioname $offset; }" + done +} + +for family in ip ip6 inet +do + $NFT add table $family x + for hook in prerouting input forward output postrouting + do + for prioname in raw mangle filter security + do + gen_chains $family $hook $prioname + done + done + + hook=prerouting + prioname=dstnat + gen_chains $family $hook $prioname + + hook=postrouting + prioname=srcnat + gen_chains $family $hook $prioname +done + + +family=arp + $NFT add table $family x + for hook in input output + do + prioname=filter + gen_chains $family $hook $prioname + done + + +family=netdev + $NFT add table $family x + hook=ingress + prioname=filter + for i in -11 -10 0 10 11 + do + offset=`format_offset $i` + $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }" + done + +family=bridge + $NFT add table $family x + for hook in prerouting input forward output postrouting + do + prioname=filter + gen_chains $family $hook $prioname + done + + hook=prerouting + prioname=dstnat + gen_chains $family $hook $prioname + + hook=output + prioname=out + gen_chains $family $hook $prioname + + hook=postrouting + prioname=srcnat + gen_chains $family $hook $prioname + diff --git a/tests/shell/testcases/chains/0022prio_dummy_1 b/tests/shell/testcases/chains/0022prio_dummy_1 new file mode 100755 index 0000000..ecdd945 --- /dev/null +++ b/tests/shell/testcases/chains/0022prio_dummy_1 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +$NFT add table ip x +$NFT add chain ip x y "{ type filter hook input priority dummy+1; }" &> /dev/null +echo "E: dummy should not be a valid priority." >&2 diff --git a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 new file mode 100755 index 0000000..fa53f7a --- /dev/null +++ b/tests/shell/testcases/chains/0023prio_inet_srcnat_1 @@ -0,0 +1,16 @@ +#!/bin/bash + +for family in ip ip6 inet +do + for hook in prerouting input forward output + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority srcnat; }" &> /dev/null + if (($? == 0)) + then + echo "E: srcnat should not be a valid priority name in $family $hook chains." >&2 + exit 0 + fi + done +done +exit 1 diff --git a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 new file mode 100755 index 0000000..a9a7264 --- /dev/null +++ b/tests/shell/testcases/chains/0024prio_inet_dstnat_1 @@ -0,0 +1,16 @@ +#!/bin/bash + +for family in ip ip6 inet +do + for hook in input forward output postrouting + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority dstnat; }" &> /dev/null + if (($? == 0)) + then + echo "E: dstnat should not be a valid priority name in $family $hook chains." >&2 + exit 0 + fi + done +done +exit 1 diff --git a/tests/shell/testcases/chains/0025prio_arp_1 b/tests/shell/testcases/chains/0025prio_arp_1 new file mode 100755 index 0000000..8c671d5 --- /dev/null +++ b/tests/shell/testcases/chains/0025prio_arp_1 @@ -0,0 +1,17 @@ +#!/bin/bash + +family=arp + for hook in input output + do + for prioname in raw mangle dstnat security srcnat + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for arp family chains." >&2 + exit 0 + fi + done + done +exit 1 diff --git a/tests/shell/testcases/chains/0026prio_netdev_1 b/tests/shell/testcases/chains/0026prio_netdev_1 new file mode 100755 index 0000000..ae02283 --- /dev/null +++ b/tests/shell/testcases/chains/0026prio_netdev_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=netdev + hook=ingress + for prioname in raw mangle dstnat security srcnat + do + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook device lo priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for netdev family chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 new file mode 100755 index 0000000..df0b695 --- /dev/null +++ b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=bridge + for hook in input forward output postrouting + do + prioname=dstnat + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/0028prio_bridge_out_1 b/tests/shell/testcases/chains/0028prio_bridge_out_1 new file mode 100755 index 0000000..06fdbeb --- /dev/null +++ b/tests/shell/testcases/chains/0028prio_bridge_out_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=bridge + for hook in prerouting input forward postrouting + do + prioname=out + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 new file mode 100755 index 0000000..8896a7c --- /dev/null +++ b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 @@ -0,0 +1,15 @@ +#!/bin/bash + +family=bridge + for hook in prerouting input forward output + do + prioname=srcnat + $NFT add table $family x + $NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2 + exit 0 + fi + done +exit 1 diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.nft b/tests/shell/testcases/chains/dumps/0021prio_0.nft new file mode 100644 index 0000000..20125ba --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0021prio_0.nft @@ -0,0 +1,1546 @@ +table ip x { + chain preroutingrawm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingrawm10 { + type filter hook prerouting priority raw - 10; policy accept; + } + + chain preroutingraw { + type filter hook prerouting priority raw; policy accept; + } + + chain preroutingrawp10 { + type filter hook prerouting priority raw + 10; policy accept; + } + + chain preroutingrawp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain preroutingmanglem11 { + type filter hook prerouting priority -161; policy accept; + } + + chain preroutingmanglem10 { + type filter hook prerouting priority mangle - 10; policy accept; + } + + chain preroutingmangle { + type filter hook prerouting priority mangle; policy accept; + } + + chain preroutingmanglep10 { + type filter hook prerouting priority mangle + 10; policy accept; + } + + chain preroutingmanglep11 { + type filter hook prerouting priority -139; policy accept; + } + + chain preroutingfilterm11 { + type filter hook prerouting priority -11; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority 11; policy accept; + } + + chain preroutingsecuritym11 { + type filter hook prerouting priority 39; policy accept; + } + + chain preroutingsecuritym10 { + type filter hook prerouting priority security - 10; policy accept; + } + + chain preroutingsecurity { + type filter hook prerouting priority security; policy accept; + } + + chain preroutingsecurityp10 { + type filter hook prerouting priority security + 10; policy accept; + } + + chain preroutingsecurityp11 { + type filter hook prerouting priority 61; policy accept; + } + + chain inputrawm11 { + type filter hook input priority -311; policy accept; + } + + chain inputrawm10 { + type filter hook input priority raw - 10; policy accept; + } + + chain inputraw { + type filter hook input priority raw; policy accept; + } + + chain inputrawp10 { + type filter hook input priority raw + 10; policy accept; + } + + chain inputrawp11 { + type filter hook input priority -289; policy accept; + } + + chain inputmanglem11 { + type filter hook input priority -161; policy accept; + } + + chain inputmanglem10 { + type filter hook input priority mangle - 10; policy accept; + } + + chain inputmangle { + type filter hook input priority mangle; policy accept; + } + + chain inputmanglep10 { + type filter hook input priority mangle + 10; policy accept; + } + + chain inputmanglep11 { + type filter hook input priority -139; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain inputsecuritym11 { + type filter hook input priority 39; policy accept; + } + + chain inputsecuritym10 { + type filter hook input priority security - 10; policy accept; + } + + chain inputsecurity { + type filter hook input priority security; policy accept; + } + + chain inputsecurityp10 { + type filter hook input priority security + 10; policy accept; + } + + chain inputsecurityp11 { + type filter hook input priority 61; policy accept; + } + + chain forwardrawm11 { + type filter hook forward priority -311; policy accept; + } + + chain forwardrawm10 { + type filter hook forward priority raw - 10; policy accept; + } + + chain forwardraw { + type filter hook forward priority raw; policy accept; + } + + chain forwardrawp10 { + type filter hook forward priority raw + 10; policy accept; + } + + chain forwardrawp11 { + type filter hook forward priority -289; policy accept; + } + + chain forwardmanglem11 { + type filter hook forward priority -161; policy accept; + } + + chain forwardmanglem10 { + type filter hook forward priority mangle - 10; policy accept; + } + + chain forwardmangle { + type filter hook forward priority mangle; policy accept; + } + + chain forwardmanglep10 { + type filter hook forward priority mangle + 10; policy accept; + } + + chain forwardmanglep11 { + type filter hook forward priority -139; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -11; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority 11; policy accept; + } + + chain forwardsecuritym11 { + type filter hook forward priority 39; policy accept; + } + + chain forwardsecuritym10 { + type filter hook forward priority security - 10; policy accept; + } + + chain forwardsecurity { + type filter hook forward priority security; policy accept; + } + + chain forwardsecurityp10 { + type filter hook forward priority security + 10; policy accept; + } + + chain forwardsecurityp11 { + type filter hook forward priority 61; policy accept; + } + + chain outputrawm11 { + type filter hook output priority -311; policy accept; + } + + chain outputrawm10 { + type filter hook output priority raw - 10; policy accept; + } + + chain outputraw { + type filter hook output priority raw; policy accept; + } + + chain outputrawp10 { + type filter hook output priority raw + 10; policy accept; + } + + chain outputrawp11 { + type filter hook output priority -289; policy accept; + } + + chain outputmanglem11 { + type filter hook output priority -161; policy accept; + } + + chain outputmanglem10 { + type filter hook output priority mangle - 10; policy accept; + } + + chain outputmangle { + type filter hook output priority mangle; policy accept; + } + + chain outputmanglep10 { + type filter hook output priority mangle + 10; policy accept; + } + + chain outputmanglep11 { + type filter hook output priority -139; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } + + chain outputsecuritym11 { + type filter hook output priority 39; policy accept; + } + + chain outputsecuritym10 { + type filter hook output priority security - 10; policy accept; + } + + chain outputsecurity { + type filter hook output priority security; policy accept; + } + + chain outputsecurityp10 { + type filter hook output priority security + 10; policy accept; + } + + chain outputsecurityp11 { + type filter hook output priority 61; policy accept; + } + + chain postroutingrawm11 { + type filter hook postrouting priority -311; policy accept; + } + + chain postroutingrawm10 { + type filter hook postrouting priority raw - 10; policy accept; + } + + chain postroutingraw { + type filter hook postrouting priority raw; policy accept; + } + + chain postroutingrawp10 { + type filter hook postrouting priority raw + 10; policy accept; + } + + chain postroutingrawp11 { + type filter hook postrouting priority -289; policy accept; + } + + chain postroutingmanglem11 { + type filter hook postrouting priority -161; policy accept; + } + + chain postroutingmanglem10 { + type filter hook postrouting priority mangle - 10; policy accept; + } + + chain postroutingmangle { + type filter hook postrouting priority mangle; policy accept; + } + + chain postroutingmanglep10 { + type filter hook postrouting priority mangle + 10; policy accept; + } + + chain postroutingmanglep11 { + type filter hook postrouting priority -139; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -11; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority 11; policy accept; + } + + chain postroutingsecuritym11 { + type filter hook postrouting priority 39; policy accept; + } + + chain postroutingsecuritym10 { + type filter hook postrouting priority security - 10; policy accept; + } + + chain postroutingsecurity { + type filter hook postrouting priority security; policy accept; + } + + chain postroutingsecurityp10 { + type filter hook postrouting priority security + 10; policy accept; + } + + chain postroutingsecurityp11 { + type filter hook postrouting priority 61; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -111; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -89; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 89; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 111; policy accept; + } +} +table ip6 x { + chain preroutingrawm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingrawm10 { + type filter hook prerouting priority raw - 10; policy accept; + } + + chain preroutingraw { + type filter hook prerouting priority raw; policy accept; + } + + chain preroutingrawp10 { + type filter hook prerouting priority raw + 10; policy accept; + } + + chain preroutingrawp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain preroutingmanglem11 { + type filter hook prerouting priority -161; policy accept; + } + + chain preroutingmanglem10 { + type filter hook prerouting priority mangle - 10; policy accept; + } + + chain preroutingmangle { + type filter hook prerouting priority mangle; policy accept; + } + + chain preroutingmanglep10 { + type filter hook prerouting priority mangle + 10; policy accept; + } + + chain preroutingmanglep11 { + type filter hook prerouting priority -139; policy accept; + } + + chain preroutingfilterm11 { + type filter hook prerouting priority -11; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority 11; policy accept; + } + + chain preroutingsecuritym11 { + type filter hook prerouting priority 39; policy accept; + } + + chain preroutingsecuritym10 { + type filter hook prerouting priority security - 10; policy accept; + } + + chain preroutingsecurity { + type filter hook prerouting priority security; policy accept; + } + + chain preroutingsecurityp10 { + type filter hook prerouting priority security + 10; policy accept; + } + + chain preroutingsecurityp11 { + type filter hook prerouting priority 61; policy accept; + } + + chain inputrawm11 { + type filter hook input priority -311; policy accept; + } + + chain inputrawm10 { + type filter hook input priority raw - 10; policy accept; + } + + chain inputraw { + type filter hook input priority raw; policy accept; + } + + chain inputrawp10 { + type filter hook input priority raw + 10; policy accept; + } + + chain inputrawp11 { + type filter hook input priority -289; policy accept; + } + + chain inputmanglem11 { + type filter hook input priority -161; policy accept; + } + + chain inputmanglem10 { + type filter hook input priority mangle - 10; policy accept; + } + + chain inputmangle { + type filter hook input priority mangle; policy accept; + } + + chain inputmanglep10 { + type filter hook input priority mangle + 10; policy accept; + } + + chain inputmanglep11 { + type filter hook input priority -139; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain inputsecuritym11 { + type filter hook input priority 39; policy accept; + } + + chain inputsecuritym10 { + type filter hook input priority security - 10; policy accept; + } + + chain inputsecurity { + type filter hook input priority security; policy accept; + } + + chain inputsecurityp10 { + type filter hook input priority security + 10; policy accept; + } + + chain inputsecurityp11 { + type filter hook input priority 61; policy accept; + } + + chain forwardrawm11 { + type filter hook forward priority -311; policy accept; + } + + chain forwardrawm10 { + type filter hook forward priority raw - 10; policy accept; + } + + chain forwardraw { + type filter hook forward priority raw; policy accept; + } + + chain forwardrawp10 { + type filter hook forward priority raw + 10; policy accept; + } + + chain forwardrawp11 { + type filter hook forward priority -289; policy accept; + } + + chain forwardmanglem11 { + type filter hook forward priority -161; policy accept; + } + + chain forwardmanglem10 { + type filter hook forward priority mangle - 10; policy accept; + } + + chain forwardmangle { + type filter hook forward priority mangle; policy accept; + } + + chain forwardmanglep10 { + type filter hook forward priority mangle + 10; policy accept; + } + + chain forwardmanglep11 { + type filter hook forward priority -139; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -11; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority 11; policy accept; + } + + chain forwardsecuritym11 { + type filter hook forward priority 39; policy accept; + } + + chain forwardsecuritym10 { + type filter hook forward priority security - 10; policy accept; + } + + chain forwardsecurity { + type filter hook forward priority security; policy accept; + } + + chain forwardsecurityp10 { + type filter hook forward priority security + 10; policy accept; + } + + chain forwardsecurityp11 { + type filter hook forward priority 61; policy accept; + } + + chain outputrawm11 { + type filter hook output priority -311; policy accept; + } + + chain outputrawm10 { + type filter hook output priority raw - 10; policy accept; + } + + chain outputraw { + type filter hook output priority raw; policy accept; + } + + chain outputrawp10 { + type filter hook output priority raw + 10; policy accept; + } + + chain outputrawp11 { + type filter hook output priority -289; policy accept; + } + + chain outputmanglem11 { + type filter hook output priority -161; policy accept; + } + + chain outputmanglem10 { + type filter hook output priority mangle - 10; policy accept; + } + + chain outputmangle { + type filter hook output priority mangle; policy accept; + } + + chain outputmanglep10 { + type filter hook output priority mangle + 10; policy accept; + } + + chain outputmanglep11 { + type filter hook output priority -139; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } + + chain outputsecuritym11 { + type filter hook output priority 39; policy accept; + } + + chain outputsecuritym10 { + type filter hook output priority security - 10; policy accept; + } + + chain outputsecurity { + type filter hook output priority security; policy accept; + } + + chain outputsecurityp10 { + type filter hook output priority security + 10; policy accept; + } + + chain outputsecurityp11 { + type filter hook output priority 61; policy accept; + } + + chain postroutingrawm11 { + type filter hook postrouting priority -311; policy accept; + } + + chain postroutingrawm10 { + type filter hook postrouting priority raw - 10; policy accept; + } + + chain postroutingraw { + type filter hook postrouting priority raw; policy accept; + } + + chain postroutingrawp10 { + type filter hook postrouting priority raw + 10; policy accept; + } + + chain postroutingrawp11 { + type filter hook postrouting priority -289; policy accept; + } + + chain postroutingmanglem11 { + type filter hook postrouting priority -161; policy accept; + } + + chain postroutingmanglem10 { + type filter hook postrouting priority mangle - 10; policy accept; + } + + chain postroutingmangle { + type filter hook postrouting priority mangle; policy accept; + } + + chain postroutingmanglep10 { + type filter hook postrouting priority mangle + 10; policy accept; + } + + chain postroutingmanglep11 { + type filter hook postrouting priority -139; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -11; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority 11; policy accept; + } + + chain postroutingsecuritym11 { + type filter hook postrouting priority 39; policy accept; + } + + chain postroutingsecuritym10 { + type filter hook postrouting priority security - 10; policy accept; + } + + chain postroutingsecurity { + type filter hook postrouting priority security; policy accept; + } + + chain postroutingsecurityp10 { + type filter hook postrouting priority security + 10; policy accept; + } + + chain postroutingsecurityp11 { + type filter hook postrouting priority 61; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -111; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -89; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 89; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 111; policy accept; + } +} +table inet x { + chain preroutingrawm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingrawm10 { + type filter hook prerouting priority raw - 10; policy accept; + } + + chain preroutingraw { + type filter hook prerouting priority raw; policy accept; + } + + chain preroutingrawp10 { + type filter hook prerouting priority raw + 10; policy accept; + } + + chain preroutingrawp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain preroutingmanglem11 { + type filter hook prerouting priority -161; policy accept; + } + + chain preroutingmanglem10 { + type filter hook prerouting priority mangle - 10; policy accept; + } + + chain preroutingmangle { + type filter hook prerouting priority mangle; policy accept; + } + + chain preroutingmanglep10 { + type filter hook prerouting priority mangle + 10; policy accept; + } + + chain preroutingmanglep11 { + type filter hook prerouting priority -139; policy accept; + } + + chain preroutingfilterm11 { + type filter hook prerouting priority -11; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority 11; policy accept; + } + + chain preroutingsecuritym11 { + type filter hook prerouting priority 39; policy accept; + } + + chain preroutingsecuritym10 { + type filter hook prerouting priority security - 10; policy accept; + } + + chain preroutingsecurity { + type filter hook prerouting priority security; policy accept; + } + + chain preroutingsecurityp10 { + type filter hook prerouting priority security + 10; policy accept; + } + + chain preroutingsecurityp11 { + type filter hook prerouting priority 61; policy accept; + } + + chain inputrawm11 { + type filter hook input priority -311; policy accept; + } + + chain inputrawm10 { + type filter hook input priority raw - 10; policy accept; + } + + chain inputraw { + type filter hook input priority raw; policy accept; + } + + chain inputrawp10 { + type filter hook input priority raw + 10; policy accept; + } + + chain inputrawp11 { + type filter hook input priority -289; policy accept; + } + + chain inputmanglem11 { + type filter hook input priority -161; policy accept; + } + + chain inputmanglem10 { + type filter hook input priority mangle - 10; policy accept; + } + + chain inputmangle { + type filter hook input priority mangle; policy accept; + } + + chain inputmanglep10 { + type filter hook input priority mangle + 10; policy accept; + } + + chain inputmanglep11 { + type filter hook input priority -139; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain inputsecuritym11 { + type filter hook input priority 39; policy accept; + } + + chain inputsecuritym10 { + type filter hook input priority security - 10; policy accept; + } + + chain inputsecurity { + type filter hook input priority security; policy accept; + } + + chain inputsecurityp10 { + type filter hook input priority security + 10; policy accept; + } + + chain inputsecurityp11 { + type filter hook input priority 61; policy accept; + } + + chain forwardrawm11 { + type filter hook forward priority -311; policy accept; + } + + chain forwardrawm10 { + type filter hook forward priority raw - 10; policy accept; + } + + chain forwardraw { + type filter hook forward priority raw; policy accept; + } + + chain forwardrawp10 { + type filter hook forward priority raw + 10; policy accept; + } + + chain forwardrawp11 { + type filter hook forward priority -289; policy accept; + } + + chain forwardmanglem11 { + type filter hook forward priority -161; policy accept; + } + + chain forwardmanglem10 { + type filter hook forward priority mangle - 10; policy accept; + } + + chain forwardmangle { + type filter hook forward priority mangle; policy accept; + } + + chain forwardmanglep10 { + type filter hook forward priority mangle + 10; policy accept; + } + + chain forwardmanglep11 { + type filter hook forward priority -139; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -11; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority 11; policy accept; + } + + chain forwardsecuritym11 { + type filter hook forward priority 39; policy accept; + } + + chain forwardsecuritym10 { + type filter hook forward priority security - 10; policy accept; + } + + chain forwardsecurity { + type filter hook forward priority security; policy accept; + } + + chain forwardsecurityp10 { + type filter hook forward priority security + 10; policy accept; + } + + chain forwardsecurityp11 { + type filter hook forward priority 61; policy accept; + } + + chain outputrawm11 { + type filter hook output priority -311; policy accept; + } + + chain outputrawm10 { + type filter hook output priority raw - 10; policy accept; + } + + chain outputraw { + type filter hook output priority raw; policy accept; + } + + chain outputrawp10 { + type filter hook output priority raw + 10; policy accept; + } + + chain outputrawp11 { + type filter hook output priority -289; policy accept; + } + + chain outputmanglem11 { + type filter hook output priority -161; policy accept; + } + + chain outputmanglem10 { + type filter hook output priority mangle - 10; policy accept; + } + + chain outputmangle { + type filter hook output priority mangle; policy accept; + } + + chain outputmanglep10 { + type filter hook output priority mangle + 10; policy accept; + } + + chain outputmanglep11 { + type filter hook output priority -139; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } + + chain outputsecuritym11 { + type filter hook output priority 39; policy accept; + } + + chain outputsecuritym10 { + type filter hook output priority security - 10; policy accept; + } + + chain outputsecurity { + type filter hook output priority security; policy accept; + } + + chain outputsecurityp10 { + type filter hook output priority security + 10; policy accept; + } + + chain outputsecurityp11 { + type filter hook output priority 61; policy accept; + } + + chain postroutingrawm11 { + type filter hook postrouting priority -311; policy accept; + } + + chain postroutingrawm10 { + type filter hook postrouting priority raw - 10; policy accept; + } + + chain postroutingraw { + type filter hook postrouting priority raw; policy accept; + } + + chain postroutingrawp10 { + type filter hook postrouting priority raw + 10; policy accept; + } + + chain postroutingrawp11 { + type filter hook postrouting priority -289; policy accept; + } + + chain postroutingmanglem11 { + type filter hook postrouting priority -161; policy accept; + } + + chain postroutingmanglem10 { + type filter hook postrouting priority mangle - 10; policy accept; + } + + chain postroutingmangle { + type filter hook postrouting priority mangle; policy accept; + } + + chain postroutingmanglep10 { + type filter hook postrouting priority mangle + 10; policy accept; + } + + chain postroutingmanglep11 { + type filter hook postrouting priority -139; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -11; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority 11; policy accept; + } + + chain postroutingsecuritym11 { + type filter hook postrouting priority 39; policy accept; + } + + chain postroutingsecuritym10 { + type filter hook postrouting priority security - 10; policy accept; + } + + chain postroutingsecurity { + type filter hook postrouting priority security; policy accept; + } + + chain postroutingsecurityp10 { + type filter hook postrouting priority security + 10; policy accept; + } + + chain postroutingsecurityp11 { + type filter hook postrouting priority 61; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -111; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -89; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 89; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 111; policy accept; + } +} +table arp x { + chain inputfilterm11 { + type filter hook input priority -11; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority 11; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -11; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority 11; policy accept; + } +} +table netdev x { + chain ingressfilterm11 { + type filter hook ingress device lo priority -11; policy accept; + } + + chain ingressfilterm10 { + type filter hook ingress device lo priority filter - 10; policy accept; + } + + chain ingressfilter { + type filter hook ingress device lo priority filter; policy accept; + } + + chain ingressfilterp10 { + type filter hook ingress device lo priority filter + 10; policy accept; + } + + chain ingressfilterp11 { + type filter hook ingress device lo priority 11; policy accept; + } +} +table bridge x { + chain preroutingfilterm11 { + type filter hook prerouting priority -211; policy accept; + } + + chain preroutingfilterm10 { + type filter hook prerouting priority filter - 10; policy accept; + } + + chain preroutingfilter { + type filter hook prerouting priority filter; policy accept; + } + + chain preroutingfilterp10 { + type filter hook prerouting priority filter + 10; policy accept; + } + + chain preroutingfilterp11 { + type filter hook prerouting priority -189; policy accept; + } + + chain inputfilterm11 { + type filter hook input priority -211; policy accept; + } + + chain inputfilterm10 { + type filter hook input priority filter - 10; policy accept; + } + + chain inputfilter { + type filter hook input priority filter; policy accept; + } + + chain inputfilterp10 { + type filter hook input priority filter + 10; policy accept; + } + + chain inputfilterp11 { + type filter hook input priority -189; policy accept; + } + + chain forwardfilterm11 { + type filter hook forward priority -211; policy accept; + } + + chain forwardfilterm10 { + type filter hook forward priority filter - 10; policy accept; + } + + chain forwardfilter { + type filter hook forward priority filter; policy accept; + } + + chain forwardfilterp10 { + type filter hook forward priority filter + 10; policy accept; + } + + chain forwardfilterp11 { + type filter hook forward priority -189; policy accept; + } + + chain outputfilterm11 { + type filter hook output priority -211; policy accept; + } + + chain outputfilterm10 { + type filter hook output priority filter - 10; policy accept; + } + + chain outputfilter { + type filter hook output priority filter; policy accept; + } + + chain outputfilterp10 { + type filter hook output priority filter + 10; policy accept; + } + + chain outputfilterp11 { + type filter hook output priority -189; policy accept; + } + + chain postroutingfilterm11 { + type filter hook postrouting priority -211; policy accept; + } + + chain postroutingfilterm10 { + type filter hook postrouting priority filter - 10; policy accept; + } + + chain postroutingfilter { + type filter hook postrouting priority filter; policy accept; + } + + chain postroutingfilterp10 { + type filter hook postrouting priority filter + 10; policy accept; + } + + chain postroutingfilterp11 { + type filter hook postrouting priority -189; policy accept; + } + + chain preroutingdstnatm11 { + type filter hook prerouting priority -311; policy accept; + } + + chain preroutingdstnatm10 { + type filter hook prerouting priority dstnat - 10; policy accept; + } + + chain preroutingdstnat { + type filter hook prerouting priority dstnat; policy accept; + } + + chain preroutingdstnatp10 { + type filter hook prerouting priority dstnat + 10; policy accept; + } + + chain preroutingdstnatp11 { + type filter hook prerouting priority -289; policy accept; + } + + chain outputoutm11 { + type filter hook output priority 89; policy accept; + } + + chain outputoutm10 { + type filter hook output priority out - 10; policy accept; + } + + chain outputout { + type filter hook output priority out; policy accept; + } + + chain outputoutp10 { + type filter hook output priority out + 10; policy accept; + } + + chain outputoutp11 { + type filter hook output priority 111; policy accept; + } + + chain postroutingsrcnatm11 { + type filter hook postrouting priority 289; policy accept; + } + + chain postroutingsrcnatm10 { + type filter hook postrouting priority srcnat - 10; policy accept; + } + + chain postroutingsrcnat { + type filter hook postrouting priority srcnat; policy accept; + } + + chain postroutingsrcnatp10 { + type filter hook postrouting priority srcnat + 10; policy accept; + } + + chain postroutingsrcnatp11 { + type filter hook postrouting priority 311; policy accept; + } +} From patchwork Fri Aug 24 15:47:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= X-Patchwork-Id: 961902 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Fq7HfQYm"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41xm0c2fdQz9s0n for ; Sat, 25 Aug 2018 01:48:48 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726508AbeHXTX7 (ORCPT ); Fri, 24 Aug 2018 15:23:59 -0400 Received: from mail-wm0-f53.google.com ([74.125.82.53]:39224 "EHLO mail-wm0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726268AbeHXTX7 (ORCPT ); Fri, 24 Aug 2018 15:23:59 -0400 Received: by mail-wm0-f53.google.com with SMTP id q8-v6so2095359wmq.4 for ; Fri, 24 Aug 2018 08:48:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=0yUocyGXejtESUthFrjFY+T68tB8npXHM0jZd1V5d50=; b=Fq7HfQYm3ZI3HvZyIkKfJlIbHan8FHLPMUJZIPMUF3FJ/7HuBj0H8NbNKscY2oq1bj H7227elnzd3ZgZ0OMa4AieDx5TzF3dJsWKvNbjrrBh0LcvBONUynVdzPQDDzdVRcTXYJ siiZeVPoR9HTtjsQ/KgpCN1Qvwti0K9UscQ7fRcQsUDL7KiuAdgvkErB2rF+W4NES/8V pN5xBmnXu6RIwex2pt2lHrhVu+2dW5EM6sTpZoYRCo7SfgmNj43d5x7lD6eQZ1MGFczZ TDMHSauNnXGErYum+gYGqyXndJ05s3fCFv+DVEOQOcvoU2nHLLrNQwnc1avmhiQOQwBq UuXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=0yUocyGXejtESUthFrjFY+T68tB8npXHM0jZd1V5d50=; b=X0YRHFyW0ijf7dkkoaNsc14Xv6AAB3dstNtsVTEdxdpLUArV1A/b7fZ+jOgyshERsX jzxNIV1w4jy8Sw7IveKH4rxISLxaF9irl1B2fkUPmmwLyPYAi+7Sf0CWUmUFbd8OK7SI RGOVybESwyLPFJ6Nty9DmIOn/4QMTbZZ6WamrTs5B9Cdg6l8HK29qqgfdK96tqvt/Ra2 b6aRovM2KzakoQJ3Z9T3ZRnuXsoZbsmDqt/wEJb7Piobr8CKuxY81hY0j7f2p0oqzx9h QVYjlGiSgsxvLM86MJGJtl9ElQPmRtUzyOnFhxoAxkZdG/H2NJmqPTb6+fY/Ji7X0wQN sz2g== X-Gm-Message-State: APzg51Ar5EsQLf9PJZJRrD9ien1zf9lm8ok6Mx6k2o1Ldvz8nfXxFU9S NeRfYZOeTftAwbupHi0hpMl1c4iM X-Google-Smtp-Source: ANB0VdYiMioJwYJ2WTFYleGfSj5pXrOKY3iYWuOzI9+EzOxUNLgg8AxhVBIdSpUgq/S72iLU6CNDsg== X-Received: by 2002:a1c:d0c8:: with SMTP id h191-v6mr1639278wmg.155.1535125725454; Fri, 24 Aug 2018 08:48:45 -0700 (PDT) Received: from ecklm-lapos.localdomain (netacc-gpn-4-103-186.pool.telenor.hu. [84.224.103.186]) by smtp.gmail.com with ESMTPSA id r140-v6sm2415069wmd.7.2018.08.24.08.48.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Aug 2018 08:48:45 -0700 (PDT) From: =?utf-8?b?TcOhdMOpIEVja2w=?= To: netfilter-devel@vger.kernel.org Subject: [PATCH nft 2/2] test: shell: Test cases for standard prios for flowtables Date: Fri, 24 Aug 2018 17:47:17 +0200 Message-Id: <20180824154715.31008-2-ecklm94@gmail.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Máté Eckl --- tests/shell/testcases/flowtable/0007prio_0 | 24 ++++++++++++++++++++++ tests/shell/testcases/flowtable/0008prio_1 | 14 +++++++++++++ 2 files changed, 38 insertions(+) create mode 100755 tests/shell/testcases/flowtable/0007prio_0 create mode 100755 tests/shell/testcases/flowtable/0008prio_1 diff --git a/tests/shell/testcases/flowtable/0007prio_0 b/tests/shell/testcases/flowtable/0007prio_0 new file mode 100755 index 0000000..49bbcac --- /dev/null +++ b/tests/shell/testcases/flowtable/0007prio_0 @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e + +format_offset () { + i=$1 + if ((i == 0)) + then + echo "" + elif ((i > 0)) + then + echo "+$i" + else + echo "$i" + fi +} + +$NFT add table t +for offset in -11 -10 0 10 11 +do + $NFT add flowtable t f "{ hook ingress priority filter `format_offset $offset`; devices = { lo }; }" + $NFT delete flowtable t f +done + diff --git a/tests/shell/testcases/flowtable/0008prio_1 b/tests/shell/testcases/flowtable/0008prio_1 new file mode 100755 index 0000000..87084b9 --- /dev/null +++ b/tests/shell/testcases/flowtable/0008prio_1 @@ -0,0 +1,14 @@ +#!/bin/bash + +$NFT add table t +for prioname in raw mangle dstnar security srcnat out dummy +do + $NFT add flowtable t f { hook ingress priority $prioname \; devices = { lo }\; } + if (($? == 0)) + then + echo "E: $prioname should not be a valid priority name for flowtables" >&2 + exit 0 + fi +done + +exit 1