rpms / firewalld

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0028-test-add-tests-for-rich-rule-mark-action.patch
Blob Blame History Raw 
From b705a39b0a37b9b855b1ded6b4a2d4a919d293e3 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 16 Apr 2019 10:44:32 -0400
Subject: [PATCH 28/73] test: add tests for rich rule mark action

Coverage for gh478.

(cherry picked from commit 5840e1eea18a7a0070488491791a601905b90059)
(cherry picked from commit d4c829bc667547e9ff2669b26164da9636b8b0ce)
---
 src/tests/regression.at       |  1 +
 src/tests/regression/gh478.at | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 src/tests/regression/gh478.at

diff --git a/src/tests/regression.at b/src/tests/regression.at
index b6954f2c0fce..ab11a013897c 100644
--- a/src/tests/regression.at
+++ b/src/tests/regression.at
@@ -17,3 +17,4 @@ m4_include([regression/rhbz1601610.at])
 m4_include([regression/gh303.at])
 m4_include([regression/gh335.at])
 m4_include([regression/gh482.at])
+m4_include([regression/gh478.at])
diff --git a/src/tests/regression/gh478.at b/src/tests/regression/gh478.at
new file mode 100644
index 000000000000..5d5966513753
--- /dev/null
+++ b/src/tests/regression/gh478.at
@@ -0,0 +1,30 @@
+FWD_START_TEST([rich rule marks every packet])
+AT_KEYWORDS(rich mark gh478)
+
+FWD_CHECK([-q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10'])
+FWD_CHECK([-q --add-rich-rule='rule protocol value=icmp mark set=11'])
+FWD_CHECK([-q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12'])
+
+m4_if(nftables, FIREWALL_BACKEND, [
+	NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl
+		table inet firewalld {
+		chain mangle_PRE_public_allow {
+		tcp dport 1234 mark set 0x0000000a
+		meta l4proto icmp mark set 0x0000000b
+		tcp sport 4321 mark set 0x0000000c
+		}
+		}
+	])], [
+    IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl
+		MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa
+		MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb
+		MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc
+    ])
+    IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl
+		MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa
+		MARK icmp ::/0 ::/0 MARK set 0xb
+		MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc
+    ])
+])
+
+FWD_END_TEST
-- 
2.20.1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation