From b705a39b0a37b9b855b1ded6b4a2d4a919d293e3 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Tue, 16 Apr 2019 10:44:32 -0400 Subject: [PATCH 28/73] test: add tests for rich rule mark action Coverage for gh478. (cherry picked from commit 5840e1eea18a7a0070488491791a601905b90059) (cherry picked from commit d4c829bc667547e9ff2669b26164da9636b8b0ce) --- src/tests/regression.at | 1 + src/tests/regression/gh478.at | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 src/tests/regression/gh478.at diff --git a/src/tests/regression.at b/src/tests/regression.at index b6954f2c0fce..ab11a013897c 100644 --- a/src/tests/regression.at +++ b/src/tests/regression.at @@ -17,3 +17,4 @@ m4_include([regression/rhbz1601610.at]) m4_include([regression/gh303.at]) m4_include([regression/gh335.at]) m4_include([regression/gh482.at]) +m4_include([regression/gh478.at]) diff --git a/src/tests/regression/gh478.at b/src/tests/regression/gh478.at new file mode 100644 index 000000000000..5d5966513753 --- /dev/null +++ b/src/tests/regression/gh478.at @@ -0,0 +1,30 @@ +FWD_START_TEST([rich rule marks every packet]) +AT_KEYWORDS(rich mark gh478) + +FWD_CHECK([-q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10']) +FWD_CHECK([-q --add-rich-rule='rule protocol value=icmp mark set=11']) +FWD_CHECK([-q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12']) + +m4_if(nftables, FIREWALL_BACKEND, [ + NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl + table inet firewalld { + chain mangle_PRE_public_allow { + tcp dport 1234 mark set 0x0000000a + meta l4proto icmp mark set 0x0000000b + tcp sport 4321 mark set 0x0000000c + } + } + ])], [ + IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl + MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa + MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb + MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc + ]) + IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl + MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa + MARK icmp ::/0 ::/0 MARK set 0xb + MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc + ]) +]) + +FWD_END_TEST -- 2.20.1