From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxx> This test uses scapy to send a packet and test our packet/data path. We grep the 'nft list ruleset' output for a counter increment. If we like this approach, then we could easily add more testcases following the pattern in this patch. Reference: https://unixia.wordpress.com/2016/02/17/testing-with-scapy/ Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxx> --- tests/shell/testcases/scapy/0001_ip_ttl_0 | 33 +++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100755 tests/shell/testcases/scapy/0001_ip_ttl_0 diff --git a/tests/shell/testcases/scapy/0001_ip_ttl_0 b/tests/shell/testcases/scapy/0001_ip_ttl_0 new file mode 100755 index 0000000..1e4489e --- /dev/null +++ b/tests/shell/testcases/scapy/0001_ip_ttl_0 @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +# this testcase launches an IP packet with ttl=2. An input +# rule should capture the packet and increment the counter which +# we will then grep to know about the result + +import os +from subprocess import call +try: + from scapy.all import * +except ImportError: + sys.stderr.write("Unable to import scapy") + exit(0) + +# config +nft = os.environ['NFT'] +conf.L3socket = L3RawSocket + +# capturing ruleset +call([nft + " add table ip t"], shell=True) +call([nft + " add chain ip t c {type filter hook input priority 0 \; policy accept \;}"], shell=True) +call([nft + " add rule ip t c ip ttl 2 counter"], shell = True) + +# scapy packet +pkt = IP() +pkt.ttl = 2 +sr1(pkt, verbose=False) + +# results +ruleset = call([nft + " list ruleset | grep \"ip ttl 2 counter packets 1\" >/dev/null"], shell=True) +if ruleset != 0: + sys.stderr.write("Packet not captured by nftables?") + exit(1) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
