On Tue, Oct 17, 2017 at 01:02:18AM +0530, Harsha Sharma wrote:
> This test suite is intended to detect regressions in the translation
> infrastructure. The script checks if ip[6]tables-translate produces the
> expected output, otherwise it prints the wrong translation and the
> expected one.
>
> ** Arguments
>
> --all # Show also passed tests
> [test] # Run only the specified test file
>
> ** Test files structure
>
> Test files are located under extensions directory. Every file contains
> tests about specific extension translations. A test file name must end
> with ".txlate".
>
> Inside the files, every single test is defined by two consecutive lines:
> ip[6]tables-translate command and expected result. One blank line is left
> between tests by convention.
>
> e.g.
>
> $ cat extensions/libxt_cpu.txlate
> iptables-translate -A INPUT -p tcp --dport 80 -m cpu --cpu 0 -j ACCEPT
> nft add rule ip filter INPUT tcp dport 80 cpu 0 counter accept
>
> iptables-translate -A INPUT -p tcp --dport 80 -m cpu ! --cpu 1 -j ACCEPT
> nft add rule ip filter INPUT tcp dport 80 cpu != 1 counter accept
I think you should replace this commit description to what this really
does, eg.
libxt_TOS: add tests for translation infrastructure
This patch checks that the iptables TOS to nftables translation
works fine.
Please, revisit patch title and description and resubmit.
Thanks!
> Signed-off-by: Harsha Sharma <harshasharmaiitr@xxxxxxxxx>
> ---
> extensions/libxt_TOS.txlate | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
> create mode 100644 extensions/libxt_TOS.txlate
>
> diff --git a/extensions/libxt_TOS.txlate b/extensions/libxt_TOS.txlate
> new file mode 100644
> index 00000000..6d55eb24
> --- /dev/null
> +++ b/extensions/libxt_TOS.txlate
> @@ -0,0 +1,25 @@
> +ip6tables-translate -A INPUT -j TOS --set-tos 0x1f
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x07
> +
> +ip6tables-translate -A INPUT -j TOS --set-tos 0xff
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x3f
> +
> +ip6tables-translate -A INPUT -j TOS --set-tos Minimize-Delay
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x04
> +
> +ip6tables-translate -A INPUT -j TOS --set-tos Minimize-Cost
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x00
> +
> +ip6tables-translate -A INPUT -j TOS --set-tos Normal-Service
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x00
> +
> +ip6tables-translate -A INPUT -j TOS --and-tos 0x12
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x00
> +
> +ip6tables-translate -A INPUT -j TOS --or-tos 0x12
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x04
> +
> +ip6tables-translate -A INPUT -j TOS --xor-tos 0x12
> +nft add rule ip6 filter INPUT counter ip6 dscp set 0x04
> +
> +
> --
> 2.11.0
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
