Hi all,
I've been trying to write a python test for socket matching I am about to
introduce, but I cannot generate a payload file for it. Florian told me that if
I provide an empty payload file, it will be autogenerated, but it does not.
Here are my files and outputs:
$ cat inet/socket.t
:sockchain;type filter hook prerouting priority -150
*ip;sockip4;sockchain
#*ip6;sockip6;sockchain
socket exists;ok
#socket flags transparent;ok
$ cat inet/socket.t.payload
$ ./nft-test.py -d inet/socket.t
list table ip sockip4
add table ip sockip4
list table ip sockip4
list chain ip sockip4 sockchain
add chain ip sockip4 sockchain { type filter hook prerouting priority -150; }
list chain ip sockip4 sockchain
/home/ecklm/netfilter/nftables/tests/py/inet/socket.t.payload: ERROR: line 2: did not find payload information for rule 'socket exists'
flush table ip sockip4
add rule ip sockip4 sockchain socket exists
inet/socket.t: ERROR: line 7: add rule ip sockip4 sockchain socket exists: This rule should not have failed.
list chain ip sockip4 sockchain
flush chain ip sockip4 sockchain
delete chain ip sockip4 sockchain
list chain ip sockip4 sockchain
list table ip sockip4
delete table ip sockip4
list table ip sockip4
inet/socket.t: 1 unit tests, 1 error, 0 warning
If I add the output of `nft --debug=netlink add rule ip sockip4 sockchain socket
exists`, it still complains about missing payload info.
And this is how it looks when I add it manually:
table ip sockip4 {
chain sockchain {
type filter hook prerouting priority -150; policy accept;
socket exists
}
}
It works fine, I've tested it.
I find it interesting that the first error complaining about the lack of payload
is printed right after listing the sockip4 chain (in a file that has no line 2).
Can anybody help me with this?
This information would also be helpful in the README which does not include
anything about this. I would write about it in the README if I found out how to
do this.
Regards,
Máté
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
