Add unit tests for the use of reject with icmp inside netdev family. reject.t from inet family couldn't be reused because it was using meta nfproto which is not supported inside netdev. Signed-off-by: Jose M. Guisado Gomez <guigom@xxxxxxxxxx> --- tests/py/netdev/reject.t | 20 +++++++++++ tests/py/netdev/reject.t.payload | 60 ++++++++++++++++++++++++++++++++ tests/py/nft-test.py | 2 +- 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 tests/py/netdev/reject.t create mode 100644 tests/py/netdev/reject.t.payload diff --git a/tests/py/netdev/reject.t b/tests/py/netdev/reject.t new file mode 100644 index 00000000..a4434b6c --- /dev/null +++ b/tests/py/netdev/reject.t @@ -0,0 +1,20 @@ +:ingress;type filter hook ingress device lo priority 0 + +*netdev;test-netdev;ingress + +reject with icmp type host-unreachable;ok;reject +reject with icmp type net-unreachable;ok;reject +reject with icmp type prot-unreachable;ok;reject +reject with icmp type port-unreachable;ok;reject +reject with icmp type net-prohibited;ok;reject +reject with icmp type host-prohibited;ok;reject +reject with icmp type admin-prohibited;ok;reject + +reject with icmpv6 type no-route;ok;reject +reject with icmpv6 type admin-prohibited;ok;reject +reject with icmpv6 type addr-unreachable;ok;reject +reject with icmpv6 type port-unreachable;ok;reject +reject with icmpv6 type policy-fail;ok;reject +reject with icmpv6 type reject-route;ok;reject + +reject;ok diff --git a/tests/py/netdev/reject.t.payload b/tests/py/netdev/reject.t.payload new file mode 100644 index 00000000..71a66f9d --- /dev/null +++ b/tests/py/netdev/reject.t.payload @@ -0,0 +1,60 @@ +# reject with icmp type host-unreachable +netdev + [ reject type 0 code 1 ] + +# reject +netdev + [ reject type 2 code 1 ] + +# reject +netdev + [ reject type 2 code 1 ] + +# reject with icmp type admin-prohibited +netdev + [ reject type 0 code 13 ] + +# reject with icmp type net-unreachable +netdev + [ reject type 0 code 0 ] + +# reject with icmp type prot-unreachable +netdev + [ reject type 0 code 2 ] + +# reject with icmp type port-unreachable +netdev + [ reject type 0 code 3 ] + +# reject with icmp type net-prohibited +netdev + [ reject type 0 code 9 ] + +# reject with icmp type host-prohibited +netdev + [ reject type 0 code 10 ] + +# reject with icmpv6 type no-route +netdev + [ reject type 0 code 0 ] + +# reject with icmpv6 type admin-prohibited +netdev + [ reject type 0 code 1 ] + +# reject with icmpv6 type addr-unreachable +netdev + [ reject type 0 code 3 ] + +# reject with icmpv6 type port-unreachable +netdev + [ reject type 0 code 4 ] + +# reject with icmpv6 type policy-fail +netdev + [ reject type 0 code 5 ] + +# reject with icmpv6 type reject-route +netdev + [ reject type 0 code 6 ] + diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py index e7b5e01e..7ca5a22a 100755 --- a/tests/py/nft-test.py +++ b/tests/py/nft-test.py @@ -28,7 +28,7 @@ os.environ['TZ'] = 'UTC-2' from nftables import Nftables -TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"] +TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6", "netdev"] LOGFILE = "/tmp/nftables-test.log" log_file = None table_list = [] -- 2.28.0
