Add test to check mark mapping

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

diff --git a/tests/iptables.sh b/tests/iptables.sh
index 03d2e096471445dd1d8bf15374570dcffc538285..c5b9bf7ecf012e865f09b411810fe25130b2f0c2 100755 (executable)
--- a/tests/iptables.sh
+++ b/tests/iptables.sh
@@ -99,9 +99,18 @@ timeout)
        $ipset n test hash:ip,port timeout 2
        $cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist
        ;;
+mangle)
+       $ipset n test hash:net $family skbinfo 2>/dev/null
+       $ipset a test 10.255.0.0/16 skbmark 0x1234 2>/dev/null
+       $cmd -t mangle -A INPUT -j SET --map-set test src --map-mark
+       $cmd -t mangle -A INPUT -m mark --mark 0x1234 -j LOG --log-prefix "in set mark: "
+       $cmd -t mangle -A INPUT -s 10.255.0.0/16 -j DROP
+       ;;
 stop)
        $cmd -F
        $cmd -X
+       $cmd -F -t mangle
+       $cmd -X -t mangle
        $ipset -F 2>/dev/null
        $ipset -X 2>/dev/null
        ;;

diff --git a/tests/match_target.t b/tests/match_target.t
index cab818426a5dd95f98f2b6dd93fa0268972c9433..1739fae766644d71c9ac80c771502ddd8ac90bb9 100644 (file)
--- a/tests/match_target.t
+++ b/tests/match_target.t
@@ -80,4 +80,12 @@
 0 ipset test test 10.255.255.64,icmp:host-prohibited
 # Destroy sets and rules
 0 ./iptables.sh inet stop
+# Create test set and iptables rules
+0 ./iptables.sh inet mangle
+# Send probe packet from 10.255.255.64,udp:1025
+0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1
+# Check that proper sets matched and target worked
+0 ./check_klog.sh 10.255.255.64 udp 1025 mark
+# Destroy sets and rules
+0 ./iptables.sh inet stop
 # eof