From a931115b4f26f4c69bc79f8b362dd194943d2a44 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Sun, 14 Sep 2014 21:50:28 +0200 Subject: [PATCH] Add test to check mark mapping Signed-off-by: Jozsef Kadlecsik --- tests/iptables.sh | 9 +++++++++ tests/match_target.t | 8 ++++++++ 2 files changed, 17 insertions(+) diff --git a/tests/iptables.sh b/tests/iptables.sh index 03d2e09..c5b9bf7 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -99,9 +99,18 @@ timeout) $ipset n test hash:ip,port timeout 2 $cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist ;; +mangle) + $ipset n test hash:net $family skbinfo 2>/dev/null + $ipset a test 10.255.0.0/16 skbmark 0x1234 2>/dev/null + $cmd -t mangle -A INPUT -j SET --map-set test src --map-mark + $cmd -t mangle -A INPUT -m mark --mark 0x1234 -j LOG --log-prefix "in set mark: " + $cmd -t mangle -A INPUT -s 10.255.0.0/16 -j DROP + ;; stop) $cmd -F $cmd -X + $cmd -F -t mangle + $cmd -X -t mangle $ipset -F 2>/dev/null $ipset -X 2>/dev/null ;; diff --git a/tests/match_target.t b/tests/match_target.t index cab8184..1739fae 100644 --- a/tests/match_target.t +++ b/tests/match_target.t @@ -80,4 +80,12 @@ 0 ipset test test 10.255.255.64,icmp:host-prohibited # Destroy sets and rules 0 ./iptables.sh inet stop +# Create test set and iptables rules +0 ./iptables.sh inet mangle +# Send probe packet from 10.255.255.64,udp:1025 +0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1 +# Check that proper sets matched and target worked +0 ./check_klog.sh 10.255.255.64 udp 1025 mark +# Destroy sets and rules +0 ./iptables.sh inet stop # eof -- 2.40.0