19a0061b6Sopenharmony_ciFrom 0663cc944204ed3afa7fa4f7cf3beadb3ea8e1e4 Mon Sep 17 00:00:00 2001 29a0061b6Sopenharmony_ciFrom: chenzhen <vchanger123456@163.com> 39a0061b6Sopenharmony_ciDate: Fri, 1 Apr 2022 11:26:32 +0800 49a0061b6Sopenharmony_ciSubject: [PATCH] tests: extensions: add some testcases 59a0061b6Sopenharmony_ci 69a0061b6Sopenharmony_ciThese testcases are intended to test options of commonly used extentions like 79a0061b6Sopenharmony_ciDNAT/SNAT/tcp/udp as much as possible, covering normal and abnormal scenes. 89a0061b6Sopenharmony_ci 99a0061b6Sopenharmony_ciSigned-off-by: chenzhen <vchanger123456@163.com> 109a0061b6Sopenharmony_ci--- 119a0061b6Sopenharmony_ci extensions/libip6t_DNAT.t | 10 ++++++++++ 129a0061b6Sopenharmony_ci extensions/libip6t_DNAT.txlate | 3 +++ 139a0061b6Sopenharmony_ci extensions/libip6t_LOG.t | 1 + 149a0061b6Sopenharmony_ci extensions/libip6t_LOG.txlate | 9 +++++++++ 159a0061b6Sopenharmony_ci extensions/libip6t_MASQUERADE.t | 1 + 169a0061b6Sopenharmony_ci extensions/libip6t_REDIRECT.t | 3 +++ 179a0061b6Sopenharmony_ci extensions/libip6t_REJECT.t | 2 ++ 189a0061b6Sopenharmony_ci extensions/libip6t_SNAT.t | 9 +++++++++ 199a0061b6Sopenharmony_ci extensions/libip6t_connlimit.t | 16 ++++++++++++++++ 209a0061b6Sopenharmony_ci extensions/libip6t_icmp6.t | 5 +++++ 219a0061b6Sopenharmony_ci extensions/libip6t_rt.t | 6 ++++++ 229a0061b6Sopenharmony_ci extensions/libip6t_rt.txlate | 3 +++ 239a0061b6Sopenharmony_ci extensions/libipt_DNAT.t | 9 +++++++++ 249a0061b6Sopenharmony_ci extensions/libipt_DNAT.txlate | 3 +++ 259a0061b6Sopenharmony_ci extensions/libipt_LOG.t | 1 + 269a0061b6Sopenharmony_ci extensions/libipt_LOG.txlate | 9 +++++++++ 279a0061b6Sopenharmony_ci extensions/libipt_MASQUERADE.t | 1 + 289a0061b6Sopenharmony_ci extensions/libipt_NETMAP.t | 1 + 299a0061b6Sopenharmony_ci extensions/libipt_REDIRECT.t | 3 +++ 309a0061b6Sopenharmony_ci extensions/libipt_REJECT.t | 2 ++ 319a0061b6Sopenharmony_ci extensions/libipt_SNAT.t | 9 +++++++++ 329a0061b6Sopenharmony_ci extensions/libipt_icmp.t | 5 +++++ 339a0061b6Sopenharmony_ci extensions/libxt_iprange.t | 8 +++----- 349a0061b6Sopenharmony_ci extensions/libxt_limit.t | 8 ++++++++ 359a0061b6Sopenharmony_ci extensions/libxt_standard.t | 1 + 369a0061b6Sopenharmony_ci extensions/libxt_string.t | 33 +++++++++++++++++++-------------- 379a0061b6Sopenharmony_ci extensions/libxt_tcp.t | 3 +++ 389a0061b6Sopenharmony_ci iptables-test.py | 22 ++++++++++++++++++++++ 399a0061b6Sopenharmony_ci 28 files changed, 167 insertions(+), 19 deletions(-) 409a0061b6Sopenharmony_ci create mode 100644 extensions/libip6t_connlimit.t 419a0061b6Sopenharmony_ci 429a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_DNAT.t b/extensions/libip6t_DNAT.t 439a0061b6Sopenharmony_ciindex ec7d61f..e6de1fc 100644 449a0061b6Sopenharmony_ci--- a/extensions/libip6t_DNAT.t 459a0061b6Sopenharmony_ci+++ b/extensions/libip6t_DNAT.t 469a0061b6Sopenharmony_ci@@ -13,4 +13,14 @@ 479a0061b6Sopenharmony_ci -p tcp -j DNAT --to-destination [dead::beef-dead::fee7]:1000-2000/65535;=;OK 489a0061b6Sopenharmony_ci -p tcp -j DNAT --to-destination [dead::beef-dead::fee7]:1000-2000/0;;FAIL 499a0061b6Sopenharmony_ci -p tcp -j DNAT --to-destination [dead::beef-dead::fee7]:1000-2000/65536;;FAIL 509a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination dead::beef --random --persistent;=;OK 519a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination [dead::beef;;FAIL 529a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination [dead::beef]:65536;;FAIL 539a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination [dead::beef]:1-65536;;FAIL 549a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination [dead::beef]:1:65535;;FAIL 559a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination [dead::beef]:2-1;;FAIL 569a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination live::beef;;FAIL 579a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination dead::beef-live::beef;;FAIL 589a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination :65535;=;OK 599a0061b6Sopenharmony_ci -j DNAT;;FAIL 609a0061b6Sopenharmony_ci+-j DNAT -h;;OK 619a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_DNAT.txlate b/extensions/libip6t_DNAT.txlate 629a0061b6Sopenharmony_ciindex 03c4caf..e6b6218 100644 639a0061b6Sopenharmony_ci--- a/extensions/libip6t_DNAT.txlate 649a0061b6Sopenharmony_ci+++ b/extensions/libip6t_DNAT.txlate 659a0061b6Sopenharmony_ci@@ -9,3 +9,6 @@ nft add rule ip6 nat prerouting meta l4proto tcp counter dnat to [fec0::1234]:80 669a0061b6Sopenharmony_ci 679a0061b6Sopenharmony_ci ip6tables-translate -t nat -A prerouting -p tcp -j DNAT --to-destination [fec0::1234]:80 --random --persistent 689a0061b6Sopenharmony_ci nft add rule ip6 nat prerouting meta l4proto tcp counter dnat to [fec0::1234]:80 random,persistent 699a0061b6Sopenharmony_ci+ 709a0061b6Sopenharmony_ci+ip6tables-translate -t nat -A prerouting -p tcp -j DNAT --to-destination [dead::beef-dead::beef] 719a0061b6Sopenharmony_ci+nft add rule ip6 nat prerouting meta l4proto tcp counter dnat to dead::beef 729a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_LOG.t b/extensions/libip6t_LOG.t 739a0061b6Sopenharmony_ciindex fbf5118..e3fb58f 100644 749a0061b6Sopenharmony_ci--- a/extensions/libip6t_LOG.t 759a0061b6Sopenharmony_ci+++ b/extensions/libip6t_LOG.t 769a0061b6Sopenharmony_ci@@ -8,5 +8,6 @@ 779a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-tcp-options;=;OK 789a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-ip-options;=;OK 799a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-uid;=;OK 809a0061b6Sopenharmony_ci+-j LOG --log-prefix "test: " --log-macdecode;=;OK 819a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-level bad;;FAIL 829a0061b6Sopenharmony_ci -j LOG --log-prefix;;FAIL 839a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_LOG.txlate b/extensions/libip6t_LOG.txlate 849a0061b6Sopenharmony_ciindex 2820a82..6fa47af 100644 859a0061b6Sopenharmony_ci--- a/extensions/libip6t_LOG.txlate 869a0061b6Sopenharmony_ci+++ b/extensions/libip6t_LOG.txlate 879a0061b6Sopenharmony_ci@@ -6,3 +6,12 @@ nft add rule ip6 filter FORWARD meta l4proto tcp counter log level debug 889a0061b6Sopenharmony_ci 899a0061b6Sopenharmony_ci ip6tables-translate -A FORWARD -p tcp -j LOG --log-prefix "Checking log" 909a0061b6Sopenharmony_ci nft add rule ip6 filter FORWARD meta l4proto tcp counter log prefix \"Checking log\" 919a0061b6Sopenharmony_ci+ 929a0061b6Sopenharmony_ci+ip6tables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid 939a0061b6Sopenharmony_ci+nft add rule ip6 filter FORWARD meta l4proto tcp counter log flags tcp sequence,options flags ip options flags skuid 949a0061b6Sopenharmony_ci+ 959a0061b6Sopenharmony_ci+ip6tables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode 969a0061b6Sopenharmony_ci+nft add rule ip6 filter FORWARD meta l4proto tcp counter log flags all 979a0061b6Sopenharmony_ci+ 989a0061b6Sopenharmony_ci+ip6tables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-macdecode 999a0061b6Sopenharmony_ci+nft add rule ip6 filter FORWARD meta l4proto tcp counter log flags tcp sequence flags ether 1009a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_MASQUERADE.t b/extensions/libip6t_MASQUERADE.t 1019a0061b6Sopenharmony_ciindex e25d2a0..e254fa7 100644 1029a0061b6Sopenharmony_ci--- a/extensions/libip6t_MASQUERADE.t 1039a0061b6Sopenharmony_ci+++ b/extensions/libip6t_MASQUERADE.t 1049a0061b6Sopenharmony_ci@@ -7,3 +7,4 @@ 1059a0061b6Sopenharmony_ci -p udp -j MASQUERADE --to-ports 1024-65535;=;OK 1069a0061b6Sopenharmony_ci -p udp -j MASQUERADE --to-ports 1024-65536;;FAIL 1079a0061b6Sopenharmony_ci -p udp -j MASQUERADE --to-ports -1;;FAIL 1089a0061b6Sopenharmony_ci+-j MASQUERADE --to-ports 1024;;FAIL 1099a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_REDIRECT.t b/extensions/libip6t_REDIRECT.t 1109a0061b6Sopenharmony_ciindex a0fb0ed..4ea9f6e 100644 1119a0061b6Sopenharmony_ci--- a/extensions/libip6t_REDIRECT.t 1129a0061b6Sopenharmony_ci+++ b/extensions/libip6t_REDIRECT.t 1139a0061b6Sopenharmony_ci@@ -4,3 +4,6 @@ 1149a0061b6Sopenharmony_ci -p udp -j REDIRECT --to-ports 42-1234;=;OK 1159a0061b6Sopenharmony_ci -p tcp -j REDIRECT --to-ports 42-1234 --random;=;OK 1169a0061b6Sopenharmony_ci -j REDIRECT --to-ports 42;;FAIL 1179a0061b6Sopenharmony_ci+-p tcp -j REDIRECT --to-ports -1;;FAIL 1189a0061b6Sopenharmony_ci+-p tcp -j REDIRECT --to-ports 42-65536;;FAIL 1199a0061b6Sopenharmony_ci+-j REDIRECT -h;;OK 1209a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_REJECT.t b/extensions/libip6t_REJECT.t 1219a0061b6Sopenharmony_ciindex d2b337d..0ac8824 100644 1229a0061b6Sopenharmony_ci--- a/extensions/libip6t_REJECT.t 1239a0061b6Sopenharmony_ci+++ b/extensions/libip6t_REJECT.t 1249a0061b6Sopenharmony_ci@@ -9,3 +9,5 @@ 1259a0061b6Sopenharmony_ci -j REJECT --reject-with icmp6-reject-route;=;OK 1269a0061b6Sopenharmony_ci -p tcp -j REJECT --reject-with tcp-reset;=;OK 1279a0061b6Sopenharmony_ci -j REJECT --reject-with tcp-reset;;FAIL 1289a0061b6Sopenharmony_ci+-j REJECT --reject-with icmp6-wrong;;FAIL 1299a0061b6Sopenharmony_ci+-j REJECT -h;;OK 1309a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_SNAT.t b/extensions/libip6t_SNAT.t 1319a0061b6Sopenharmony_ciindex d188a6b..74ebd2b 100644 1329a0061b6Sopenharmony_ci--- a/extensions/libip6t_SNAT.t 1339a0061b6Sopenharmony_ci+++ b/extensions/libip6t_SNAT.t 1349a0061b6Sopenharmony_ci@@ -8,4 +8,13 @@ 1359a0061b6Sopenharmony_ci -p tcp -j SNAT --to-source [dead::beef-dead::fee7]:1025-65535;=;OK 1369a0061b6Sopenharmony_ci -p tcp -j SNAT --to-source [dead::beef-dead::fee7]:1025-65536;;FAIL 1379a0061b6Sopenharmony_ci -p tcp -j SNAT --to-source [dead::beef-dead::fee7]:1025-65535 --to-source [dead::beef-dead::fee8]:1025-65535;;FAIL 1389a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source dead::beef --random --random-fully --persistent;=;OK 1399a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source :65535;=;OK 1409a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source [dead::beef;;FAIL 1419a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source [dead::beef]:1-65536;;FAIL 1429a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source [dead::beef]:1:65535;;FAIL 1439a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source [dead::beef]:2-1;;FAIL 1449a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source live::beef;;FAIL 1459a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source dead::beef-live::beef;;FAIL 1469a0061b6Sopenharmony_ci -j SNAT;;FAIL 1479a0061b6Sopenharmony_ci+-j SNAT -h;;OK 1489a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_connlimit.t b/extensions/libip6t_connlimit.t 1499a0061b6Sopenharmony_cinew file mode 100644 1509a0061b6Sopenharmony_ciindex 0000000..808cef4 1519a0061b6Sopenharmony_ci--- /dev/null 1529a0061b6Sopenharmony_ci+++ b/extensions/libip6t_connlimit.t 1539a0061b6Sopenharmony_ci@@ -0,0 +1,16 @@ 1549a0061b6Sopenharmony_ci+:INPUT,FORWARD,OUTPUT 1559a0061b6Sopenharmony_ci+-m connlimit --connlimit-upto 0;=;OK 1569a0061b6Sopenharmony_ci+-m connlimit --connlimit-upto 4294967295;=;OK 1579a0061b6Sopenharmony_ci+-m connlimit --connlimit-upto 4294967296;;FAIL 1589a0061b6Sopenharmony_ci+-m connlimit --connlimit-upto -1;;FAIL 1599a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 0;=;OK 1609a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 4294967295;=;OK 1619a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 4294967296;;FAIL 1629a0061b6Sopenharmony_ci+-m connlimit --connlimit-above -1;;FAIL 1639a0061b6Sopenharmony_ci+-m connlimit --connlimit-upto 1 --conlimit-above 1;;FAIL 1649a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 10 --connlimit-saddr;-m connlimit --connlimit-above 10 --connlimit-mask 128 --connlimit-saddr;OK 1659a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 10 --connlimit-daddr;-m connlimit --connlimit-above 10 --connlimit-mask 128 --connlimit-daddr;OK 1669a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 10 --connlimit-saddr --connlimit-daddr;;FAIL 1679a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 10 --connlimit-mask 32 --connlimit-saddr;=;OK 1689a0061b6Sopenharmony_ci+-m connlimit --connlimit-above 10 --connlimit-mask 32 --connlimit-daddr;=;OK 1699a0061b6Sopenharmony_ci+-m connlimit;;FAIL 1709a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_icmp6.t b/extensions/libip6t_icmp6.t 1719a0061b6Sopenharmony_ciindex 028cfc1..73c42e7 100644 1729a0061b6Sopenharmony_ci--- a/extensions/libip6t_icmp6.t 1739a0061b6Sopenharmony_ci+++ b/extensions/libip6t_icmp6.t 1749a0061b6Sopenharmony_ci@@ -4,3 +4,8 @@ 1759a0061b6Sopenharmony_ci -p ipv6-icmp -m icmp6 --icmpv6-type 2;=;OK 1769a0061b6Sopenharmony_ci # cannot use option twice: 1779a0061b6Sopenharmony_ci -p ipv6-icmp -m icmp6 --icmpv6-type no-route --icmpv6-type packet-too-big;;FAIL 1789a0061b6Sopenharmony_ci+-p ipv6-icmp -m icmp6 ! --icmpv6-type 2;=;OK 1799a0061b6Sopenharmony_ci+-p ipv6-icmp -m icmp6 --icmpv6-type router;;FAIL 1809a0061b6Sopenharmony_ci+-p ipv6-icmp -m icmp6 --icmpv6-type -1;;FAIL 1819a0061b6Sopenharmony_ci+-p ipv6-icmp -m icmp6 --icmpv6-type 1/65536;;FAIL 1829a0061b6Sopenharmony_ci+-p ipv6-icmp -h;;OK 1839a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_rt.t b/extensions/libip6t_rt.t 1849a0061b6Sopenharmony_ciindex 3c7b2d9..730603e 100644 1859a0061b6Sopenharmony_ci--- a/extensions/libip6t_rt.t 1869a0061b6Sopenharmony_ci+++ b/extensions/libip6t_rt.t 1879a0061b6Sopenharmony_ci@@ -2,4 +2,10 @@ 1889a0061b6Sopenharmony_ci -m rt --rt-type 0 --rt-segsleft 1:23 --rt-len 42 --rt-0-res;=;OK 1899a0061b6Sopenharmony_ci -m rt --rt-type 0 ! --rt-segsleft 1:23 ! --rt-len 42 --rt-0-res;=;OK 1909a0061b6Sopenharmony_ci -m rt ! --rt-type 1 ! --rt-segsleft 12:23 ! --rt-len 42;=;OK 1919a0061b6Sopenharmony_ci+-m rt --rt-type 0 --rt-0-addrs beef::feed --rt-0-not-strict;=;OK 1929a0061b6Sopenharmony_ci+-m rt --rt-0-addrs beef::feed;;FAIL 1939a0061b6Sopenharmony_ci+-m rt --rt-0-res;;FAIL 1949a0061b6Sopenharmony_ci+-m rt --rt-type 0 --rt-0-not-strict;;FAIL 1959a0061b6Sopenharmony_ci+-m rt --rt-type 0 --rt-0-addrs beef::wrong --rt-0-not-strict;;FAIL 1969a0061b6Sopenharmony_ci+-m rt --rt-type 0 --rt-segsleft 1:1 --rt-len 42 --rt-0-res;-m rt --rt-type 0 --rt-segsleft 1 --rt-len 42 --rt-0-res;OK 1979a0061b6Sopenharmony_ci -m rt;=;OK 1989a0061b6Sopenharmony_cidiff --git a/extensions/libip6t_rt.txlate b/extensions/libip6t_rt.txlate 1999a0061b6Sopenharmony_ciindex 6464cf9..d07ab50 100644 2009a0061b6Sopenharmony_ci--- a/extensions/libip6t_rt.txlate 2019a0061b6Sopenharmony_ci+++ b/extensions/libip6t_rt.txlate 2029a0061b6Sopenharmony_ci@@ -12,3 +12,6 @@ nft add rule ip6 filter INPUT rt type 0 rt hdrlength 22 counter drop 2039a0061b6Sopenharmony_ci 2049a0061b6Sopenharmony_ci ip6tables-translate -A INPUT -m rt --rt-type 0 --rt-len 22 ! --rt-segsleft 26 -j ACCEPT 2059a0061b6Sopenharmony_ci nft add rule ip6 filter INPUT rt type 0 rt seg-left != 26 rt hdrlength 22 counter accept 2069a0061b6Sopenharmony_ci+ 2079a0061b6Sopenharmony_ci+ip6tables-translate -A INPUT -m rt --rt-type 0 --rt-len 22 --rt-segsleft 1:26 -j ACCEPT 2089a0061b6Sopenharmony_ci+nft add rule ip6 filter INPUT rt type 0 rt seg-left 1-26 rt hdrlength 22 counter accept 2099a0061b6Sopenharmony_cidiff --git a/extensions/libipt_DNAT.t b/extensions/libipt_DNAT.t 2109a0061b6Sopenharmony_ciindex 1c4413b..1146ef1 100644 2119a0061b6Sopenharmony_ci--- a/extensions/libipt_DNAT.t 2129a0061b6Sopenharmony_ci+++ b/extensions/libipt_DNAT.t 2139a0061b6Sopenharmony_ci@@ -13,4 +13,13 @@ 2149a0061b6Sopenharmony_ci -p tcp -j DNAT --to-destination 1.1.1.1:1000-2000/65535;=;OK 2159a0061b6Sopenharmony_ci -p tcp -j DNAT --to-destination 1.1.1.1:1000-2000/0;;FAIL 2169a0061b6Sopenharmony_ci -p tcp -j DNAT --to-destination 1.1.1.1:1000-2000/65536;;FAIL 2179a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.1 --random --persistent;=;OK 2189a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination :65535;=;OK 2199a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.1:1000;=;OK 2209a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.1:1025-65536;;FAIL 2219a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.1:1025:65535;;FAIL 2229a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.1:2000-1000;;FAIL 2239a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.a;;FAIL 2249a0061b6Sopenharmony_ci+-p tcp -j DNAT --to-destination 1.1.1.1-1.1.1.a;;FAIL 2259a0061b6Sopenharmony_ci -j DNAT;;FAIL 2269a0061b6Sopenharmony_ci+-j DNAT -h;;OK 2279a0061b6Sopenharmony_cidiff --git a/extensions/libipt_DNAT.txlate b/extensions/libipt_DNAT.txlate 2289a0061b6Sopenharmony_ciindex e88314d..5da8077 100644 2299a0061b6Sopenharmony_ci--- a/extensions/libipt_DNAT.txlate 2309a0061b6Sopenharmony_ci+++ b/extensions/libipt_DNAT.txlate 2319a0061b6Sopenharmony_ci@@ -12,3 +12,6 @@ nft add rule ip nat prerouting oifname "eth0" ip protocol tcp counter dnat to 1. 2329a0061b6Sopenharmony_ci 2339a0061b6Sopenharmony_ci iptables-translate -t nat -A prerouting -p tcp -o eth0 -j DNAT --to-destination 1.2.3.4 --random --persistent 2349a0061b6Sopenharmony_ci nft add rule ip nat prerouting oifname "eth0" ip protocol tcp counter dnat to 1.2.3.4 random,persistent 2359a0061b6Sopenharmony_ci+ 2369a0061b6Sopenharmony_ci+iptables-translate -t nat -A prerouting -p tcp -o eth0 -j DNAT --to-destination 1.2.3.4:1000-2000/65535 2379a0061b6Sopenharmony_ci+nft add rule ip nat prerouting oifname "eth0" ip protocol tcp counter dnat to 1.2.3.4:1000-2000;65535 2389a0061b6Sopenharmony_cidiff --git a/extensions/libipt_LOG.t b/extensions/libipt_LOG.t 2399a0061b6Sopenharmony_ciindex fbf5118..e3fb58f 100644 2409a0061b6Sopenharmony_ci--- a/extensions/libipt_LOG.t 2419a0061b6Sopenharmony_ci+++ b/extensions/libipt_LOG.t 2429a0061b6Sopenharmony_ci@@ -8,5 +8,6 @@ 2439a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-tcp-options;=;OK 2449a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-ip-options;=;OK 2459a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-uid;=;OK 2469a0061b6Sopenharmony_ci+-j LOG --log-prefix "test: " --log-macdecode;=;OK 2479a0061b6Sopenharmony_ci -j LOG --log-prefix "test: " --log-level bad;;FAIL 2489a0061b6Sopenharmony_ci -j LOG --log-prefix;;FAIL 2499a0061b6Sopenharmony_cidiff --git a/extensions/libipt_LOG.txlate b/extensions/libipt_LOG.txlate 2509a0061b6Sopenharmony_ciindex 81f64fb..ecb3304 100644 2519a0061b6Sopenharmony_ci--- a/extensions/libipt_LOG.txlate 2529a0061b6Sopenharmony_ci+++ b/extensions/libipt_LOG.txlate 2539a0061b6Sopenharmony_ci@@ -3,3 +3,12 @@ nft add rule ip filter FORWARD ip protocol tcp counter log level err 2549a0061b6Sopenharmony_ci 2559a0061b6Sopenharmony_ci iptables-translate -A FORWARD -p tcp -j LOG --log-prefix "Random prefix" 2569a0061b6Sopenharmony_ci nft add rule ip filter FORWARD ip protocol tcp counter log prefix \"Random prefix\" 2579a0061b6Sopenharmony_ci+ 2589a0061b6Sopenharmony_ci+iptables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid 2599a0061b6Sopenharmony_ci+nft add rule ip filter FORWARD ip protocol tcp counter log flags tcp sequence,options flags ip options flags skuid 2609a0061b6Sopenharmony_ci+ 2619a0061b6Sopenharmony_ci+iptables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options --log-uid --log-macdecode 2629a0061b6Sopenharmony_ci+nft add rule ip filter FORWARD ip protocol tcp counter log flags all 2639a0061b6Sopenharmony_ci+ 2649a0061b6Sopenharmony_ci+iptables-translate -A FORWARD -p tcp -j LOG --log-tcp-sequence --log-macdecode 2659a0061b6Sopenharmony_ci+nft add rule ip filter FORWARD ip protocol tcp counter log flags tcp sequence flags ether 2669a0061b6Sopenharmony_cidiff --git a/extensions/libipt_MASQUERADE.t b/extensions/libipt_MASQUERADE.t 2679a0061b6Sopenharmony_ciindex e25d2a0..e254fa7 100644 2689a0061b6Sopenharmony_ci--- a/extensions/libipt_MASQUERADE.t 2699a0061b6Sopenharmony_ci+++ b/extensions/libipt_MASQUERADE.t 2709a0061b6Sopenharmony_ci@@ -7,3 +7,4 @@ 2719a0061b6Sopenharmony_ci -p udp -j MASQUERADE --to-ports 1024-65535;=;OK 2729a0061b6Sopenharmony_ci -p udp -j MASQUERADE --to-ports 1024-65536;;FAIL 2739a0061b6Sopenharmony_ci -p udp -j MASQUERADE --to-ports -1;;FAIL 2749a0061b6Sopenharmony_ci+-j MASQUERADE --to-ports 1024;;FAIL 2759a0061b6Sopenharmony_cidiff --git a/extensions/libipt_NETMAP.t b/extensions/libipt_NETMAP.t 2769a0061b6Sopenharmony_ciindex 31924b9..1a0f23b 100644 2779a0061b6Sopenharmony_ci--- a/extensions/libipt_NETMAP.t 2789a0061b6Sopenharmony_ci+++ b/extensions/libipt_NETMAP.t 2799a0061b6Sopenharmony_ci@@ -2,3 +2,4 @@ 2809a0061b6Sopenharmony_ci *nat 2819a0061b6Sopenharmony_ci -j NETMAP --to 1.2.3.0/24;=;OK 2829a0061b6Sopenharmony_ci -j NETMAP --to 1.2.3.4;=;OK 2839a0061b6Sopenharmony_ci+-j NETMAP --to 1.2.3.4/33;;OK 2849a0061b6Sopenharmony_cidiff --git a/extensions/libipt_REDIRECT.t b/extensions/libipt_REDIRECT.t 2859a0061b6Sopenharmony_ciindex a0fb0ed..4ea9f6e 100644 2869a0061b6Sopenharmony_ci--- a/extensions/libipt_REDIRECT.t 2879a0061b6Sopenharmony_ci+++ b/extensions/libipt_REDIRECT.t 2889a0061b6Sopenharmony_ci@@ -4,3 +4,6 @@ 2899a0061b6Sopenharmony_ci -p udp -j REDIRECT --to-ports 42-1234;=;OK 2909a0061b6Sopenharmony_ci -p tcp -j REDIRECT --to-ports 42-1234 --random;=;OK 2919a0061b6Sopenharmony_ci -j REDIRECT --to-ports 42;;FAIL 2929a0061b6Sopenharmony_ci+-p tcp -j REDIRECT --to-ports -1;;FAIL 2939a0061b6Sopenharmony_ci+-p tcp -j REDIRECT --to-ports 42-65536;;FAIL 2949a0061b6Sopenharmony_ci+-j REDIRECT -h;;OK 2959a0061b6Sopenharmony_cidiff --git a/extensions/libipt_REJECT.t b/extensions/libipt_REJECT.t 2969a0061b6Sopenharmony_ciindex 5b26b10..8977eb6 100644 2979a0061b6Sopenharmony_ci--- a/extensions/libipt_REJECT.t 2989a0061b6Sopenharmony_ci+++ b/extensions/libipt_REJECT.t 2999a0061b6Sopenharmony_ci@@ -7,3 +7,5 @@ 3009a0061b6Sopenharmony_ci -j REJECT --reject-with icmp-net-prohibited;=;OK 3019a0061b6Sopenharmony_ci -j REJECT --reject-with icmp-host-prohibited;=;OK 3029a0061b6Sopenharmony_ci -j REJECT --reject-with icmp-admin-prohibited;=;OK 3039a0061b6Sopenharmony_ci+-j REJECT --reject-with echo-reply;;FAIL 3049a0061b6Sopenharmony_ci+-j REJECT -h;;OK 3059a0061b6Sopenharmony_cidiff --git a/extensions/libipt_SNAT.t b/extensions/libipt_SNAT.t 3069a0061b6Sopenharmony_ciindex 186e1cb..e88774a 100644 3079a0061b6Sopenharmony_ci--- a/extensions/libipt_SNAT.t 3089a0061b6Sopenharmony_ci+++ b/extensions/libipt_SNAT.t 3099a0061b6Sopenharmony_ci@@ -8,4 +8,13 @@ 3109a0061b6Sopenharmony_ci -p tcp -j SNAT --to-source 1.1.1.1-1.1.1.10:1025-65535;=;OK 3119a0061b6Sopenharmony_ci -p tcp -j SNAT --to-source 1.1.1.1-1.1.1.10:1025-65536;;FAIL 3129a0061b6Sopenharmony_ci -p tcp -j SNAT --to-source 1.1.1.1-1.1.1.10:1025-65535 --to-source 2.2.2.2-2.2.2.20:1025-65535;;FAIL 3139a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.1 --random --random-fully --persistent;=;OK 3149a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source :65535;=;OK 3159a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.1:1025;=;OK 3169a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.1:1025-65536;;FAIL 3179a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.1:1025:65535;;FAIL 3189a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.1:65535-1025;;FAIL 3199a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.a;;FAIL 3209a0061b6Sopenharmony_ci+-p tcp -j SNAT --to-source 1.1.1.1-1.1.1.a;;FAIL 3219a0061b6Sopenharmony_ci -j SNAT;;FAIL 3229a0061b6Sopenharmony_ci+-j SNAT -h;;OK 3239a0061b6Sopenharmony_cidiff --git a/extensions/libipt_icmp.t b/extensions/libipt_icmp.t 3249a0061b6Sopenharmony_ciindex f4ba65c..09771a3 100644 3259a0061b6Sopenharmony_ci--- a/extensions/libipt_icmp.t 3269a0061b6Sopenharmony_ci+++ b/extensions/libipt_icmp.t 3279a0061b6Sopenharmony_ci@@ -13,3 +13,8 @@ 3289a0061b6Sopenharmony_ci # we accept "iptables -I INPUT -p tcp -m tcp", why not this below? 3299a0061b6Sopenharmony_ci # ERROR: cannot load: iptables -A INPUT -p icmp -m icmp 3309a0061b6Sopenharmony_ci # -p icmp -m icmp;=;OK 3319a0061b6Sopenharmony_ci+-p icmp -m icmp ! --icmp-type 1/0;=;OK 3329a0061b6Sopenharmony_ci+-p icmp -m icmp --icmp-type router;;FAIL 3339a0061b6Sopenharmony_ci+-p icmp -m icmp --icmp-type -1;;FAIL 3349a0061b6Sopenharmony_ci+-p icmp -m icmp --icmp-type 1/65536;;FAIL 3359a0061b6Sopenharmony_ci+-p icmp -m icmp -h;;OK 3369a0061b6Sopenharmony_cidiff --git a/extensions/libxt_iprange.t b/extensions/libxt_iprange.t 3379a0061b6Sopenharmony_ciindex 6fd98be..34449f0 100644 3389a0061b6Sopenharmony_ci--- a/extensions/libxt_iprange.t 3399a0061b6Sopenharmony_ci+++ b/extensions/libxt_iprange.t 3409a0061b6Sopenharmony_ci@@ -3,9 +3,7 @@ 3419a0061b6Sopenharmony_ci -m iprange ! --src-range 1.1.1.1-1.1.1.10;=;OK 3429a0061b6Sopenharmony_ci -m iprange --dst-range 1.1.1.1-1.1.1.10;=;OK 3439a0061b6Sopenharmony_ci -m iprange ! --dst-range 1.1.1.1-1.1.1.10;=;OK 3449a0061b6Sopenharmony_ci-# it shows -A INPUT -m iprange --src-range 1.1.1.1-1.1.1.1, should we support this? 3459a0061b6Sopenharmony_ci-# ERROR: should fail: iptables -A INPUT -m iprange --src-range 1.1.1.1 3469a0061b6Sopenharmony_ci-# -m iprange --src-range 1.1.1.1;;FAIL 3479a0061b6Sopenharmony_ci-# ERROR: should fail: iptables -A INPUT -m iprange --dst-range 1.1.1.1 3489a0061b6Sopenharmony_ci-#-m iprange --dst-range 1.1.1.1;;FAIL 3499a0061b6Sopenharmony_ci+-m iprange --src-range 1.1.1.1;=;OK 3509a0061b6Sopenharmony_ci+-m iprange --dst-range 1.1.1.1;=;OK 3519a0061b6Sopenharmony_ci -m iprange;;FAIL 3529a0061b6Sopenharmony_ci+-m iprange -h;;OK 3539a0061b6Sopenharmony_cidiff --git a/extensions/libxt_limit.t b/extensions/libxt_limit.t 3549a0061b6Sopenharmony_ciindex b0af653..c06f91c 100644 3559a0061b6Sopenharmony_ci--- a/extensions/libxt_limit.t 3569a0061b6Sopenharmony_ci+++ b/extensions/libxt_limit.t 3579a0061b6Sopenharmony_ci@@ -4,3 +4,11 @@ 3589a0061b6Sopenharmony_ci -m limit --limit 1000/hour;=;OK 3599a0061b6Sopenharmony_ci -m limit --limit 1000/day;=;OK 3609a0061b6Sopenharmony_ci -m limit --limit 1/sec --limit-burst 1;=;OK 3619a0061b6Sopenharmony_ci+-m limit --limit 0/sec;;FAIL 3629a0061b6Sopenharmony_ci+-m limit --limit 1/bad;;FAIL 3639a0061b6Sopenharmony_ci+-m limit ! --limit 1/sec;;FAIL 3649a0061b6Sopenharmony_ci+# Rate too fast(> 10000/sec) 3659a0061b6Sopenharmony_ci+-m limit --limit 10001/second;;FAIL 3669a0061b6Sopenharmony_ci+# Default value for --limit 3679a0061b6Sopenharmony_ci+-m limit;-m limit --limit 3/hour;OK 3689a0061b6Sopenharmony_ci+-m limit -h;;OK 3699a0061b6Sopenharmony_cidiff --git a/extensions/libxt_standard.t b/extensions/libxt_standard.t 3709a0061b6Sopenharmony_ciindex 4313f7b..2f5f9d3 100644 3719a0061b6Sopenharmony_ci--- a/extensions/libxt_standard.t 3729a0061b6Sopenharmony_ci+++ b/extensions/libxt_standard.t 3739a0061b6Sopenharmony_ci@@ -9,3 +9,4 @@ 3749a0061b6Sopenharmony_ci -j ACCEPT;=;OK 3759a0061b6Sopenharmony_ci -j RETURN;=;OK 3769a0061b6Sopenharmony_ci ! -p 0 -j ACCEPT;=;FAIL 3779a0061b6Sopenharmony_ci+-j standard -h;;OK 3789a0061b6Sopenharmony_cidiff --git a/extensions/libxt_string.t b/extensions/libxt_string.t 3799a0061b6Sopenharmony_ciindex d68f099..0103eae 100644 3809a0061b6Sopenharmony_ci--- a/extensions/libxt_string.t 3819a0061b6Sopenharmony_ci+++ b/extensions/libxt_string.t 3829a0061b6Sopenharmony_ci@@ -1,18 +1,23 @@ 3839a0061b6Sopenharmony_ci :INPUT,FORWARD,OUTPUT 3849a0061b6Sopenharmony_ci-# ERROR: cannot find: iptables -I INPUT -m string --algo bm --string "test" 3859a0061b6Sopenharmony_ci-# -m string --algo bm --string "test";=;OK 3869a0061b6Sopenharmony_ci-# ERROR: cannot find: iptables -I INPUT -m string --algo kmp --string "test") 3879a0061b6Sopenharmony_ci-# -m string --algo kmp --string "test";=;OK 3889a0061b6Sopenharmony_ci-# ERROR: cannot find: iptables -I INPUT -m string --algo kmp ! --string "test" 3899a0061b6Sopenharmony_ci-# -m string --algo kmp ! --string "test";=;OK 3909a0061b6Sopenharmony_ci-# cannot find: iptables -I INPUT -m string --algo bm --string "xxxxxxxxxxx" ....] 3919a0061b6Sopenharmony_ci-# -m string --algo bm --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";=;OK 3929a0061b6Sopenharmony_ci-# ERROR: cannot load: iptables -A INPUT -m string --algo bm --string "xxxx" 3939a0061b6Sopenharmony_ci-# -m string --algo bm --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";=;OK 3949a0061b6Sopenharmony_ci-# ERROR: cannot load: iptables -A INPUT -m string --algo bm --hexstring "|0a0a0a0a|" 3959a0061b6Sopenharmony_ci-# -m string --algo bm --hexstring "|0a0a0a0a|";=;OK 3969a0061b6Sopenharmony_ci-# ERROR: cannot find: iptables -I INPUT -m string --algo bm --from 0 --to 65535 --string "test" 3979a0061b6Sopenharmony_ci-# -m string --algo bm --from 0 --to 65535 --string "test";=;OK 3989a0061b6Sopenharmony_ci+-m string --string "test" --algo bm;=;OK 3999a0061b6Sopenharmony_ci+-m string --string "test" --algo kmp;=;OK 4009a0061b6Sopenharmony_ci+-m string ! --string "test" --algo kmp;=;OK 4019a0061b6Sopenharmony_ci+-m string --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" --algo bm;=;OK 4029a0061b6Sopenharmony_ci+-m string --algo bm --string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";;FAIL 4039a0061b6Sopenharmony_ci+-m string --string "\\" --algo bm;-m string --hex-string "|5c|";OK 4049a0061b6Sopenharmony_ci+-m string --hex-string "|0a0a0a0a|" --algo bm;=;OK 4059a0061b6Sopenharmony_ci+-m string ! --hex-string "|0a0a0a0a|" --algo bm;=;OK 4069a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "| 0a|";-m string --hex-string "|0a|";OK 4079a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "|0a0|";;FAIL 4089a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "|ww|";;FAIL 4099a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "";;FAIL 4109a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "|0a\\|";;FAIL 4119a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "xxx\\";;FAIL 4129a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "|\\";;FAIL 4139a0061b6Sopenharmony_ci+-m string --algo bm --hex-string "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";;FAIL 4149a0061b6Sopenharmony_ci+-m string --string "test" --algo bm --from 1 --to 65535;=;OK 4159a0061b6Sopenharmony_ci -m string --algo wrong;;FAIL 4169a0061b6Sopenharmony_ci -m string --algo bm;;FAIL 4179a0061b6Sopenharmony_ci -m string;;FAIL 4189a0061b6Sopenharmony_ci+-m string --string "test" --algo bm --to 65535 --icase;=;OK 4199a0061b6Sopenharmony_ci+-m string -h;;OK 4209a0061b6Sopenharmony_cidiff --git a/extensions/libxt_tcp.t b/extensions/libxt_tcp.t 4219a0061b6Sopenharmony_ciindex b0e8006..bd6345f 100644 4229a0061b6Sopenharmony_ci--- a/extensions/libxt_tcp.t 4239a0061b6Sopenharmony_ci+++ b/extensions/libxt_tcp.t 4249a0061b6Sopenharmony_ci@@ -22,5 +22,8 @@ 4259a0061b6Sopenharmony_ci -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN;=;OK 4269a0061b6Sopenharmony_ci -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN;=;OK 4279a0061b6Sopenharmony_ci -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG RST;=;OK 4289a0061b6Sopenharmony_ci+-p tcp -m tcp --tcp-option 1;=;OK 4299a0061b6Sopenharmony_ci+-p tcp -m tcp --tcp-option -1;;FAIL 4309a0061b6Sopenharmony_ci+-p tcp -m tcp ! --tcp-option 1;=;OK 4319a0061b6Sopenharmony_ci # should we accept this below? 4329a0061b6Sopenharmony_ci -p tcp -m tcp;=;OK 4339a0061b6Sopenharmony_cidiff --git a/iptables-test.py b/iptables-test.py 4349a0061b6Sopenharmony_ciindex ca5efb1..f3e96f4 100755 4359a0061b6Sopenharmony_ci--- a/iptables-test.py 4369a0061b6Sopenharmony_ci+++ b/iptables-test.py 4379a0061b6Sopenharmony_ci@@ -64,6 +64,23 @@ def delete_rule(iptables, rule, filename, lineno): 4389a0061b6Sopenharmony_ci return 0 4399a0061b6Sopenharmony_ci 4409a0061b6Sopenharmony_ci 4419a0061b6Sopenharmony_ci+def list_rules(iptables, rule, filename, lineno): 4429a0061b6Sopenharmony_ci+ ''' 4439a0061b6Sopenharmony_ci+ list iptables rules 4449a0061b6Sopenharmony_ci+ ''' 4459a0061b6Sopenharmony_ci+ cmd = iptables + " -vvL " 4469a0061b6Sopenharmony_ci+ if " -t " in rule: 4479a0061b6Sopenharmony_ci+ cmd += " -t " + rule.split(" -t ")[1].split(" ")[0] 4489a0061b6Sopenharmony_ci+ 4499a0061b6Sopenharmony_ci+ ret = execute_cmd(cmd, filename, lineno) 4509a0061b6Sopenharmony_ci+ if ret: 4519a0061b6Sopenharmony_ci+ reason = "cannot list: " + iptables + " -vvL " + rule 4529a0061b6Sopenharmony_ci+ print_error(reason, filename, lineno) 4539a0061b6Sopenharmony_ci+ return -1 4549a0061b6Sopenharmony_ci+ 4559a0061b6Sopenharmony_ci+ return 0 4569a0061b6Sopenharmony_ci+ 4579a0061b6Sopenharmony_ci+ 4589a0061b6Sopenharmony_ci def run_test(iptables, rule, rule_save, res, filename, lineno, netns): 4599a0061b6Sopenharmony_ci ''' 4609a0061b6Sopenharmony_ci Executes an unit test. Returns the output of delete_rule(). 4619a0061b6Sopenharmony_ci@@ -151,6 +168,11 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns): 4629a0061b6Sopenharmony_ci if netns: 4639a0061b6Sopenharmony_ci return 0 4649a0061b6Sopenharmony_ci 4659a0061b6Sopenharmony_ci+ ret = list_rules(iptables, rule, filename, lineno) 4669a0061b6Sopenharmony_ci+ if ret < 0: 4679a0061b6Sopenharmony_ci+ delete_rule(iptables, rule, filename, lineno) 4689a0061b6Sopenharmony_ci+ return -1 4699a0061b6Sopenharmony_ci+ 4709a0061b6Sopenharmony_ci return delete_rule(iptables, rule, filename, lineno) 4719a0061b6Sopenharmony_ci 4729a0061b6Sopenharmony_ci def execute_cmd(cmd, filename, lineno): 4739a0061b6Sopenharmony_ci-- 4749a0061b6Sopenharmony_ci2.23.0 4759a0061b6Sopenharmony_ci 476