* [nftables] tests/py: Add Test for `meta time` @ 2019-03-18 9:47 Karuna Grewal [not found] ` <CAHRz_yZMsP2RQPu=8pTigq8SrYz9xYSef3S_d4ORAMkkYDEv4Q@mail.gmail.com> 2019-04-08 22:35 ` Pablo Neira Ayuso 0 siblings, 2 replies; 6+ messages in thread From: Karuna Grewal @ 2019-03-18 9:47 UTC (permalink / raw) To: pablo, fw; +Cc: netfilter-devel Signed-off-by: Karuna Grewal <karunagrewal98@gmail.com> --- tests/py/any/meta.t | 3 +++ tests/py/any/meta.t.json | 12 ++++++++++++ tests/py/any/meta.t.payload | 5 +++++ 3 files changed, 20 insertions(+) diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index d69b8b4e..3d23dc75 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -205,3 +205,6 @@ meta iif . meta oif vmap { "lo" . "lo" : drop };ok;iif . oif vmap { "lo" . "lo" meta random eq 1;ok;meta random 1 meta random gt 1000000;ok;meta random > 1000000 + +meta time 100;ok;meta timestamp 1m40s +meta time ;fail diff --git a/tests/py/any/meta.t.json b/tests/py/any/meta.t.json index 2cf91cda..faef4e26 100644 --- a/tests/py/any/meta.t.json +++ b/tests/py/any/meta.t.json @@ -2499,3 +2499,15 @@ } ] +# meta time 100 +[ + { + "match": { + "left": { + "meta": { "key": "time" } + }, + "op": "==", + "right": 100 + } + } +] \ No newline at end of file diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload index b32770f5..71c68e42 100644 --- a/tests/py/any/meta.t.payload +++ b/tests/py/any/meta.t.payload @@ -1021,3 +1021,8 @@ ip test-ip4 input [ meta load priority => reg 1 ] [ cmp eq reg 1 0x87654321 ] +# meta time 100 +ip test-ip4 input + [ meta load timestamp => reg 1 ] + [ cmp eq reg 1 0x00000064 ] + -- 2.17.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
[parent not found: <CAHRz_yZMsP2RQPu=8pTigq8SrYz9xYSef3S_d4ORAMkkYDEv4Q@mail.gmail.com>]
[parent not found: <20190318105545.qz5oddbjah4qc4fa@breakpoint.cc>]
[parent not found: <CAHRz_yYk_Yq5+Tp1J1jT2rVT0pHWjH37-F8Rdi1XCLWj79J6rg@mail.gmail.com>]
[parent not found: <20190318220923.5v64yccan6shhpnq@breakpoint.cc>]
* Re: [nftables] tests/py: Add Test for `meta time` [not found] ` <20190318220923.5v64yccan6shhpnq@breakpoint.cc> @ 2019-03-19 7:04 ` Karuna Grewal 2019-03-19 7:17 ` Florian Westphal 0 siblings, 1 reply; 6+ messages in thread From: Karuna Grewal @ 2019-03-19 7:04 UTC (permalink / raw) To: Florian Westphal; +Cc: netfilter-devel On Tue, Mar 19, 2019 at 3:39 AM Florian Westphal <fw@strlen.de> wrote: > > Karuna Grewal <karunagrewal98@gmail.com> wrote: > > command: add rule ip test-ip4 input meta time 100 > > Error: Could not process rule: Operation not supported > > This means that nft_meta.c doesn't recognize the TIME key. > You need to run the modified/patched kernel for this to work -- > it looks like nft_meta_get_init() hits the "default:" switch label. I'm running the tests against the new modified kernel (I've applied the patch to kernel 5.0.2) and when I logged a debug message it confirms that it's indeed hitting the default switch. But previously running nft against the nf-next fork of the kernel was recognising the `meta time`. This leaves me in a bit of confusion. Meanwhile I'm trying to verify other things, could you please confirm if the kernel tree isn't any issue here. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [nftables] tests/py: Add Test for `meta time` 2019-03-19 7:04 ` Karuna Grewal @ 2019-03-19 7:17 ` Florian Westphal 2019-03-19 7:27 ` Karuna Grewal 0 siblings, 1 reply; 6+ messages in thread From: Florian Westphal @ 2019-03-19 7:17 UTC (permalink / raw) To: Karuna Grewal; +Cc: Florian Westphal, netfilter-devel Karuna Grewal <karunagrewal98@gmail.com> wrote: > On Tue, Mar 19, 2019 at 3:39 AM Florian Westphal <fw@strlen.de> wrote: > > > > Karuna Grewal <karunagrewal98@gmail.com> wrote: > > > command: add rule ip test-ip4 input meta time 100 > > > Error: Could not process rule: Operation not supported > > > > This means that nft_meta.c doesn't recognize the TIME key. > > You need to run the modified/patched kernel for this to work -- > > it looks like nft_meta_get_init() hits the "default:" switch label. > I'm running the tests against the new modified kernel (I've applied > the patch to kernel 5.0.2) and when I logged a debug message it > confirms that it's indeed hitting the default switch. > But previously running nft against the nf-next fork of the kernel was > recognising the `meta time`. This leaves me in a bit of confusion. > Meanwhile I'm trying to verify other things, could you please confirm > if the kernel tree isn't any issue here. It looks like kernel and userspace disagree on the TIME_NS meta attribute enum value. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [nftables] tests/py: Add Test for `meta time` 2019-03-19 7:17 ` Florian Westphal @ 2019-03-19 7:27 ` Karuna Grewal 2019-03-19 7:50 ` Florian Westphal 0 siblings, 1 reply; 6+ messages in thread From: Karuna Grewal @ 2019-03-19 7:27 UTC (permalink / raw) To: Florian Westphal; +Cc: netfilter-devel Thanks. I checked that in the userspace the enum nft_meta_keys has additional values as compared to the linux 5.0.2 's nft_meta_keys but this isn't the case with the nf-next. I'll run the tests again with the nf-next kernel tree. Also, does this mean that I should stick to the nf-next kernel tree instead of the latest kernel release itself? On Tue, Mar 19, 2019 at 12:47 PM Florian Westphal <fw@strlen.de> wrote: > > Karuna Grewal <karunagrewal98@gmail.com> wrote: > > On Tue, Mar 19, 2019 at 3:39 AM Florian Westphal <fw@strlen.de> wrote: > > > > > > Karuna Grewal <karunagrewal98@gmail.com> wrote: > > > > command: add rule ip test-ip4 input meta time 100 > > > > Error: Could not process rule: Operation not supported > > > > > > This means that nft_meta.c doesn't recognize the TIME key. > > > You need to run the modified/patched kernel for this to work -- > > > it looks like nft_meta_get_init() hits the "default:" switch label. > > I'm running the tests against the new modified kernel (I've applied > > the patch to kernel 5.0.2) and when I logged a debug message it > > confirms that it's indeed hitting the default switch. > > But previously running nft against the nf-next fork of the kernel was > > recognising the `meta time`. This leaves me in a bit of confusion. > > Meanwhile I'm trying to verify other things, could you please confirm > > if the kernel tree isn't any issue here. > > It looks like kernel and userspace disagree on the TIME_NS meta attribute > enum value. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [nftables] tests/py: Add Test for `meta time` 2019-03-19 7:27 ` Karuna Grewal @ 2019-03-19 7:50 ` Florian Westphal 0 siblings, 0 replies; 6+ messages in thread From: Florian Westphal @ 2019-03-19 7:50 UTC (permalink / raw) To: Karuna Grewal; +Cc: Florian Westphal, netfilter-devel Karuna Grewal <karunagrewal98@gmail.com> wrote: > Thanks. I checked that in the userspace the enum nft_meta_keys has > additional values as compared to the linux 5.0.2 's nft_meta_keys but > this isn't the case with the nf-next. > I'll run the tests again with the nf-next kernel tree. > Also, does this mean that I should stick to the nf-next kernel tree > instead of the latest kernel release itself? nf-next lags behind at the moment, it will catch up soon. So, meanwhile you can use nf or even linus tree until nf-next is back in sync. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [nftables] tests/py: Add Test for `meta time` 2019-03-18 9:47 [nftables] tests/py: Add Test for `meta time` Karuna Grewal [not found] ` <CAHRz_yZMsP2RQPu=8pTigq8SrYz9xYSef3S_d4ORAMkkYDEv4Q@mail.gmail.com> @ 2019-04-08 22:35 ` Pablo Neira Ayuso 1 sibling, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2019-04-08 22:35 UTC (permalink / raw) To: Karuna Grewal; +Cc: fw, netfilter-devel On Mon, Mar 18, 2019 at 03:17:45PM +0530, Karuna Grewal wrote: > Signed-off-by: Karuna Grewal <karunagrewal98@gmail.com> > --- > tests/py/any/meta.t | 3 +++ > tests/py/any/meta.t.json | 12 ++++++++++++ > tests/py/any/meta.t.payload | 5 +++++ > 3 files changed, 20 insertions(+) > > diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t > index d69b8b4e..3d23dc75 100644 > --- a/tests/py/any/meta.t > +++ b/tests/py/any/meta.t > @@ -205,3 +205,6 @@ meta iif . meta oif vmap { "lo" . "lo" : drop };ok;iif . oif vmap { "lo" . "lo" > > meta random eq 1;ok;meta random 1 > meta random gt 1000000;ok;meta random > 1000000 > + > +meta time 100;ok;meta timestamp 1m40s I think the important thing here is to support for dates. I remember Florian mentioned we need a new datatype for this, to express dates. Still we need support for time range, ie. hh:mm[:ss]-hh:mm[:ss], monthdays and weekdays. We should _not_ support --kerneltz, that broken. We should just provide an alternative that works with UTC. Hopefully daylight saving will be removed everywhere soon (EU is planning for this), so we won't need --kerneltz. Talking by looking at what I see in man iptables-extensions when I look for the `time' match. Will you work on this? ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-04-08 22:35 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-03-18 9:47 [nftables] tests/py: Add Test for `meta time` Karuna Grewal [not found] ` <CAHRz_yZMsP2RQPu=8pTigq8SrYz9xYSef3S_d4ORAMkkYDEv4Q@mail.gmail.com> [not found] ` <20190318105545.qz5oddbjah4qc4fa@breakpoint.cc> [not found] ` <CAHRz_yYk_Yq5+Tp1J1jT2rVT0pHWjH37-F8Rdi1XCLWj79J6rg@mail.gmail.com> [not found] ` <20190318220923.5v64yccan6shhpnq@breakpoint.cc> 2019-03-19 7:04 ` Karuna Grewal 2019-03-19 7:17 ` Florian Westphal 2019-03-19 7:27 ` Karuna Grewal 2019-03-19 7:50 ` Florian Westphal 2019-04-08 22:35 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).