* [PATCH nft 1/2] tests: shell: move chain priority and policy to chain folder
@ 2019-08-09 11:34 Pablo Neira Ayuso
2019-08-09 11:34 ` [PATCH nft 2/2] tests: shell: use-after-free from abort path Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-08-09 11:34 UTC (permalink / raw)
To: netfilter-devel
Move new chain tests for variable priority and policy to chain folder.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
.../{nft-f/0021priority_variable_0 => chains/0031priority_variable_0} | 0
.../{nft-f/0022priority_variable_0 => chains/0032priority_variable_0} | 0
.../{nft-f/0023priority_variable_1 => chains/0033priority_variable_1} | 0
.../{nft-f/0024priority_variable_1 => chains/0034priority_variable_1} | 0
.../{nft-f/0025policy_variable_0 => chains/0035policy_variable_0} | 0
.../{nft-f/0026policy_variable_0 => chains/0036policy_variable_0} | 0
.../{nft-f/0027policy_variable_1 => chains/0037policy_variable_1} | 0
.../{nft-f/0028policy_variable_1 => chains/0038policy_variable_1} | 0
8 files changed, 0 insertions(+), 0 deletions(-)
rename tests/shell/testcases/{nft-f/0021priority_variable_0 => chains/0031priority_variable_0} (100%)
rename tests/shell/testcases/{nft-f/0022priority_variable_0 => chains/0032priority_variable_0} (100%)
rename tests/shell/testcases/{nft-f/0023priority_variable_1 => chains/0033priority_variable_1} (100%)
rename tests/shell/testcases/{nft-f/0024priority_variable_1 => chains/0034priority_variable_1} (100%)
rename tests/shell/testcases/{nft-f/0025policy_variable_0 => chains/0035policy_variable_0} (100%)
mode change 100644 => 100755
rename tests/shell/testcases/{nft-f/0026policy_variable_0 => chains/0036policy_variable_0} (100%)
mode change 100644 => 100755
rename tests/shell/testcases/{nft-f/0027policy_variable_1 => chains/0037policy_variable_1} (100%)
mode change 100644 => 100755
rename tests/shell/testcases/{nft-f/0028policy_variable_1 => chains/0038policy_variable_1} (100%)
mode change 100644 => 100755
diff --git a/tests/shell/testcases/nft-f/0021priority_variable_0 b/tests/shell/testcases/chains/0031priority_variable_0
similarity index 100%
rename from tests/shell/testcases/nft-f/0021priority_variable_0
rename to tests/shell/testcases/chains/0031priority_variable_0
diff --git a/tests/shell/testcases/nft-f/0022priority_variable_0 b/tests/shell/testcases/chains/0032priority_variable_0
similarity index 100%
rename from tests/shell/testcases/nft-f/0022priority_variable_0
rename to tests/shell/testcases/chains/0032priority_variable_0
diff --git a/tests/shell/testcases/nft-f/0023priority_variable_1 b/tests/shell/testcases/chains/0033priority_variable_1
similarity index 100%
rename from tests/shell/testcases/nft-f/0023priority_variable_1
rename to tests/shell/testcases/chains/0033priority_variable_1
diff --git a/tests/shell/testcases/nft-f/0024priority_variable_1 b/tests/shell/testcases/chains/0034priority_variable_1
similarity index 100%
rename from tests/shell/testcases/nft-f/0024priority_variable_1
rename to tests/shell/testcases/chains/0034priority_variable_1
diff --git a/tests/shell/testcases/nft-f/0025policy_variable_0 b/tests/shell/testcases/chains/0035policy_variable_0
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0025policy_variable_0
rename to tests/shell/testcases/chains/0035policy_variable_0
diff --git a/tests/shell/testcases/nft-f/0026policy_variable_0 b/tests/shell/testcases/chains/0036policy_variable_0
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0026policy_variable_0
rename to tests/shell/testcases/chains/0036policy_variable_0
diff --git a/tests/shell/testcases/nft-f/0027policy_variable_1 b/tests/shell/testcases/chains/0037policy_variable_1
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0027policy_variable_1
rename to tests/shell/testcases/chains/0037policy_variable_1
diff --git a/tests/shell/testcases/nft-f/0028policy_variable_1 b/tests/shell/testcases/chains/0038policy_variable_1
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0028policy_variable_1
rename to tests/shell/testcases/chains/0038policy_variable_1
--
2.11.0
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH nft 2/2] tests: shell: use-after-free from abort path
2019-08-09 11:34 [PATCH nft 1/2] tests: shell: move chain priority and policy to chain folder Pablo Neira Ayuso
@ 2019-08-09 11:34 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-08-09 11:34 UTC (permalink / raw)
To: netfilter-devel
Rule that fails to be added while holding a bound set triggers
user-after-free from the abort path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/shell/testcases/transactions/0050rule_1 | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100755 tests/shell/testcases/transactions/0050rule_1
diff --git a/tests/shell/testcases/transactions/0050rule_1 b/tests/shell/testcases/transactions/0050rule_1
new file mode 100755
index 000000000000..7c487e2e4710
--- /dev/null
+++ b/tests/shell/testcases/transactions/0050rule_1
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+RULESET="table inet filter {
+ flowtable ft {
+ hook ingress priority 0; devices = { x, y, z };
+ }
+
+chain forward {
+ type filter hook forward priority 0; policy drop;
+
+ ip protocol { tcp, udp } counter flow add @ft
+ ip6 nexthdr { tcp, udp } counter flow add @ft
+ counter
+ }
+}"
+
+$NFT -f - <<< "$RULESET" >/dev/null
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-09 11:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-09 11:34 [PATCH nft 1/2] tests: shell: move chain priority and policy to chain folder Pablo Neira Ayuso
2019-08-09 11:34 ` [PATCH nft 2/2] tests: shell: use-after-free from abort path Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).