test: packet-log

2b669c10 · Kaarle Ritvanen · eabe4a9a · 2b669c10 · 2b669c10 · 2b669c10
Commit 2b669c10 authored Nov 03, 2017 by Kaarle Ritvanen
19 changed files
--- a/test/mandatory/log.json
+++ b/test/mandatory/log.json
@@ -3,6 +3,10 @@
 	"none": { "mode": "none" },
 	"ulog": { "mode": "ulog", "limit": { "interval": 5 } }
    },
+    "packet-log": [
+	{ "out": "_fw" },
+	{ "out": "_fw", "log": "ulog" }
+    ],
    "filter": [
 	{},
 	{ "action": "drop" },

--- a/test/output/address/dump
+++ b/test/output/address/dump
@@ -8044,6 +8044,16 @@ No-track 3              {"out":"_fw"}
  inet6/raw/PREROUTING  -m addrtype --dst-type LOCAL -j CT --notrack


+Packet-log 1          {"out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 1/second -j LOG
+  inet6/filter/INPUT  -m limit --limit 1/second -j LOG
+
+Packet-log 2          {"log":"ulog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG
+
+
 Service babel         {"port":6697,"proto":"tcp"}
 (services)            

@@ -10191,6 +10201,8 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT
@@ -13031,6 +13043,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/address/rules-save
+++ b/test/output/address/rules-save
@@ -1937,6 +1937,8 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/address/rules6-save
+++ b/test/output/address/rules6-save
@@ -559,6 +559,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/filter-limit/dump
+++ b/test/output/filter-limit/dump
@@ -35774,6 +35774,16 @@ No-track 3              {"out":"_fw"}
  inet6/raw/PREROUTING  -m addrtype --dst-type LOCAL -j CT --notrack


+Packet-log 1          {"out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 1/second -j LOG
+  inet6/filter/INPUT  -m limit --limit 1/second -j LOG
+
+Packet-log 2          {"log":"ulog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG
+
+
 Service babel         {"port":6697,"proto":"tcp"}
 (services)            

@@ -41445,6 +41455,8 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set 
 -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set 
 -A INPUT -j limit-1886
@@ -59939,6 +59951,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
 -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
 -A INPUT -j limit-1886
--- a/test/output/filter-limit/rules-save
+++ b/test/output/filter-limit/rules-save
@@ -5461,6 +5461,8 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set 
 -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set 
 -A INPUT -j limit-1886

--- a/test/output/filter-limit/rules6-save
+++ b/test/output/filter-limit/rules6-save
@@ -5435,6 +5435,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
 -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
 -A INPUT -j limit-1886

--- a/test/output/filter/dump
+++ b/test/output/filter/dump
@@ -392,6 +392,16 @@ No-track 3              {"out":"_fw"}
  inet6/raw/PREROUTING  -m addrtype --dst-type LOCAL -j CT --notrack


+Packet-log 1          {"out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 1/second -j LOG
+  inet6/filter/INPUT  -m limit --limit 1/second -j LOG
+
+Packet-log 2          {"log":"ulog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG
+
+
 Service babel         {"port":6697,"proto":"tcp"}
 (services)            

@@ -689,6 +699,8 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT
@@ -867,6 +879,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/filter/rules-save
+++ b/test/output/filter/rules-save
@@ -87,6 +87,8 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/filter/rules6-save
+++ b/test/output/filter/rules6-save
@@ -61,6 +61,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/no-track/dump
+++ b/test/output/no-track/dump
@@ -388,6 +388,16 @@ No-track 3              {"out":"_fw"}
  inet6/raw/PREROUTING  -m addrtype --dst-type LOCAL -j CT --notrack


+Packet-log 1          {"out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 1/second -j LOG
+  inet6/filter/INPUT  -m limit --limit 1/second -j LOG
+
+Packet-log 2          {"log":"ulog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG
+
+
 Service babel         {"port":6697,"proto":"tcp"}
 (services)            

@@ -681,6 +691,8 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT
@@ -863,6 +875,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/no-track/rules-save
+++ b/test/output/no-track/rules-save
@@ -83,6 +83,8 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/no-track/rules6-save
+++ b/test/output/no-track/rules6-save
@@ -51,6 +51,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/route-track/dump
+++ b/test/output/route-track/dump
@@ -322,6 +322,16 @@ No-track 3              {"out":"_fw"}
  inet6/raw/PREROUTING  -m addrtype --dst-type LOCAL -j CT --notrack


+Packet-log 1          {"out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 1/second -j LOG
+  inet6/filter/INPUT  -m limit --limit 1/second -j LOG
+
+Packet-log 2          {"log":"ulog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG
+
+
 Route-track 1              {"mark":4}
 (route-track)              
  inet/mangle/OUTPUT       -m mark --mark 0 -j MARK --set-mark 4
@@ -621,6 +631,8 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT
@@ -773,6 +785,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/route-track/rules-save
+++ b/test/output/route-track/rules-save
@@ -77,6 +77,8 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/route-track/rules6-save
+++ b/test/output/route-track/rules6-save
@@ -51,6 +51,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/tproxy/dump
+++ b/test/output/tproxy/dump
@@ -322,6 +322,16 @@ No-track 3              {"out":"_fw"}
  inet6/raw/PREROUTING  -m addrtype --dst-type LOCAL -j CT --notrack


+Packet-log 1          {"out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 1/second -j LOG
+  inet6/filter/INPUT  -m limit --limit 1/second -j LOG
+
+Packet-log 2          {"log":"ulog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG
+
+
 Service babel         {"port":6697,"proto":"tcp"}
 (services)            

@@ -615,6 +625,8 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT
@@ -766,6 +778,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/tproxy/rules-save
+++ b/test/output/tproxy/rules-save
@@ -77,6 +77,8 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT

--- a/test/output/tproxy/rules6-save
+++ b/test/output/tproxy/rules6-save
@@ -51,6 +51,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j ACCEPT