use_pty:FALSE /usr/share/restraint/plugins/run_task_plugins bash ./runtest.sh Last metadata expiration check: 1:04:06 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package nmap-ncat-3:7.93-1.fc38.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 1:04:08 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package lksctp-tools-1.0.19-2.fc37.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 1:04:11 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package tcpdump-14:4.99.2-1.fc38.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 1:04:13 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package conntrack-tools-1.4.6-5.fc38.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 1:04:16 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package nftables-1:1.0.5-1.fc38.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 1:04:18 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package ipset-7.17-1.fc38.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 1:04:21 ago on Tue 24 Jan 2023 01:23:24 PM EST. Package ipvsadm-1.31-8.fc37.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! netfilter_install(): Need paramter! /usr/sbin/iptables :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv4 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:27:47 ] :: [ BEGIN ] :: ipv4 topo init done... :: actually running 'do_setup ipv4' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv4x == \i\p\v\6\x ]] +++ [[ ipv4x == \i\p\v\4\x ]] +++ ip netns exec router sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 +++ ip_c=10.167.1.1 +++ ip_s=10.167.2.2 +++ ip_rc=10.167.1.254 +++ ip_rs=10.167.2.254 +++ unset nodad +++ N=24 +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 10.167.2.2 (10.167.2.2) from 10.167.1.1 c_r: 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.062 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.066 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.116 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.046 ms --- 10.167.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 824ms rtt min/avg/max/mdev = 0.046/0.073/0.116/0.023 ms PING 10.167.1.1 (10.167.1.1) from 10.167.2.2 s_r: 56(84) bytes of data. 64 bytes from 10.167.1.1: icmp_seq=1 ttl=63 time=0.038 ms 64 bytes from 10.167.1.1: icmp_seq=2 ttl=63 time=0.035 ms 64 bytes from 10.167.1.1: icmp_seq=3 ttl=63 time=0.047 ms 64 bytes from 10.167.1.1: icmp_seq=4 ttl=63 time=0.074 ms 64 bytes from 10.167.1.1: icmp_seq=5 ttl=63 time=0.054 ms --- 10.167.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 833ms rtt min/avg/max/mdev = 0.035/0.049/0.074/0.013 ms :: [ 14:27:51 ] :: [ PASS ] :: ipv4 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv4) ** Forward-ipv4 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: iptables: Basic TARGETS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:51 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:27:52 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:27:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:52 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:27:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 14:27:52 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 14:27:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -N TEST' :: [ 14:27:52 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -N TEST' (Expected 0, got 0) :: [ 14:27:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -X' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -X' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:27:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:53 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:27:54 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -N TEST' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -N TEST' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.040 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 14:27:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 14:27:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -X' :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -X' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:55 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:55 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:27:56 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.050 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.050/0.050/0.050/0.000 ms :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:57 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:27:58 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:27:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:27:58 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:27:59 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:27:59 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:27:59 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:27:59 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:27:59 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:27:59 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 14:27:59 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:27:59 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 14:27:59 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:00 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 14:28:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.040 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:02 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:03 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -N TEST' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -N TEST' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -X' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -X' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 14:28:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:04 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:04 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:04 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:04 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:05 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -N TEST' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -N TEST' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -X' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -X' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:05 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:06 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:06 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 14:28:06 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 14:28:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -N TEST' :: [ 14:28:06 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -N TEST' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -X' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -X' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:07 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:08 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -N TEST' :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -N TEST' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 14:28:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -X' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -X' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -F' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -F' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -F' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -F' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -N TEST' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -N TEST' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -F' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -F' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -X' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -X' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:10 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:28:10 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:11 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:11 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:11 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:11 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -N TEST' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.045 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.045/0.045/0.045/0.000 ms :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -X' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -X' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -N TEST' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -X' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -X' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- * r_s 10.167.1.1 10.167.2.2 :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:14 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:15 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- * r_s 10.167.1.1 10.167.2.2 :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -N TEST' :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.046 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- * r_s 10.167.1.1 10.167.2.2 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- * r_s 10.167.1.1 10.167.2.2 :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -X' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -X' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.045 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.045/0.045/0.045/0.000 ms :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -F' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:16 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:17 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -F' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -N TEST' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -N TEST' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -F' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -F' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -X' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -X' (Expected 0, got 0) :: [ 14:28:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:28:18 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -F' :: [ 14:28:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -F' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:18 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:28:19 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -F' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -F' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -N TEST' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -N TEST' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.047 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.047/0.047/0.047/0.000 ms :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -L -n -v' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -F' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -F' (Expected 0, got 0) :: [ 14:28:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -X' :: [ 14:28:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -X' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 28s :: Assertions: 304 good, 0 bad :: RESULT: PASS (iptables: Basic TARGETS) ** iptables-Basic-TARGETS PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: iptables: Plain NAT test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:28:20 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server modprobe sctp && SCTP=true ' :: [ 14:28:20 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:28:20 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 1' :: [ 14:28:21 ] :: [ PASS ] :: Command 'ip netns exec server sleep 1' (Expected 0, got 0) :: [ 14:28:21 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination 10.167.2.2:9999' :: [ 14:28:21 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination 10.167.2.2:9999' (Expected 0, got 0) :: [ 14:28:21 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination 10.167.2.2:9999' :: [ 14:28:21 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination 10.167.2.2:9999' (Expected 0, got 0) :: [ 14:28:21 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:28:21 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -u -l 9999 ' :: [ 14:28:21 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec router tcpdump -nni r_s -w dnat.pcap ' :: [ 14:28:21 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -l 9999 ' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 14:28:24 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:28:24 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 10.167.1.254 8888' abc :: [ 14:28:24 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:28:24 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 10.167.1.254 8888' (Expected 0, got 0) :: [ 14:28:24 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 -u 10.167.1.254 8888' abc :: [ 14:28:24 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 -u 10.167.1.254 8888' (Expected 0, got 0) :: [ 14:28:24 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 2 flow entries have been shown. udp 17 29 src=10.167.1.1 dst=10.167.1.254 sport=41133 dport=8888 [UNREPLIED] src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=41133 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 119 TIME_WAIT src=10.167.1.1 dst=10.167.1.254 sport=40532 dport=8888 src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=40532 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 14:28:24 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:28:24 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination 10.167.2.2:9999' :: [ 14:28:24 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination 10.167.2.2:9999' (Expected 0, got 0) :: [ 14:28:24 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:28:24 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=0.0.0.0, port=distinct, family=2 seed = 1674588504 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 14:28:27 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:28:27 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.1.254 -p 8888 -s -c 1 -x 1 -X 1' remote:addr=10.167.1.254, port=ddi-tcp-1, family=2 local:addr=10.167.1.1, port=6013, family=2 seed = 1674588507 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:10.167.1.1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) Data 1452 bytes.(stream=0 flags=0x1 ppid=1295328498 First 10 bytes: close(sk=3) 012345678 recvmsg(sk=3) :: [ 14:28:27 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.1.254 -p 8888 -s -c 1 -x 1 -X 1' (Expected 0, got 0) :: [ 14:28:27 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 3 flow entries have been shown. udp 17 26 src=10.167.1.1 dst=10.167.1.254 sport=41133 dport=8888 [UNREPLIED] src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=41133 secctx=system_u:object_r:unlabeled_t:s0 use=1 sctp 132 431999 ESTABLISHED src=10.167.1.1 dst=10.167.1.254 sport=6013 dport=8888 src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=6013 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 116 TIME_WAIT src=10.167.1.1 dst=10.167.1.254 sport=40532 dport=8888 src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=40532 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 14:28:27 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:28:27 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 14:28:27 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 14:28:27 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' Notification: SCTP_ASSOC_CHANGE(COMMUNICATION_LOST) (assoc_change: state=1, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 14:28:29 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 18 packets captured 18 packets received by filter 0 packets dropped by kernel Terminated :: [ 14:28:29 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 14:28:29 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 14:28:29 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:28:30 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file dnat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 14:28:24.436400 IP 10.167.1.1.40532 > 10.167.2.2.9999: Flags [S], seq 1006890246, win 64240, options [mss 1460,sackOK,TS val 486144207 ecr 0,nop,wscale 7], length 0 14:28:24.436421 IP 10.167.2.2.9999 > 10.167.1.1.40532: Flags [S.], seq 1042275703, ack 1006890247, win 65160, options [mss 1460,sackOK,TS val 1161036337 ecr 486144207,nop,wscale 7], length 0 14:28:24.436445 IP 10.167.1.1.40532 > 10.167.2.2.9999: Flags [.], ack 1, win 502, options [nop,nop,TS val 486144207 ecr 1161036337], length 0 14:28:24.436539 IP 10.167.1.1.40532 > 10.167.2.2.9999: Flags [P.], seq 1:5, ack 1, win 502, options [nop,nop,TS val 486144207 ecr 1161036337], length 4 14:28:24.436541 IP 10.167.2.2.9999 > 10.167.1.1.40532: Flags [F.], seq 1, ack 1, win 510, options [nop,nop,TS val 1161036337 ecr 486144207], length 0 14:28:24.436552 IP 10.167.1.1.40532 > 10.167.2.2.9999: Flags [F.], seq 5, ack 1, win 502, options [nop,nop,TS val 486144207 ecr 1161036337], length 0 14:28:24.436573 IP 10.167.1.1.40532 > 10.167.2.2.9999: Flags [.], ack 2, win 502, options [nop,nop,TS val 486144207 ecr 1161036337], length 0 14:28:24.436582 IP 10.167.2.2.9999 > 10.167.1.1.40532: Flags [.], ack 6, win 510, options [nop,nop,TS val 1161036337 ecr 486144207], length 0 14:28:24.513099 IP 10.167.1.1.41133 > 10.167.2.2.9999: UDP, length 4 14:28:27.695960 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [INIT] [init tag: 2816485152] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3360326398] 14:28:27.696009 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [INIT ACK] [init tag: 1534111243] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 929927016] 14:28:27.696050 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [COOKIE ECHO] 14:28:27.696052 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [DATA] (U)(B) [TSN: 3360326398] [SID: 0] [SSEQ 0] [PPID 0xf224354d] 14:28:27.696169 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [COOKIE ACK] 14:28:27.696173 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [SACK] [cum ack 3360326398] [a_rwnd 105244] [#gap acks 0] [#dup tsns 0] 14:28:27.696201 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [DATA] (U)(E) [TSN: 3360326399] [SID: 0] [SSEQ 0] [PPID 0xf224354d] 14:28:27.900642 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [SACK] [cum ack 3360326399] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 14:28:27.900682 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [ABORT] egrep: warning: egrep is obsolescent; using grep -E :: [ 14:28:30 ] :: [ INFO ] :: Sending dnat.pcap as dnat.pcap Uploading dnat.pcap .done :: [ 14:28:30 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 60 DNAT 6 -- r_c * 0.0.0.0/0 0.0.0.0/0 to:10.167.2.2:9999 1 32 DNAT 17 -- r_c * 0.0.0.0/0 0.0.0.0/0 to:10.167.2.2:9999 1 68 DNAT 132 -- r_c * 0.0.0.0/0 0.0.0.0/0 to:10.167.2.2:9999 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:30 ] :: [ PASS ] :: Command 'ip netns exec router iptables -tnat -nvL' (Expected 0, got 0) :: [ 14:28:30 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -tnat -F' :: [ 14:28:30 ] :: [ PASS ] :: Command 'ip netns exec router iptables -tnat -F' (Expected 0, got 0) Terminated :: [ 14:28:31 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 14:28:31 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source 10.167.2.254:1234' :: [ 14:28:31 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source 10.167.2.254:1234' (Expected 0, got 0) :: [ 14:28:31 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source 10.167.2.254:1234' :: [ 14:28:31 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source 10.167.2.254:1234' (Expected 0, got 0) :: [ 14:28:31 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' :: [ 14:28:31 ] :: [ PASS ] :: Command 'ip netns exec server iptables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 14:28:31 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' :: [ 14:28:31 ] :: [ PASS ] :: Command 'ip netns exec server iptables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 14:28:31 ] :: [ BEGIN ] :: Running 'ip netns exec router tcpdump -nni r_s -w snat.pcap' :: [ 14:28:31 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:28:31 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -u -l 9999 ' :: [ 14:28:31 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -l 9999 ' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 14:28:34 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:28:34 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 10.167.2.2 9999' abc :: [ 14:28:34 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:28:34 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 10.167.2.2 9999' (Expected 0, got 0) :: [ 14:28:34 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 -u 10.167.2.2 9999' abc :: [ 14:28:34 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 -u 10.167.2.2 9999' (Expected 0, got 0) :: [ 14:28:34 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 2 flow entries have been shown. udp 17 29 src=10.167.1.1 dst=10.167.2.2 sport=58007 dport=9999 [UNREPLIED] src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 119 TIME_WAIT src=10.167.1.1 dst=10.167.2.2 sport=43552 dport=9999 src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 14:28:34 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:28:34 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source 10.167.2.254:1234' :: [ 14:28:34 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source 10.167.2.254:1234' (Expected 0, got 0) :: [ 14:28:34 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' :: [ 14:28:34 ] :: [ PASS ] :: Command 'ip netns exec server iptables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 14:28:34 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:28:34 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=0.0.0.0, port=distinct, family=2 seed = 1674588514 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 14:28:37 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:28:37 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.2.2 -p 9999 -s -c 1 -x 1 -X 1' remote:addr=10.167.2.2, port=distinct, family=2 local:addr=10.167.1.1, port=6013, family=2 seed = 1674588517 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:10.167.1.1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) (stream=0 flags=0x1 ppid=403523695 close(sk=3) Data 1452 bytes. First 10 bytes: 012345678 recvmsg(sk=3) :: [ 14:28:37 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.2.2 -p 9999 -s -c 1 -x 1 -X 1' (Expected 0, got 0) :: [ 14:28:37 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 3 flow entries have been shown. sctp 132 431999 ESTABLISHED src=10.167.1.1 dst=10.167.2.2 sport=6013 dport=9999 src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 udp 17 26 src=10.167.1.1 dst=10.167.2.2 sport=58007 dport=9999 [UNREPLIED] src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 116 TIME_WAIT src=10.167.1.1 dst=10.167.2.2 sport=43552 dport=9999 src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 14:28:37 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:28:37 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 14:28:37 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 14:28:37 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' Notification: SCTP_ASSOC_CHANGE(COMMUNICATION_LOST) (assoc_change: state=1, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 14:28:39 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 20 packets captured 20 packets received by filter 0 packets dropped by kernel Terminated :: [ 14:28:39 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 14:28:39 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 14:28:39 ] :: [ PASS ] :: Command 'ip netns exec router tcpdump -nni r_s -w snat.pcap' (Expected 0, got 0) :: [ 14:28:40 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file snat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 14:28:34.292663 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [S], seq 17116815, win 64240, options [mss 1460,sackOK,TS val 2743919595 ecr 0,nop,wscale 7], length 0 14:28:34.292689 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [S.], seq 1830337681, ack 17116816, win 65160, options [mss 1460,sackOK,TS val 4203454450 ecr 2743919595,nop,wscale 7], length 0 14:28:34.292711 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [.], ack 1, win 502, options [nop,nop,TS val 2743919596 ecr 4203454450], length 0 14:28:34.292787 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [P.], seq 1:5, ack 1, win 502, options [nop,nop,TS val 2743919596 ecr 4203454450], length 4 14:28:34.292792 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [.], ack 5, win 510, options [nop,nop,TS val 4203454450 ecr 2743919596], length 0 14:28:34.292806 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [F.], seq 1, ack 5, win 510, options [nop,nop,TS val 4203454450 ecr 2743919596], length 0 14:28:34.292807 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [F.], seq 5, ack 1, win 502, options [nop,nop,TS val 2743919596 ecr 4203454450], length 0 14:28:34.292838 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [.], ack 2, win 502, options [nop,nop,TS val 2743919596 ecr 4203454450], length 0 14:28:34.292848 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [.], ack 6, win 510, options [nop,nop,TS val 4203454450 ecr 2743919596], length 0 14:28:34.366998 IP 10.167.2.254.1234 > 10.167.2.2.9999: UDP, length 4 14:28:37.585184 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [INIT] [init tag: 588346410] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 1269750913] 14:28:37.585231 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [INIT ACK] [init tag: 1618688630] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 2538907490] 14:28:37.585304 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [COOKIE ECHO] 14:28:37.585307 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [DATA] (U)(B) [TSN: 1269750913] [SID: 0] [SSEQ 0] [PPID 0x6f480d18] 14:28:37.585339 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [COOKIE ACK] 14:28:37.585342 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [SACK] [cum ack 1269750913] [a_rwnd 105244] [#gap acks 0] [#dup tsns 0] 14:28:37.585385 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [DATA] (U)(E) [TSN: 1269750914] [SID: 0] [SSEQ 0] [PPID 0x6f480d18] 14:28:37.790667 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [SACK] [cum ack 1269750914] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 14:28:37.790699 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [ABORT] 14:28:38.610713 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [DATA] (U)(E) [TSN: 1269750914] [SID: 0] [SSEQ 0] [PPID 0x6f480d18] egrep: warning: egrep is obsolescent; using grep -E :: [ 14:28:40 ] :: [ INFO ] :: Sending snat.pcap as snat.pcap Uploading snat.pcap .done :: [ 14:28:40 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 60 SNAT 6 -- * r_s 0.0.0.0/0 0.0.0.0/0 to:10.167.2.254:1234 1 32 SNAT 17 -- * r_s 0.0.0.0/0 0.0.0.0/0 to:10.167.2.254:1234 1 68 SNAT 132 -- * r_s 0.0.0.0/0 0.0.0.0/0 to:10.167.2.254:1234 :: [ 14:28:40 ] :: [ PASS ] :: Command 'ip netns exec router iptables -tnat -nvL' (Expected 0, got 0) :: [ 14:28:40 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -F' :: [ 14:28:40 ] :: [ PASS ] :: Command 'ip netns exec router iptables -F' (Expected 0, got 0) :: [ 14:28:40 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -nvL' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP 6 -- s_r * 0.0.0.0/0 0.0.0.0/0 tcp spt:!1234 0 0 DROP 17 -- s_r * 0.0.0.0/0 0.0.0.0/0 udp spt:!1234 2 496 DROP 132 -- s_r * 0.0.0.0/0 0.0.0.0/0 sctp spt:!1234 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:40 ] :: [ PASS ] :: Command 'ip netns exec server iptables -nvL' (Expected 0, got 0) :: [ 14:28:40 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -F' :: [ 14:28:40 ] :: [ PASS ] :: Command 'ip netns exec server iptables -F' (Expected 0, got 0) Terminated :: [ 14:28:40 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 20s :: Assertions: 42 good, 0 bad :: RESULT: PASS (iptables: Plain NAT test) ** iptables-Plain-NAT-test PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:28:41 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 14:28:51 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:28:51 ] :: [ LOG ] :: Phases fingerprint: 3TFH3dbq :: [ 14:28:51 ] :: [ LOG ] :: Asserts fingerprint: zya7aOOQ Uploading journal.xml .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 64s :: Phases: 4 good, 0 bad :: OVERALL RESULT: PASS (unknown) PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.027 ms --- ::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:28:51 ] :: [ BEGIN ] :: ipv6 topo init done... :: actually running 'do_setup ipv6' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv6x == \i\p\v\6\x ]] +++ ip netns exec router sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 +++ ip_c=2001:db8:ffff:21::1 +++ ip_s=2001:db8:ffff:22::2 +++ ip_rc=2001:db8:ffff:21::fffe +++ ip_rs=2001:db8:ffff:22::fffe +++ N=64 +++ nodad=nodad +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=1002 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=800 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=590 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=380 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=170 ms --- 2001:db8:ffff:22::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 832ms rtt min/avg/max/mdev = 170.143/588.480/1001.840/294.645 ms, pipe 5 PING 2001:db8:ffff:21::1(2001:db8:ffff:21::1) from 2001:db8:ffff:22::2 s_r: 56 data bytes 64 bytes from 2001:db8:ffff:21::1: icmp_seq=1 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=2 ttl=63 time=0.069 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=3 ttl=63 time=0.111 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=4 ttl=63 time=0.071 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=5 ttl=63 time=0.046 ms --- 2001:db8:ffff:21::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 833ms rtt min/avg/max/mdev = 0.046/0.068/0.111/0.023 ms :: [ 14:28:55 ] :: [ PASS ] :: ipv6 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv6) ** Forward-ipv6 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: ip6tables: Basic TARGETS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:28:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:28:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:28:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:28:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:28:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:28:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.132 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.084 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.062 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2044ms rtt min/avg/max/mdev = 0.062/0.092/0.132/0.029 ms :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:28:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:28:58 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2108ms :: [ 14:29:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -N TEST' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -N TEST' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:29:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:29:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.093 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.106 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2059ms rtt min/avg/max/mdev = 0.050/0.083/0.106/0.023 ms :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -X' :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -X' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:04 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.113 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.042 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2097ms rtt min/avg/max/mdev = 0.042/0.067/0.113/0.032 ms :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:06 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2110ms :: [ 14:29:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:09 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:09 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:29:09 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -N TEST' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -N TEST' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:10 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.243 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.073 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.091 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2050ms rtt min/avg/max/mdev = 0.073/0.135/0.243/0.076 ms :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -X' :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -X' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:12 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.118 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.090 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2111ms rtt min/avg/max/mdev = 0.046/0.084/0.118/0.029 ms :: [ 14:29:14 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:15 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:15 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:15 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:15 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:15 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:15 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2114ms :: [ 14:29:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:18 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.051 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.101 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.079 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.051/0.077/0.101/0.020 ms :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:20 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.115 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.061 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2093ms rtt min/avg/max/mdev = 0.049/0.075/0.115/0.028 ms :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2105ms :: [ 14:29:26 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:26 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.123 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.103 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2082ms rtt min/avg/max/mdev = 0.048/0.091/0.123/0.031 ms :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:29 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.088 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.095 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2099ms rtt min/avg/max/mdev = 0.049/0.077/0.095/0.020 ms :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:31 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2108ms :: [ 14:29:34 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:34 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:34 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:35 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.100 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.107 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2041ms rtt min/avg/max/mdev = 0.047/0.084/0.107/0.026 ms :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:37 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.067 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.068 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2115ms rtt min/avg/max/mdev = 0.049/0.061/0.068/0.008 ms :: [ 14:29:39 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:40 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:40 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:40 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:40 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:40 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2095ms :: [ 14:29:43 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:43 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.065 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.113 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.047/0.075/0.113/0.027 ms :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.044 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.109 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.095 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2115ms rtt min/avg/max/mdev = 0.044/0.082/0.109/0.027 ms :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:48 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2105ms :: [ 14:29:51 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -N TEST' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -N TEST' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:29:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:51 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.102 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.105 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2054ms rtt min/avg/max/mdev = 0.046/0.084/0.105/0.027 ms :: [ 14:29:53 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:53 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -X' :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -X' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.042 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.062 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.114 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2102ms rtt min/avg/max/mdev = 0.042/0.072/0.114/0.030 ms :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:29:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:29:56 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2107ms :: [ 14:29:59 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:29:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:29:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:29:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 14:29:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:29:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:29:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -N TEST' :: [ 14:30:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -N TEST' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 14:30:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:30:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 14:30:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:30:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.099 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.123 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2103ms rtt min/avg/max/mdev = 0.047/0.089/0.123/0.031 ms :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -X' :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -X' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.117 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.095 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.048/0.086/0.117/0.028 ms :: [ 14:30:04 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:30:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 14:30:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 14:30:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:05 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2068ms :: [ 14:30:08 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -N TEST' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -N TEST' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:08 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.054 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.109 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.061 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2044ms rtt min/avg/max/mdev = 0.054/0.074/0.109/0.024 ms :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -X' :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -X' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:30:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:30:11 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.261 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.060 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.064 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2070ms rtt min/avg/max/mdev = 0.060/0.128/0.261/0.093 ms :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:30:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:13 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2107ms :: [ 14:30:16 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -N TEST' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -N TEST' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 14:30:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:16 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.054 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.123 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.078 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2044ms rtt min/avg/max/mdev = 0.054/0.085/0.123/0.028 ms :: [ 14:30:18 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 14:30:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:30:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 14:30:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 14:30:19 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -X' :: [ 14:30:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -X' (Expected 0, got 0) :: [ 14:30:19 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:19 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:19 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:19 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:19 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:19 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:19 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:19 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:19 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.063 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.115 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2086ms rtt min/avg/max/mdev = 0.049/0.075/0.115/0.028 ms :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -F' :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:21 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2104ms :: [ 14:30:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:30:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -F' :: [ 14:30:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:30:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -N TEST' :: [ 14:30:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -N TEST' (Expected 0, got 0) :: [ 14:30:25 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:30:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:30:25 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:25 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:30:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:30:25 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:25 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.123 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.116 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2042ms rtt min/avg/max/mdev = 0.048/0.095/0.123/0.033 ms :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -F' :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -F' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -X' :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -X' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.064 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.110 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2080ms rtt min/avg/max/mdev = 0.046/0.073/0.110/0.026 ms :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:29 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2100ms :: [ 14:30:33 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -N TEST' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:33 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.102 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.053 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2082ms rtt min/avg/max/mdev = 0.049/0.068/0.102/0.024 ms :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -X' :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:35 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.119 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.118 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2108ms rtt min/avg/max/mdev = 0.049/0.095/0.119/0.032 ms :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:38 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:38 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2075ms :: [ 14:30:41 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -N TEST' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:41 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.053 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.068 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.111 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2116ms rtt min/avg/max/mdev = 0.053/0.077/0.111/0.024 ms :: [ 14:30:43 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:43 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -X' :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:44 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.120 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.085 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2096ms rtt min/avg/max/mdev = 0.049/0.084/0.120/0.029 ms :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:46 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2086ms :: [ 14:30:49 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:49 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:49 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:49 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:49 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:49 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:49 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -N TEST' :: [ 14:30:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:30:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:30:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:50 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.053 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.064 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.098 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2099ms rtt min/avg/max/mdev = 0.053/0.071/0.098/0.019 ms :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -X' :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -X' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:52 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.051 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.062 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.053 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2108ms rtt min/avg/max/mdev = 0.051/0.055/0.062/0.004 ms :: [ 14:30:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:30:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:54 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:30:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -F' :: [ 14:30:54 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:30:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:54 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:55 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:55 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:55 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2095ms :: [ 14:30:58 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -F' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -N TEST' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -N TEST' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:30:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:30:58 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.052 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.129 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.058 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2096ms rtt min/avg/max/mdev = 0.052/0.079/0.129/0.034 ms :: [ 14:31:00 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:31:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:31:00 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 14:31:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -F' :: [ 14:31:00 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -F' (Expected 0, got 0) :: [ 14:31:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -X' :: [ 14:31:00 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -X' (Expected 0, got 0) :: [ 14:31:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:31:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:01 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:31:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:01 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:31:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:01 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:31:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:31:01 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.100 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.099 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2076ms rtt min/avg/max/mdev = 0.050/0.083/0.100/0.023 ms :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -F' :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -F' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:31:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:03 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2086ms :: [ 14:31:06 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -F' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -F' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -N TEST' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -N TEST' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 14:31:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 14:31:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 14:31:07 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 14:31:07 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 14:31:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.079 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.070 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2112ms rtt min/avg/max/mdev = 0.050/0.066/0.079/0.012 ms :: [ 14:31:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 14:31:09 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 14:31:09 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 14:31:09 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -F' :: [ 14:31:09 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -F' (Expected 0, got 0) :: [ 14:31:09 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -X' :: [ 14:31:09 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -X' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 133s :: Assertions: 400 good, 0 bad :: RESULT: PASS (ip6tables: Basic TARGETS) ** ip6tables-Basic-TARGETS PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: ip6tables: Plain NAT test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:31:09 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server modprobe sctp && SCTP=true ' :: [ 14:31:09 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:31:09 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 1' :: [ 14:31:10 ] :: [ PASS ] :: Command 'ip netns exec server sleep 1' (Expected 0, got 0) :: [ 14:31:10 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' :: [ 14:31:10 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' (Expected 0, got 0) :: [ 14:31:11 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' :: [ 14:31:11 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' (Expected 0, got 0) :: [ 14:31:11 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:31:11 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -u -l 9999 ' :: [ 14:31:11 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -l 9999 ' :: [ 14:31:11 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec router tcpdump -nni r_s -w dnat.pcap ' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 14:31:14 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:31:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 2001:db8:ffff:21::fffe 8888' abc :: [ 14:31:14 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:31:14 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 2001:db8:ffff:21::fffe 8888' (Expected 0, got 0) :: [ 14:31:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 -u 2001:db8:ffff:21::fffe 8888' abc :: [ 14:31:14 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 -u 2001:db8:ffff:21::fffe 8888' (Expected 0, got 0) :: [ 14:31:14 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 14:31:14 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:31:14 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' :: [ 14:31:14 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' (Expected 0, got 0) :: [ 14:31:14 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:31:14 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=::ffff:0.0.0.0, port=distinct, family=10 seed = 1674588674 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:::ffff:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 14:31:17 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:31:17 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:21::fffe -p 8888 -s -c 1 -x 1 -X 1' remote:addr=2001:db8:ffff:21::fffe, port=ddi-tcp-1, family=10 local:addr=2001:db8:ffff:21::1, port=6013, family=10 seed = 1674588677 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:2001:db8:ffff:21::1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) (stream=0 flags=0x1 ppid=55394194 Data 1452 bytes. First 10 bytes: close(sk=3) 012345678 recvmsg(sk=3) :: [ 14:31:17 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:21::fffe -p 8888 -s -c 1 -x 1 -X 1' (Expected 0, got 0) :: [ 14:31:17 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 14:31:17 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:31:17 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 14:31:17 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 14:31:17 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' Notification: SCTP_ASSOC_CHANGE(COMMUNICATION_LOST) (assoc_change: state=1, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 14:31:19 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 19 packets captured 19 packets received by filter 0 packets dropped by kernel Terminated :: [ 14:31:19 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 14:31:19 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 14:31:19 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file dnat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 14:31:14.146422 IP6 2001:db8:ffff:21::1.49596 > 2001:db8:ffff:22::2.9999: Flags [S], seq 1171510428, win 64800, options [mss 1440,sackOK,TS val 1974832628 ecr 0,nop,wscale 7], length 0 14:31:14.146442 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.49596: Flags [S.], seq 3234848521, ack 1171510429, win 64260, options [mss 1440,sackOK,TS val 3218264746 ecr 1974832628,nop,wscale 7], length 0 14:31:14.146465 IP6 2001:db8:ffff:21::1.49596 > 2001:db8:ffff:22::2.9999: Flags [.], ack 1, win 507, options [nop,nop,TS val 1974832628 ecr 3218264746], length 0 14:31:14.146537 IP6 2001:db8:ffff:21::1.49596 > 2001:db8:ffff:22::2.9999: Flags [P.], seq 1:5, ack 1, win 507, options [nop,nop,TS val 1974832628 ecr 3218264746], length 4 14:31:14.146543 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.49596: Flags [.], ack 5, win 502, options [nop,nop,TS val 3218264746 ecr 1974832628], length 0 14:31:14.146558 IP6 2001:db8:ffff:21::1.49596 > 2001:db8:ffff:22::2.9999: Flags [F.], seq 5, ack 1, win 507, options [nop,nop,TS val 1974832628 ecr 3218264746], length 0 14:31:14.146562 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.49596: Flags [F.], seq 1, ack 5, win 502, options [nop,nop,TS val 3218264746 ecr 1974832628], length 0 14:31:14.146597 IP6 2001:db8:ffff:21::1.49596 > 2001:db8:ffff:22::2.9999: Flags [.], ack 2, win 507, options [nop,nop,TS val 1974832628 ecr 3218264746], length 0 14:31:14.146606 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.49596: Flags [.], ack 6, win 502, options [nop,nop,TS val 3218264747 ecr 1974832628], length 0 14:31:14.222488 IP6 2001:db8:ffff:21::1.56943 > 2001:db8:ffff:22::2.9999: UDP, length 4 14:31:17.407036 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [INIT] [init tag: 1170220633] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3677328728] 14:31:17.407083 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [INIT ACK] [init tag: 3572619089] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 1947007743] 14:31:17.407158 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [COOKIE ECHO] 14:31:17.407160 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(B) [TSN: 3677328728] [SID: 0] [SSEQ 0] [PPID 0x923f4d03] 14:31:17.407191 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [COOKIE ACK] 14:31:17.407194 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [SACK] [cum ack 3677328728] [a_rwnd 105264] [#gap acks 0] [#dup tsns 0] 14:31:17.407237 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(E) [TSN: 3677328729] [SID: 0] [SSEQ 0] [PPID 0x923f4d03] 14:31:17.610645 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [SACK] [cum ack 3677328729] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 14:31:17.610692 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [ABORT] egrep: warning: egrep is obsolescent; using grep -E :: [ 14:31:20 ] :: [ INFO ] :: Sending dnat.pcap as dnat.pcap Uploading dnat.pcap .done :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 80 DNAT 6 -- r_c * ::/0 ::/0 to:[2001:db8:ffff:22::2]:9999 1 52 DNAT 17 -- r_c * ::/0 ::/0 to:[2001:db8:ffff:22::2]:9999 1 88 DNAT 132 -- r_c * ::/0 ::/0 to:[2001:db8:ffff:22::2]:9999 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -tnat -nvL' (Expected 0, got 0) :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -tnat -F' :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -tnat -F' (Expected 0, got 0) Terminated :: [ 14:31:20 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' (Expected 0, got 0) :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' (Expected 0, got 0) :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' :: [ 14:31:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec router tcpdump -nni r_s -w snat.pcap' :: [ 14:31:20 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:31:20 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -u -l 9999 ' :: [ 14:31:20 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -l 9999 ' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 14:31:23 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:31:23 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 2001:db8:ffff:22::2 9999' abc :: [ 14:31:24 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 14:31:24 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 2001:db8:ffff:22::2 9999' (Expected 0, got 0) :: [ 14:31:24 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 -u 2001:db8:ffff:22::2 9999' abc :: [ 14:31:24 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 -u 2001:db8:ffff:22::2 9999' (Expected 0, got 0) :: [ 14:31:24 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 14:31:24 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:31:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' :: [ 14:31:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' (Expected 0, got 0) :: [ 14:31:24 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' :: [ 14:31:24 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 14:31:24 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 14:31:24 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=::ffff:0.0.0.0, port=distinct, family=10 seed = 1674588684 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:::ffff:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 14:31:27 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 14:31:27 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:22::2 -p 9999 -s -c 1 -x 1 -X 1' remote:addr=2001:db8:ffff:22::2, port=distinct, family=10 local:addr=2001:db8:ffff:21::1, port=6013, family=10 seed = 1674588687 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:2001:db8:ffff:21::1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) (stream=0 flags=0x1 ppid=240980933 Data 1452 bytes. First 10 bytes: close(sk=3) 012345678 recvmsg(sk=3) :: [ 14:31:27 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:22::2 -p 9999 -s -c 1 -x 1 -X 1' (Expected 0, got 0) :: [ 14:31:27 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 14:31:27 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 14:31:27 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 14:31:27 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 14:31:27 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' Notification: SCTP_ASSOC_CHANGE(COMMUNICATION_LOST) (assoc_change: state=1, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 14:31:29 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 19 packets captured 19 packets received by filter 0 packets dropped by kernel Terminated :: [ 14:31:29 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 14:31:29 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 14:31:29 ] :: [ PASS ] :: Command 'ip netns exec router tcpdump -nni r_s -w snat.pcap' (Expected 0, got 0) :: [ 14:31:30 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file snat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 14:31:24.008531 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [S], seq 2140374186, win 64800, options [mss 1440,sackOK,TS val 3598703780 ecr 0,nop,wscale 7], length 0 14:31:24.008556 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [S.], seq 129222099, ack 2140374187, win 64260, options [mss 1440,sackOK,TS val 479860633 ecr 3598703780,nop,wscale 7], length 0 14:31:24.008577 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [.], ack 1, win 507, options [nop,nop,TS val 3598703780 ecr 479860633], length 0 14:31:24.008653 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [P.], seq 1:5, ack 1, win 507, options [nop,nop,TS val 3598703781 ecr 479860633], length 4 14:31:24.008659 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [.], ack 5, win 502, options [nop,nop,TS val 479860634 ecr 3598703781], length 0 14:31:24.008674 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [F.], seq 5, ack 1, win 507, options [nop,nop,TS val 3598703781 ecr 479860634], length 0 14:31:24.008776 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [F.], seq 1, ack 6, win 502, options [nop,nop,TS val 479860634 ecr 3598703781], length 0 14:31:24.008863 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [.], ack 2, win 507, options [nop,nop,TS val 3598703781 ecr 479860634], length 0 14:31:24.086582 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: UDP, length 4 14:31:27.315823 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [INIT] [init tag: 745148268] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3702563395] 14:31:27.315873 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [INIT ACK] [init tag: 78330601] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 2475847228] 14:31:27.315944 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [COOKIE ECHO] 14:31:27.315946 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(B) [TSN: 3702563395] [SID: 0] [SSEQ 0] [PPID 0xc5135d0e] 14:31:27.315986 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [COOKIE ACK] 14:31:27.315989 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [SACK] [cum ack 3702563395] [a_rwnd 105264] [#gap acks 0] [#dup tsns 0] 14:31:27.316034 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(E) [TSN: 3702563396] [SID: 0] [SSEQ 0] [PPID 0xc5135d0e] 14:31:27.530677 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [SACK] [cum ack 3702563396] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 14:31:27.530732 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [ABORT] 14:31:28.370703 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(E) [TSN: 3702563396] [SID: 0] [SSEQ 0] [PPID 0xc5135d0e] egrep: warning: egrep is obsolescent; using grep -E :: [ 14:31:30 ] :: [ INFO ] :: Sending snat.pcap as snat.pcap Uploading snat.pcap .done :: [ 14:31:30 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 80 SNAT 6 -- * r_s ::/0 ::/0 to:[2001:db8:ffff:22::fffe]:1234 1 52 SNAT 17 -- * r_s ::/0 ::/0 to:[2001:db8:ffff:22::fffe]:1234 1 88 SNAT 132 -- * r_s ::/0 ::/0 to:[2001:db8:ffff:22::fffe]:1234 :: [ 14:31:30 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -tnat -nvL' (Expected 0, got 0) :: [ 14:31:30 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -F' :: [ 14:31:30 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -F' (Expected 0, got 0) :: [ 14:31:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -nvL' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP 6 -- s_r * ::/0 ::/0 tcp spt:!1234 0 0 DROP 17 -- s_r * ::/0 ::/0 udp spt:!1234 2 576 DROP 132 -- s_r * ::/0 ::/0 sctp spt:!1234 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 14:31:30 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -nvL' (Expected 0, got 0) :: [ 14:31:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -F' :: [ 14:31:30 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -F' (Expected 0, got 0) Terminated :: [ 14:31:30 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 21s :: Assertions: 42 good, 0 bad :: RESULT: PASS (ip6tables: Plain NAT test) ** ip6tables-Plain-NAT-test PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:31:31 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 14:31:40 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:31:41 ] :: [ LOG ] :: Phases fingerprint: 3TFH3dbq :: [ 14:31:41 ] :: [ LOG ] :: Asserts fingerprint: N/nBkyJS Uploading journal.xml ..done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 234s :: Phases: 8 good, 0 bad :: OVERALL RESULT: PASS (unknown) /usr/sbin/nft :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv4 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:31:41 ] :: [ BEGIN ] :: ipv4 topo init done... :: actually running 'do_setup ipv4' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv4x == \i\p\v\6\x ]] +++ [[ ipv4x == \i\p\v\4\x ]] +++ ip netns exec router sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 +++ ip_c=10.167.1.1 +++ ip_s=10.167.2.2 +++ ip_rc=10.167.1.254 +++ ip_rs=10.167.2.254 +++ unset nodad +++ N=24 +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 10.167.2.2 (10.167.2.2) from 10.167.1.1 c_r: 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.066 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.038 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.067 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.033 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.061 ms --- 10.167.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 832ms rtt min/avg/max/mdev = 0.033/0.053/0.067/0.014 ms PING 10.167.1.1 (10.167.1.1) from 10.167.2.2 s_r: 56(84) bytes of data. 64 bytes from 10.167.1.1: icmp_seq=1 ttl=63 time=0.038 ms 64 bytes from 10.167.1.1: icmp_seq=2 ttl=63 time=0.101 ms 64 bytes from 10.167.1.1: icmp_seq=3 ttl=63 time=0.099 ms 64 bytes from 10.167.1.1: icmp_seq=4 ttl=63 time=0.053 ms 64 bytes from 10.167.1.1: icmp_seq=5 ttl=63 time=0.091 ms --- 10.167.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 834ms rtt min/avg/max/mdev = 0.038/0.076/0.101/0.025 ms :: [ 14:31:45 ] :: [ PASS ] :: ipv4 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv4) ** Forward-ipv4 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:31:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip filter' :: [ 14:31:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip filter' (Expected 0, got 0) :: [ 14:31:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:31:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:31:45 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.046 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:31:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:31:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter prerouting' :: [ 14:31:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 14:31:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:31:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:31:46 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:31:47 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:31:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter prerouting' :: [ 14:31:47 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 14:31:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 14:31:47 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:31:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:31:47 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:31:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter input' :: [ 14:31:47 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter input' (Expected 0, got 0) :: [ 14:31:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 14:31:47 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:31:47 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:31:48 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:31:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter input' :: [ 14:31:48 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter input' (Expected 0, got 0) :: [ 14:31:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 14:31:48 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:31:48 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.045 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.045/0.045/0.045/0.000 ms :: [ 14:31:48 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:31:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter output' :: [ 14:31:48 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter output' (Expected 0, got 0) :: [ 14:31:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 14:31:48 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:31:48 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:31:49 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:31:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter output' :: [ 14:31:49 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter output' (Expected 0, got 0) :: [ 14:31:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:31:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:31:49 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:31:49 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:31:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter postrouting' :: [ 14:31:49 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 14:31:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:31:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:31:49 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:31:50 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:31:50 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter postrouting' :: [ 14:31:50 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 14:31:50 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.040 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.076 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.068 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.061 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.066 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.094 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.073 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.106 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.068 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.097 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.055 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.035 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.070 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.102 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.042 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.066 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.076 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.074 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.085 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.076 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.111 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.047 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.075 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.075 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.075 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.062 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.049 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6090ms rtt min/avg/max/mdev = 0.035/0.072/0.111/0.018 ms :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:31:57 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip filter' :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 policy test input/output path) ** nftables-ip-family-ipv4-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:31:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip filter' :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip filter' (Expected 0, got 0) :: [ 14:31:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:31:57 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:31:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter prerouting' :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 14:31:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:31:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:31:57 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:31:58 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:31:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter prerouting' :: [ 14:31:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 14:31:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 14:31:58 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:31:58 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:31:58 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:31:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter forward' :: [ 14:31:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter forward' (Expected 0, got 0) :: [ 14:31:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 14:31:58 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:31:59 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:00 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter forward' :: [ 14:32:00 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter forward' (Expected 0, got 0) :: [ 14:32:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:32:00 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:32:00 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter postrouting' :: [ 14:32:00 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 14:32:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:32:00 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:00 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:01 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter postrouting' :: [ 14:32:01 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 14:32:01 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.040 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.048 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.058 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.041 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.053 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.072 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.069 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.070 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.070 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.072 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.094 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.072 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.064 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.102 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.093 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.037 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.048 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.048 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.055 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.084 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.048 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.060 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.075 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.109 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.110 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.115 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.076 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.080 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.110 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6099ms rtt min/avg/max/mdev = 0.037/0.071/0.115/0.022 ms :: [ 14:32:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:32:07 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip filter' :: [ 14:32:07 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 policy test forward path) ** nftables-ip-family-ipv4-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip filter' :: [ 14:32:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip filter' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' :: [ 14:32:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:08 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter return' :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter jump test' :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' :: [ 14:32:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:32:10 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:10 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter prerouting' :: [ 14:32:10 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 14:32:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; }' :: [ 14:32:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' :: [ 14:32:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter return' :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter jump test' :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' :: [ 14:32:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } } :: [ 14:32:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:13 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter input' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter input' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; }' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.041 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' :: [ 14:32:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:14 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:15 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter return' :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter jump test' :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' :: [ 14:32:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:15 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:16 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 14:32:16 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:16 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter output' :: [ 14:32:16 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter output' (Expected 0, got 0) :: [ 14:32:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:32:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:32:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' :: [ 14:32:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:17 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter return' :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter jump test' :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' :: [ 14:32:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:32:18 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:19 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 14:32:19 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:32:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 14:32:19 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter postrouting' :: [ 14:32:19 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 14:32:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip filter' :: [ 14:32:19 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 basic action test input/output path) ** nftables-ip-family-ipv4-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip filter' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip filter' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.046 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' :: [ 14:32:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:32:20 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:21 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:32:21 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:21 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter test' :: [ 14:32:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c counter return' :: [ 14:32:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c counter return' (Expected 0, got 0) :: [ 14:32:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c counter accept' :: [ 14:32:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 14:32:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter jump test' :: [ 14:32:22 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 14:32:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' :: [ 14:32:22 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:32:22 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:23 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 jump test iifname "r_c" counter packets 1 bytes 84 drop } chain test { iifname "r_c" counter packets 1 bytes 84 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter prerouting' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; }' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' :: [ 14:32:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:32:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:32:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter test' :: [ 14:32:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter return' :: [ 14:32:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 14:32:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter accept' :: [ 14:32:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:32:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter jump test' :: [ 14:32:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:32:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' :: [ 14:32:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:32:25 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:26 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 84 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter forward' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter forward' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' :: [ 14:32:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:32:26 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:27 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:32:27 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:27 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter test' :: [ 14:32:27 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter test' (Expected 0, got 0) :: [ 14:32:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test oifname r_s counter return' :: [ 14:32:27 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test oifname r_s counter return' (Expected 0, got 0) :: [ 14:32:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test oifname r_s counter accept' :: [ 14:32:27 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 14:32:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter jump test' :: [ 14:32:28 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:32:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' :: [ 14:32:28 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:32:28 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:29 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { oifname "r_s" counter packets 1 bytes 84 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 jump test oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 14:32:29 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:32:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 14:32:29 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 14:32:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter postrouting' :: [ 14:32:29 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 14:32:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip filter' :: [ 14:32:29 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 basic action test forward path) ** nftables-ip-family-ipv4-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:29 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 14:32:39 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:39 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 14:32:39 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ..done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 292s :: Phases: 14 good, 0 bad :: OVERALL RESULT: PASS (unknown) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv4 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:39 ] :: [ BEGIN ] :: ipv4 topo init done... :: actually running 'do_setup ipv4' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv4x == \i\p\v\6\x ]] +++ [[ ipv4x == \i\p\v\4\x ]] +++ ip netns exec router sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 +++ ip_c=10.167.1.1 +++ ip_s=10.167.2.2 +++ ip_rc=10.167.1.254 +++ ip_rs=10.167.2.254 +++ unset nodad +++ N=24 +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 10.167.2.2 (10.167.2.2) from 10.167.1.1 c_r: 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.062 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.085 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.036 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.075 ms --- 10.167.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 834ms rtt min/avg/max/mdev = 0.036/0.067/0.085/0.017 ms PING 10.167.1.1 (10.167.1.1) from 10.167.2.2 s_r: 56(84) bytes of data. 64 bytes from 10.167.1.1: icmp_seq=1 ttl=63 time=0.037 ms 64 bytes from 10.167.1.1: icmp_seq=2 ttl=63 time=0.051 ms 64 bytes from 10.167.1.1: icmp_seq=3 ttl=63 time=0.044 ms 64 bytes from 10.167.1.1: icmp_seq=4 ttl=63 time=0.079 ms 64 bytes from 10.167.1.1: icmp_seq=5 ttl=63 time=0.076 ms --- 10.167.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 843ms rtt min/avg/max/mdev = 0.037/0.057/0.079/0.017 ms :: [ 14:32:43 ] :: [ PASS ] :: ipv4 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv4) ** Forward-ipv4 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 14:32:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 14:32:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:32:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:44 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.043 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms :: [ 14:32:44 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 14:32:44 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:32:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:32:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:44 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:45 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 14:32:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:32:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 14:32:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:45 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:32:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 14:32:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 14:32:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 14:32:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:45 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:46 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 14:32:46 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 14:32:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 14:32:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.040 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms :: [ 14:32:46 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 14:32:46 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 14:32:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 14:32:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:46 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:47 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 14:32:47 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 14:32:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:32:47 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:32:47 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 14:32:47 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:32:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:32:47 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:48 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:49 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 14:32:49 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:32:49 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.068 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.034 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.111 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.017 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.031 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.020 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.031 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.028 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.027 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.060 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.113 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.077 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.049 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.047 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.082 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.112 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.111 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.076 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.109 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.072 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.111 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.074 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.073 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.075 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.060 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.042 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.061 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.049 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.076 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6088ms rtt min/avg/max/mdev = 0.017/0.064/0.113/0.029 ms :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:32:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 policy test input/output path) ** nftables-inet-family-ipv4-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:32:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 14:32:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:55 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:32:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:32:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:55 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:56 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 14:32:56 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:32:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 14:32:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:57 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:32:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 14:32:57 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 14:32:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 14:32:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:57 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:58 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 14:32:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 14:32:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:32:58 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:32:58 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.042 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms :: [ 14:32:58 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:32:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 14:32:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:32:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:32:58 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:32:58 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:32:59 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:32:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 14:32:59 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:32:59 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.039 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.065 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.060 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.085 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.078 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.078 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.039 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.038 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.071 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.040 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.076 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.081 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.080 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.022 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.078 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.061 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.080 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.081 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.114 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.050 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.114 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.112 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.062 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.110 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.079 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.078 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.062 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.052 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6089ms rtt min/avg/max/mdev = 0.022/0.071/0.114/0.022 ms :: [ 14:33:05 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:33:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 14:33:05 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 policy test forward path) ** nftables-inet-family-ipv4-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.046 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 14:33:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:06 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:07 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 2 bytes 140 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 14:33:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:07 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:08 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:33:08 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 14:33:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 14:33:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:10 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:11 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } } :: [ 14:33:11 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.045 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.045/0.045/0.045/0.000 ms :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 14:33:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 14:33:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:13 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:14 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 14:33:14 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:14 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 14:33:14 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 14:33:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.051 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 14:33:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:15 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:16 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 14:33:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:33:16 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:17 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 14:33:17 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:33:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:33:17 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 14:33:17 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:33:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 basic action test input/output path) ** nftables-inet-family-ipv4-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.048 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 14:33:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:33:18 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:19 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:33:19 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:20 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 14:33:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter return' :: [ 14:33:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter return' (Expected 0, got 0) :: [ 14:33:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' :: [ 14:33:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 14:33:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' :: [ 14:33:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 14:33:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 14:33:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:33:20 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:21 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 jump test iifname "r_c" counter packets 1 bytes 84 drop } chain test { iifname "r_c" counter packets 1 bytes 84 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.044 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 14:33:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:33:21 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:22 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:33:22 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:22 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 14:33:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' :: [ 14:33:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 14:33:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' :: [ 14:33:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:33:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' :: [ 14:33:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:33:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 14:33:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:33:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 84 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.046 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 14:33:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:33:24 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:25 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:33:25 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:25 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 14:33:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 14:33:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter return' :: [ 14:33:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter return' (Expected 0, got 0) :: [ 14:33:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' :: [ 14:33:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 14:33:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' :: [ 14:33:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:33:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 14:33:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:33:26 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:27 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { oifname "r_s" counter packets 1 bytes 84 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 jump test oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 14:33:27 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:33:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:33:27 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:33:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 14:33:27 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:33:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 14:33:27 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 basic action test forward path) ** nftables-inet-family-ipv4-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:27 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 14:33:37 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:37 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 14:33:37 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ...done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 350s :: Phases: 20 good, 0 bad :: OVERALL RESULT: PASS (unknown) PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.027 ms --- ::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:38 ] :: [ BEGIN ] :: ipv6 topo init done... :: actually running 'do_setup ipv6' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv6x == \i\p\v\6\x ]] +++ ip netns exec router sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 +++ ip_c=2001:db8:ffff:21::1 +++ ip_s=2001:db8:ffff:22::2 +++ ip_rc=2001:db8:ffff:21::fffe +++ ip_rs=2001:db8:ffff:22::fffe +++ N=64 +++ nodad=nodad +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.092 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.037 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.069 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.017 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.047 ms --- 2001:db8:ffff:22::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 838ms rtt min/avg/max/mdev = 0.017/0.052/0.092/0.025 ms PING 2001:db8:ffff:21::1(2001:db8:ffff:21::1) from 2001:db8:ffff:22::2 s_r: 56 data bytes 64 bytes from 2001:db8:ffff:21::1: icmp_seq=1 ttl=63 time=0.043 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=2 ttl=63 time=0.065 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=3 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=4 ttl=63 time=0.113 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=5 ttl=63 time=0.118 ms --- 2001:db8:ffff:21::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 833ms rtt min/avg/max/mdev = 0.043/0.077/0.118/0.032 ms :: [ 14:33:42 ] :: [ PASS ] :: ipv6 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv6) ** Forward-ipv6 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip6 filter' :: [ 14:33:42 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip6 filter' (Expected 0, got 0) :: [ 14:33:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:33:42 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:42 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.051 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms :: [ 14:33:42 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter prerouting' :: [ 14:33:42 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 14:33:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:33:42 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:42 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:43 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter prerouting' :: [ 14:33:43 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 14:33:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 14:33:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:43 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.047/0.047/0.047/0.000 ms :: [ 14:33:43 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter input' :: [ 14:33:43 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter input' (Expected 0, got 0) :: [ 14:33:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 14:33:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:43 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:45 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter input' :: [ 14:33:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter input' (Expected 0, got 0) :: [ 14:33:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 14:33:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:45 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms :: [ 14:33:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter output' :: [ 14:33:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter output' (Expected 0, got 0) :: [ 14:33:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 14:33:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:45 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:46 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter output' :: [ 14:33:46 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter output' (Expected 0, got 0) :: [ 14:33:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:33:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms :: [ 14:33:46 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter postrouting' :: [ 14:33:46 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 14:33:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:33:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:46 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:47 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter postrouting' :: [ 14:33:47 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 14:33:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.053 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.129 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.127 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.053 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.058 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.066 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.091 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.057 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.056 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.091 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.061 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.121 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.068 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.083 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.084 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.112 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.087 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.054 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.124 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.121 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.126 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.067 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.085 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.055 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.084 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6097ms rtt min/avg/max/mdev = 0.046/0.081/0.129/0.027 ms :: [ 14:33:53 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:33:53 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip6 filter' :: [ 14:33:53 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 11s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 policy test input/output path) ** nftables-ip6-family-ipv6-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:33:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip6 filter' :: [ 14:33:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip6 filter' (Expected 0, got 0) :: [ 14:33:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:33:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.050/0.050/0.050/0.000 ms :: [ 14:33:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter prerouting' :: [ 14:33:54 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 14:33:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:33:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:54 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:55 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter prerouting' :: [ 14:33:55 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 14:33:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 14:33:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:55 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms :: [ 14:33:55 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter forward' :: [ 14:33:55 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter forward' (Expected 0, got 0) :: [ 14:33:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 14:33:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:55 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:56 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter forward' :: [ 14:33:56 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter forward' (Expected 0, got 0) :: [ 14:33:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:33:56 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:33:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms :: [ 14:33:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:33:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter postrouting' :: [ 14:33:56 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 14:33:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:33:56 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:33:57 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:33:58 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:33:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter postrouting' :: [ 14:33:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 14:33:58 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.045 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.126 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.123 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.088 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.069 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.088 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.054 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.071 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.121 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.122 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.079 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.057 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.059 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.055 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.058 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.059 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.073 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.060 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.119 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.129 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.127 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.067 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.069 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.059 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.121 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.086 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.056 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.068 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6083ms rtt min/avg/max/mdev = 0.045/0.082/0.129/0.026 ms :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip6 filter' :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 policy test forward path) ** nftables-ip6-family-ipv6-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip6 filter' :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip6 filter' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:04 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' :: [ 14:34:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' :: [ 14:34:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:05 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:06 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter jump test' :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' :: [ 14:34:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:06 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:07 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter prerouting' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; }' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.051 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' :: [ 14:34:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:08 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter jump test' :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' :: [ 14:34:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } } :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter input' :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter input' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; }' :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:10 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' :: [ 14:34:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' :: [ 14:34:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter jump test' :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' :: [ 14:34:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { oifname "s_r" counter packets 1 bytes 104 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 jump test oifname "s_r" counter packets 1 bytes 104 drop } } :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter output' :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter output' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.052 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:13 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' :: [ 14:34:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' :: [ 14:34:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:14 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:15 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter jump test' :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' :: [ 14:34:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:34:15 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:16 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { oifname "s_r" counter packets 1 bytes 104 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 jump test oifname "s_r" counter packets 1 bytes 104 drop } } :: [ 14:34:16 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:34:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 14:34:16 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter postrouting' :: [ 14:34:16 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 14:34:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip6 filter' :: [ 14:34:16 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 basic action test input/output path) ** nftables-ip6-family-ipv6-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip6 filter' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip6 filter' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' :: [ 14:34:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:34:17 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter test' :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c counter return' :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c counter return' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c counter accept' :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter jump test' :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' :: [ 14:34:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:34:18 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 jump test iifname "r_c" counter packets 1 bytes 104 drop } chain test { iifname "r_c" counter packets 1 bytes 104 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter prerouting' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; }' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' :: [ 14:34:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:34:20 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:21 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:34:21 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:21 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter test' :: [ 14:34:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter return' :: [ 14:34:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter accept' :: [ 14:34:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter jump test' :: [ 14:34:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:34:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' :: [ 14:34:22 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:34:22 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:23 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 104 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop } } :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter forward' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter forward' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.050/0.050/0.050/0.000 ms :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' :: [ 14:34:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:34:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter test' :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter test' (Expected 0, got 0) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test oifname r_s counter return' :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test oifname r_s counter return' (Expected 0, got 0) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test oifname r_s counter accept' :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter jump test' :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:34:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' :: [ 14:34:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:34:25 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:26 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { oifname "r_s" counter packets 2 bytes 168 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 2 bytes 168 jump test oifname "r_s" counter packets 2 bytes 168 drop } } :: [ 14:34:26 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:34:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 14:34:26 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 14:34:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter postrouting' :: [ 14:34:26 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 14:34:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip6 filter' :: [ 14:34:26 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 basic action test forward path) ** nftables-ip6-family-ipv6-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:26 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 14:34:36 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:36 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 14:34:36 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ...done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 409s :: Phases: 26 good, 0 bad :: OVERALL RESULT: PASS (unknown) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:37 ] :: [ BEGIN ] :: ipv6 topo init done... :: actually running 'do_setup ipv6' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv6x == \i\p\v\6\x ]] +++ ip netns exec router sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 +++ ip_c=2001:db8:ffff:21::1 +++ ip_s=2001:db8:ffff:22::2 +++ ip_rc=2001:db8:ffff:21::fffe +++ ip_rs=2001:db8:ffff:22::fffe +++ N=64 +++ nodad=nodad +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.090 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.097 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.098 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.080 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.099 ms --- 2001:db8:ffff:22::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 832ms rtt min/avg/max/mdev = 0.080/0.092/0.099/0.007 ms PING 2001:db8:ffff:21::1(2001:db8:ffff:21::1) from 2001:db8:ffff:22::2 s_r: 56 data bytes 64 bytes from 2001:db8:ffff:21::1: icmp_seq=1 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=2 ttl=63 time=0.083 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=3 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=4 ttl=63 time=0.050 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=5 ttl=63 time=0.096 ms --- 2001:db8:ffff:21::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 833ms rtt min/avg/max/mdev = 0.048/0.065/0.096/0.020 ms :: [ 14:34:40 ] :: [ PASS ] :: ipv6 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 4s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv6) ** Forward-ipv6 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 14:34:41 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 14:34:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:34:41 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:41 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.050/0.050/0.050/0.000 ms :: [ 14:34:41 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 14:34:41 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:34:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:34:41 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:41 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:42 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 14:34:42 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:34:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 14:34:42 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:42 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.047/0.047/0.047/0.000 ms :: [ 14:34:42 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 14:34:42 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 14:34:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 14:34:42 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:42 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:43 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 14:34:43 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 14:34:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 14:34:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:43 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.047/0.047/0.047/0.000 ms :: [ 14:34:43 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 14:34:43 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 14:34:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 14:34:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:43 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:45 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 14:34:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 14:34:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:34:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:45 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms :: [ 14:34:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 14:34:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:34:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:34:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:45 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:46 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 14:34:46 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:34:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.086 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.049 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.050 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.062 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.062 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.077 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.056 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.061 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.070 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.057 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.061 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.056 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.090 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.121 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.059 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.061 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.071 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.075 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.093 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.088 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.090 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.058 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.058 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.126 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.060 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.094 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6084ms rtt min/avg/max/mdev = 0.046/0.073/0.126/0.019 ms :: [ 14:34:52 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:34:52 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 14:34:52 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 11s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 policy test input/output path) ** nftables-inet-family-ipv6-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:34:52 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 14:34:52 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 14:34:52 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 14:34:52 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:53 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.047/0.047/0.047/0.000 ms :: [ 14:34:53 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:53 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 14:34:53 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:34:53 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 14:34:53 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:53 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:54 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 14:34:54 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:34:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 14:34:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.048 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.048/0.048/0.048/0.000 ms :: [ 14:34:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 14:34:54 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 14:34:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 14:34:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:54 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:55 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 14:34:55 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 14:34:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 14:34:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 14:34:55 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.050 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.050/0.050/0.050/0.000 ms :: [ 14:34:55 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:34:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 14:34:55 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:34:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 14:34:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 14:34:55 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:34:56 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:34:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 14:34:56 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:34:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.055 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.096 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.057 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.089 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.069 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.122 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.124 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.130 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.075 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.048 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.053 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.038 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.074 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.060 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.127 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.070 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.076 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.124 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.088 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.090 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.122 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.058 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.058 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.088 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.060 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.060 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.055 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.071 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6092ms rtt min/avg/max/mdev = 0.038/0.077/0.130/0.027 ms :: [ 14:35:02 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 14:35:02 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 11s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 policy test forward path) ** nftables-inet-family-ipv6-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.047 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.047/0.047/0.047/0.000 ms :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 14:35:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:03 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:04 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:35:04 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:04 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:35:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 14:35:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:35:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 14:35:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' :: [ 14:35:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:35:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 14:35:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:05 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:06 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.052 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 14:35:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:06 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:07 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:35:07 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:07 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:35:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 14:35:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 14:35:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 14:35:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' :: [ 14:35:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 14:35:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 14:35:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:08 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } } :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.052 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 14:35:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:35:10 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:10 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:35:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 14:35:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:35:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 14:35:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' :: [ 14:35:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:35:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 14:35:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 1 bytes 104 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 jump test oifname "s_r" counter packets 1 bytes 104 drop } } :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.049 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 14:35:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 14:35:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:13 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 14:35:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 14:35:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 14:35:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 14:35:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 14:35:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' :: [ 14:35:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 14:35:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 14:35:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 14:35:14 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:15 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 1 bytes 104 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 jump test oifname "s_r" counter packets 1 bytes 104 drop } } :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 basic action test input/output path) ** nftables-inet-family-ipv6-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.046 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.046/0.046/0.046/0.000 ms :: [ 14:35:15 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 14:35:16 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:16 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:16 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:16 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 14:35:16 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:35:16 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 14:35:16 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 14:35:16 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:17 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter return' :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter return' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 14:35:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 14:35:17 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 jump test iifname "r_c" counter packets 1 bytes 104 drop } chain test { iifname "r_c" counter packets 1 bytes 104 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:35:18 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.052 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms :: [ 14:35:18 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:35:19 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:19 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 14:35:19 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:35:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 14:35:19 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:35:19 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 14:35:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 14:35:20 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:21 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 104 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop } } :: [ 14:35:21 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:21 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 14:35:21 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 14:35:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 14:35:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 14:35:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:35:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.051 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms :: [ 14:35:22 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 14:35:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 14:35:22 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:22 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 14:35:22 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:35:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 14:35:22 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 14:35:22 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:23 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 2 bytes 176 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter return' :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter return' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 14:35:23 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 14:35:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 14:35:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 14:35:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { oifname "r_s" counter packets 2 bytes 176 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 2 bytes 176 jump test oifname "r_s" counter packets 2 bytes 176 drop } } :: [ 14:35:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 14:35:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 14:35:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 14:35:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 14:35:24 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 14:35:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 14:35:24 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 basic action test forward path) ** nftables-inet-family-ipv6-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:35:25 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 14:35:35 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 10s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:35:35 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 14:35:35 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ...done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 468s :: Phases: 32 good, 0 bad :: OVERALL RESULT: PASS (unknown)