use_pty:FALSE /usr/share/restraint/plugins/run_task_plugins bash ./runtest.sh Last metadata expiration check: 0:01:01 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package nmap-ncat-3:7.93-2.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:01:08 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package lksctp-tools-1.0.19-3.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:01:15 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package tcpdump-14:4.99.3-2.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:01:23 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package conntrack-tools-1.4.6-6.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:01:30 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package nftables-1:1.0.5-2.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:01:37 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package ipset-7.17-2.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:01:45 ago on Mon 30 Jan 2023 12:34:54 AM EST. Package ipvsadm-1.31-9.fc38.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! netfilter_install(): Need paramter! /usr/sbin/iptables :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv4 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:36:47 ] :: [ BEGIN ] :: ipv4 topo init done... :: actually running 'do_setup ipv4' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv4x == \i\p\v\6\x ]] +++ [[ ipv4x == \i\p\v\4\x ]] +++ ip netns exec router sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 +++ ip_c=10.167.1.1 +++ ip_s=10.167.2.2 +++ ip_rc=10.167.1.254 +++ ip_rs=10.167.2.254 +++ unset nodad +++ N=24 +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 10.167.2.2 (10.167.2.2) from 10.167.1.1 c_r: 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=1.36 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.324 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.360 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.338 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.353 ms --- 10.167.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 823ms rtt min/avg/max/mdev = 0.324/0.547/1.360/0.406 ms PING 10.167.1.1 (10.167.1.1) from 10.167.2.2 s_r: 56(84) bytes of data. 64 bytes from 10.167.1.1: icmp_seq=1 ttl=63 time=0.362 ms 64 bytes from 10.167.1.1: icmp_seq=2 ttl=63 time=0.389 ms 64 bytes from 10.167.1.1: icmp_seq=3 ttl=63 time=0.399 ms 64 bytes from 10.167.1.1: icmp_seq=4 ttl=63 time=0.409 ms 64 bytes from 10.167.1.1: icmp_seq=5 ttl=63 time=0.628 ms --- 10.167.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 833ms rtt min/avg/max/mdev = 0.362/0.437/0.628/0.096 ms :: [ 00:36:53 ] :: [ PASS ] :: ipv4 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 6s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv4) ** Forward-ipv4 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: iptables: Basic TARGETS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:37:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.646 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.646/0.646/0.646/0.000 ms :: [ 00:37:04 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:04 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:37:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:37:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 00:37:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 00:37:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:06 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:07 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:37:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:37:09 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:37:10 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:37:10 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 00:37:10 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 00:37:11 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -N TEST' :: [ 00:37:11 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -N TEST' (Expected 0, got 0) :: [ 00:37:11 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:37:12 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:37:12 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:13 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:13 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:37:13 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:37:14 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:14 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.349 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.349/0.349/0.349/0.000 ms :: [ 00:37:15 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:15 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 00:37:15 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:37:16 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 00:37:16 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 00:37:17 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -X' :: [ 00:37:17 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -X' (Expected 0, got 0) :: [ 00:37:17 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:37:18 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:18 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:37:18 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:37:19 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.350 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.350/0.350/0.350/0.000 ms :: [ 00:37:19 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:20 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:37:20 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:37:20 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 00:37:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 00:37:21 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:37:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:37:22 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:37:22 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:37:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:37:25 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:37:25 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:37:25 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 00:37:26 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 00:37:26 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -N TEST' :: [ 00:37:27 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -N TEST' (Expected 0, got 0) :: [ 00:37:27 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 00:37:27 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 00:37:28 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:37:28 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:37:29 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 00:37:29 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 00:37:29 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:37:30 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:30 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.293 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms :: [ 00:37:30 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:31 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:37:31 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:37:31 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -F' :: [ 00:37:32 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -F' (Expected 0, got 0) :: [ 00:37:32 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t filter -X' :: [ 00:37:32 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t filter -X' (Expected 0, got 0) :: [ 00:37:33 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:33 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:34 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:34 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:34 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.287 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.287/0.287/0.287/0.000 ms :: [ 00:37:35 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:35 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:37:35 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:37:36 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:37:36 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:37:36 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:37 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:37 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:37 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:38 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:37:40 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:37:40 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:37:40 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:37:41 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:37:41 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:37:41 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 00:37:42 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:37:42 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:37:42 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:37:43 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:43 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:44 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:37:44 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:37:44 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:45 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:45 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.303 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.303/0.303/0.303/0.000 ms :: [ 00:37:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:46 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 00:37:46 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:37:47 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:37:47 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:37:47 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 00:37:48 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 00:37:48 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:48 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:49 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:49 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:50 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.368 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.368/0.368/0.368/0.000 ms :: [ 00:37:50 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:37:50 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:37:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:37:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:37:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:37:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:52 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:37:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:37:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:37:54 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:37:55 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:37:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:37:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:37:57 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:37:57 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:37:57 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 00:37:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:37:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:37:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:37:59 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:37:59 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:38:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:38:00 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:38:00 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:38:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:01 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.326 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.326/0.326/0.326/0.000 ms :: [ 00:38:02 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 00:38:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:04 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 00:38:04 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 00:38:04 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.324 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms :: [ 00:38:06 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:38:07 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:09 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:09 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:10 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:38:11 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:38:12 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:38:12 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:12 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:13 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:13 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 00:38:14 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:38:14 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 00:38:14 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 00:38:15 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:15 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:16 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 00:38:16 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 00:38:16 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:17 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:17 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.292 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms :: [ 00:38:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:18 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:38:18 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:19 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:19 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:19 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 00:38:20 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 00:38:20 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:20 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:21 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:22 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.565 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.565/0.565/0.565/0.000 ms :: [ 00:38:22 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:22 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:38:23 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:23 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:24 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:24 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:24 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:25 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:25 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:26 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:38:27 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:38:28 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:38:28 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:29 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:29 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:29 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -N TEST' :: [ 00:38:30 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:38:30 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 00:38:30 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 00:38:31 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:31 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:32 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 00:38:32 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 00:38:32 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:33 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -A POSTROUTING -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:33 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.304 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.304/0.304/0.304/0.000 ms :: [ 00:38:34 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:34 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:38:34 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:38:35 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -F' :: [ 00:38:35 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -F' (Expected 0, got 0) :: [ 00:38:36 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t mangle -X' :: [ 00:38:36 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t mangle -X' (Expected 0, got 0) :: [ 00:38:36 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:38:37 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:37 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:38:37 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:38:38 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.294 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.294/0.294/0.294/0.000 ms :: [ 00:38:38 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:39 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:38:39 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:38:40 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 00:38:40 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 00:38:40 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:38:41 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:38:41 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:38:41 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:42 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:38:44 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:38:44 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:38:44 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:38:45 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 00:38:45 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 00:38:46 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -N TEST' :: [ 00:38:46 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -N TEST' (Expected 0, got 0) :: [ 00:38:47 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:38:47 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:38:48 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:38:48 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:38:48 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:38:49 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:38:49 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:38:50 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A PREROUTING -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:50 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.338 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.338/0.338/0.338/0.000 ms :: [ 00:38:50 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:51 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 00:38:51 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:38:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 00:38:52 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 00:38:52 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -X' :: [ 00:38:53 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -X' (Expected 0, got 0) :: [ 00:38:53 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:54 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:54 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:55 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.283 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.283/0.283/0.283/0.000 ms :: [ 00:38:55 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:38:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:38:56 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:38:56 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 00:38:57 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 00:38:57 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:38:57 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:38:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:38:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:38:59 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:39:00 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:39:01 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:39:01 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:39:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 00:39:02 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 00:39:02 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -N TEST' :: [ 00:39:03 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -N TEST' (Expected 0, got 0) :: [ 00:39:03 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 00:39:04 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 00:39:04 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:39:04 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:39:05 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 00:39:05 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 00:39:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:39:06 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.308 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.308/0.308/0.308/0.000 ms :: [ 00:39:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:07 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:39:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:39:08 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -F' :: [ 00:39:08 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -F' (Expected 0, got 0) :: [ 00:39:09 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t raw -X' :: [ 00:39:09 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t raw -X' (Expected 0, got 0) :: [ 00:39:10 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:10 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:10 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:11 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:11 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.290 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.290/0.290/0.290/0.000 ms :: [ 00:39:12 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:12 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:39:12 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:39:13 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 00:39:13 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 00:39:14 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:14 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:14 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:15 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:15 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:39:17 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:39:17 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:39:17 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:39:18 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 00:39:18 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 00:39:19 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -N TEST' :: [ 00:39:19 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -N TEST' (Expected 0, got 0) :: [ 00:39:20 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:39:20 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:39:20 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -i s_r -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:21 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:39:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:39:22 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:22 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A INPUT -i s_r -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:23 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.302 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.302/0.302/0.302/0.000 ms :: [ 00:39:23 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:23 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- s_r * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- s_r * 10.167.1.1 10.167.2.2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- s_r * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- s_r * 10.167.1.1 10.167.2.2 :: [ 00:39:24 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:39:24 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 00:39:24 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 00:39:25 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -X' :: [ 00:39:25 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -X' (Expected 0, got 0) :: [ 00:39:26 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:39:26 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:26 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:39:27 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:39:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.306 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.306/0.306/0.306/0.000 ms :: [ 00:39:27 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:28 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:39:28 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:39:29 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 00:39:29 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 00:39:29 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:39:30 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:39:30 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:39:30 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:31 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:39:32 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:39:33 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:39:33 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:39:34 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 00:39:34 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 00:39:35 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -N TEST' :: [ 00:39:35 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -N TEST' (Expected 0, got 0) :: [ 00:39:35 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' :: [ 00:39:36 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j RETURN' (Expected 0, got 0) :: [ 00:39:36 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' :: [ 00:39:36 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A TEST -o s_r -s 10.167.2.2 -d 10.167.1.1 -j DROP' (Expected 0, got 0) :: [ 00:39:37 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' :: [ 00:39:37 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j TEST' (Expected 0, got 0) :: [ 00:39:37 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' :: [ 00:39:38 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -A OUTPUT -o s_r -s 10.167.2.2 -d 10.167.1.1 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:38 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.351 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.351/0.351/0.351/0.000 ms :: [ 00:39:39 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:39 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * s_r 10.167.2.2 10.167.1.1 1 84 ACCEPT 0 -- * s_r 10.167.2.2 10.167.1.1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * s_r 10.167.2.2 10.167.1.1 0 0 DROP 0 -- * s_r 10.167.2.2 10.167.1.1 :: [ 00:39:39 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:39:40 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -F' :: [ 00:39:40 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -F' (Expected 0, got 0) :: [ 00:39:41 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -t security -X' :: [ 00:39:41 ] :: [ PASS ] :: Command 'ip netns exec server iptables -t security -X' (Expected 0, got 0) :: [ 00:39:41 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:42 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:42 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:42 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:43 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.313 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.313/0.313/0.313/0.000 ms :: [ 00:39:43 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:44 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:39:44 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:39:44 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -F' :: [ 00:39:45 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -F' (Expected 0, got 0) :: [ 00:39:45 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:46 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:46 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:46 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:47 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:39:48 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:39:49 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:39:49 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:39:50 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -F' :: [ 00:39:50 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -F' (Expected 0, got 0) :: [ 00:39:50 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -N TEST' :: [ 00:39:51 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -N TEST' (Expected 0, got 0) :: [ 00:39:51 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:39:51 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:39:52 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:52 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:53 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:39:53 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:39:53 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:54 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.307 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms :: [ 00:39:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:55 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 :: [ 00:39:55 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:39:56 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -F' :: [ 00:39:56 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -F' (Expected 0, got 0) :: [ 00:39:56 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t filter -X' :: [ 00:39:57 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t filter -X' (Expected 0, got 0) :: [ 00:39:57 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:39:57 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:39:58 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:39:58 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:39:59 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.361 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms :: [ 00:39:59 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:39:59 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:40:00 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:00 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:00 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:01 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:01 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:02 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:02 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:03 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:40:04 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:40:04 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:40:05 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:05 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:05 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:06 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -N TEST' :: [ 00:40:06 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:40:07 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:40:07 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:40:07 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:08 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:08 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:40:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:40:09 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:09 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:10 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.402 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.402/0.402/0.402/0.000 ms :: [ 00:40:10 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:40:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 :: [ 00:40:11 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -X' :: [ 00:40:13 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -X' (Expected 0, got 0) :: [ 00:40:13 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:13 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.358 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.358/0.358/0.358/0.000 ms :: [ 00:40:15 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:40:15 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:40:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:19 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 11ms :: [ 00:40:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:40:21 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:40:21 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:21 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:22 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:22 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -N TEST' :: [ 00:40:22 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:40:23 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:40:23 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:40:24 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:24 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:25 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:40:25 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:40:25 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:26 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:26 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.620 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.620/0.620/0.620/0.000 ms :: [ 00:40:26 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:40:27 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 :: [ 00:40:27 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:28 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:28 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:29 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -X' :: [ 00:40:29 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -X' (Expected 0, got 0) :: [ 00:40:29 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:30 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:30 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:31 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:31 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.391 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.391/0.391/0.391/0.000 ms :: [ 00:40:31 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:40:32 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- * r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- * r_s 10.167.1.1 10.167.2.2 :: [ 00:40:32 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:33 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:33 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:33 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:34 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:34 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:35 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:35 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:40:37 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:40:37 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- * r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- * r_s 10.167.1.1 10.167.2.2 :: [ 00:40:37 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:38 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:38 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:39 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -N TEST' :: [ 00:40:39 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:40:40 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:40:40 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:40:40 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:41 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A TEST -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:41 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:40:42 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:40:42 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:42 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -A POSTROUTING -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:43 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.352 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.352/0.352/0.352/0.000 ms :: [ 00:40:43 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:40:44 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- * r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- * r_s 10.167.1.1 10.167.2.2 Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- * r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- * r_s 10.167.1.1 10.167.2.2 :: [ 00:40:44 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:40:44 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -F' :: [ 00:40:45 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -F' (Expected 0, got 0) :: [ 00:40:45 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t mangle -X' :: [ 00:40:46 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t mangle -X' (Expected 0, got 0) :: [ 00:40:46 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:46 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:47 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:47 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:48 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.417 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.417/0.417/0.417/0.000 ms :: [ 00:40:48 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:40:48 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:40:49 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:40:49 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -F' :: [ 00:40:50 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -F' (Expected 0, got 0) :: [ 00:40:50 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:50 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:51 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:51 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:52 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:40:53 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:40:54 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:40:54 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:40:54 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -F' :: [ 00:40:55 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -F' (Expected 0, got 0) :: [ 00:40:55 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -N TEST' :: [ 00:40:56 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -N TEST' (Expected 0, got 0) :: [ 00:40:56 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:40:56 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:40:57 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:40:57 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A TEST -i r_c -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:40:58 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:40:58 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:40:58 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:40:59 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -A PREROUTING -i r_c -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:40:59 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.382 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.382/0.382/0.382/0.000 ms :: [ 00:40:59 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:41:00 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c * 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c * 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c * 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c * 10.167.1.1 10.167.2.2 :: [ 00:41:00 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:41:01 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -F' :: [ 00:41:01 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -F' (Expected 0, got 0) :: [ 00:41:01 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t raw -X' :: [ 00:41:02 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t raw -X' (Expected 0, got 0) :: [ 00:41:02 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:41:03 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:41:03 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:41:03 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:41:04 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.311 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms :: [ 00:41:04 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:41:05 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:41:05 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:41:05 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -F' :: [ 00:41:06 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -F' (Expected 0, got 0) :: [ 00:41:06 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:41:06 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:41:07 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:41:07 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:41:08 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 10.167.2.2 -c1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:41:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:41:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:41:10 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:41:10 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -F' :: [ 00:41:11 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -F' (Expected 0, got 0) :: [ 00:41:11 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -N TEST' :: [ 00:41:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -N TEST' (Expected 0, got 0) :: [ 00:41:12 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' :: [ 00:41:12 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j RETURN' (Expected 0, got 0) :: [ 00:41:13 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' :: [ 00:41:13 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A TEST -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j DROP' (Expected 0, got 0) :: [ 00:41:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' :: [ 00:41:14 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j TEST' (Expected 0, got 0) :: [ 00:41:14 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' :: [ 00:41:15 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -A FORWARD -i r_c -o r_s -s 10.167.1.1 -d 10.167.2.2 -j ACCEPT' (Expected 0, got 0) :: [ 00:41:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.364 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.364/0.364/0.364/0.000 ms :: [ 00:41:16 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:41:16 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 TEST 0 -- r_c r_s 10.167.1.1 10.167.2.2 1 84 ACCEPT 0 -- r_c r_s 10.167.1.1 10.167.2.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 1 84 RETURN 0 -- r_c r_s 10.167.1.1 10.167.2.2 0 0 DROP 0 -- r_c r_s 10.167.1.1 10.167.2.2 :: [ 00:41:16 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -L -n -v' (Expected 0, got 0) :: [ 00:41:17 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -F' :: [ 00:41:17 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -F' (Expected 0, got 0) :: [ 00:41:18 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t security -X' :: [ 00:41:18 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t security -X' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 256s :: Assertions: 304 good, 0 bad :: RESULT: PASS (iptables: Basic TARGETS) ** iptables-Basic-TARGETS PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: iptables: Plain NAT test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:41:28 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server modprobe sctp && SCTP=true ' :: [ 00:41:28 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 00:41:29 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 1' :: [ 00:41:30 ] :: [ PASS ] :: Command 'ip netns exec server sleep 1' (Expected 0, got 0) :: [ 00:41:30 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination 10.167.2.2:9999' :: [ 00:41:32 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination 10.167.2.2:9999' (Expected 0, got 0) :: [ 00:41:33 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination 10.167.2.2:9999' :: [ 00:41:33 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination 10.167.2.2:9999' (Expected 0, got 0) :: [ 00:41:33 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 00:41:34 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec router tcpdump -nni r_s -w dnat.pcap ' :: [ 00:41:34 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -l 9999 ' :: [ 00:41:34 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -u -l 9999 ' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 00:41:37 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:41:37 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 10.167.1.254 8888' abc :: [ 00:41:37 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 10.167.1.254 8888' (Expected 0, got 0) :: [ 00:41:37 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 00:41:38 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 -u 10.167.1.254 8888' abc :: [ 00:41:38 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 -u 10.167.1.254 8888' (Expected 0, got 0) :: [ 00:41:39 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 2 flow entries have been shown. tcp 6 118 TIME_WAIT src=10.167.1.1 dst=10.167.1.254 sport=51886 dport=8888 src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=51886 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 udp 17 28 src=10.167.1.1 dst=10.167.1.254 sport=35969 dport=8888 [UNREPLIED] src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=35969 secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 00:41:40 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:41:40 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination 10.167.2.2:9999' :: [ 00:41:40 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination 10.167.2.2:9999' (Expected 0, got 0) :: [ 00:41:41 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 00:41:41 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=0.0.0.0, port=distinct, family=2 seed = 1675057301 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 00:41:44 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:41:45 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.1.254 -p 8888 -s -c 1 -x 1 -X 1' remote:addr=10.167.1.254, port=ddi-tcp-1, family=2 local:addr=10.167.1.1, port=6013, family=2 seed = 1675057305 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:10.167.1.1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) Data 1452 bytes. First 10 bytes: 012345678 recvmsg(sk=3) (stream=0 flags=0x1 ppid=635909742 close(sk=3) :: [ 00:41:45 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.1.254 -p 8888 -s -c 1 -x 1 -X 1' (Expected 0, got 0) Notification: SCTP_ASSOC_CHANGE(SHUTDOWN_COMPLETE) (assoc_change: state=3, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 00:41:46 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 3 flow entries have been shown. sctp 132 9 CLOSED src=10.167.1.1 dst=10.167.1.254 sport=6013 dport=8888 src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=6013 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 111 TIME_WAIT src=10.167.1.1 dst=10.167.1.254 sport=51886 dport=8888 src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=51886 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 udp 17 22 src=10.167.1.1 dst=10.167.1.254 sport=35969 dport=8888 [UNREPLIED] src=10.167.2.2 dst=10.167.1.1 sport=9999 dport=35969 secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 00:41:46 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:41:47 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 00:41:47 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 00:41:47 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' :: [ 00:41:50 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 21 packets captured 21 packets received by filter 0 packets dropped by kernel :: [ 00:41:50 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) Terminated :: [ 00:41:51 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 00:41:51 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 00:41:52 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file dnat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 00:41:37.782246 IP 10.167.1.1.51886 > 10.167.2.2.9999: Flags [S], seq 985711226, win 64240, options [mss 1460,sackOK,TS val 3465476257 ecr 0,nop,wscale 7], length 0 00:41:37.782685 IP 10.167.2.2.9999 > 10.167.1.1.51886: Flags [S.], seq 36894011, ack 985711227, win 65160, options [mss 1460,sackOK,TS val 1812032954 ecr 3465476257,nop,wscale 7], length 0 00:41:37.782965 IP 10.167.1.1.51886 > 10.167.2.2.9999: Flags [.], ack 1, win 502, options [nop,nop,TS val 3465476259 ecr 1812032954], length 0 00:41:37.785242 IP 10.167.2.2.9999 > 10.167.1.1.51886: Flags [F.], seq 1, ack 1, win 510, options [nop,nop,TS val 1812032956 ecr 3465476259], length 0 00:41:37.785681 IP 10.167.1.1.51886 > 10.167.2.2.9999: Flags [.], ack 2, win 502, options [nop,nop,TS val 3465476261 ecr 1812032956], length 0 00:41:37.786180 IP 10.167.1.1.51886 > 10.167.2.2.9999: Flags [P.], seq 1:5, ack 2, win 502, options [nop,nop,TS val 3465476262 ecr 1812032956], length 4 00:41:37.786347 IP 10.167.2.2.9999 > 10.167.1.1.51886: Flags [.], ack 5, win 510, options [nop,nop,TS val 1812032957 ecr 3465476262], length 0 00:41:37.786948 IP 10.167.1.1.51886 > 10.167.2.2.9999: Flags [F.], seq 5, ack 2, win 502, options [nop,nop,TS val 3465476263 ecr 1812032957], length 0 00:41:37.787149 IP 10.167.2.2.9999 > 10.167.1.1.51886: Flags [.], ack 6, win 510, options [nop,nop,TS val 1812032958 ecr 3465476263], length 0 00:41:38.791718 IP 10.167.1.1.35969 > 10.167.2.2.9999: UDP, length 4 00:41:45.379826 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [INIT] [init tag: 3254833283] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 859096292] 00:41:45.380734 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [INIT ACK] [init tag: 3100691497] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 2039774976] 00:41:45.382096 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [COOKIE ECHO] 00:41:45.382197 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [DATA] (U)(B) [TSN: 859096292] [SID: 0] [SSEQ 0] [PPID 0x6e36e725] 00:41:45.383236 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [COOKIE ACK] 00:41:45.383809 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [SACK] [cum ack 859096292] [a_rwnd 105244] [#gap acks 0] [#dup tsns 0] 00:41:45.384715 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [DATA] (U)(E) [TSN: 859096293] [SID: 0] [SSEQ 0] [PPID 0x6e36e725] 00:41:45.590181 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [SACK] [cum ack 859096293] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 00:41:45.591050 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [SHUTDOWN] 00:41:45.591560 IP 10.167.2.2.9999 > 10.167.1.1.6013: sctp (1) [SHUTDOWN ACK] 00:41:45.592594 IP 10.167.1.1.6013 > 10.167.2.2.9999: sctp (1) [SHUTDOWN COMPLETE] egrep: warning: egrep is obsolescent; using grep -E :: [ 00:41:53 ] :: [ INFO ] :: Sending dnat.pcap as dnat.pcap Uploading dnat.pcap .done :: [ 00:41:53 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 60 DNAT 6 -- r_c * 0.0.0.0/0 0.0.0.0/0 to:10.167.2.2:9999 1 32 DNAT 17 -- r_c * 0.0.0.0/0 0.0.0.0/0 to:10.167.2.2:9999 1 68 DNAT 132 -- r_c * 0.0.0.0/0 0.0.0.0/0 to:10.167.2.2:9999 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:41:54 ] :: [ PASS ] :: Command 'ip netns exec router iptables -tnat -nvL' (Expected 0, got 0) :: [ 00:41:54 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -tnat -F' :: [ 00:41:54 ] :: [ PASS ] :: Command 'ip netns exec router iptables -tnat -F' (Expected 0, got 0) Terminated :: [ 00:41:55 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 00:41:55 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source 10.167.2.254:1234' :: [ 00:41:55 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source 10.167.2.254:1234' (Expected 0, got 0) :: [ 00:41:56 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source 10.167.2.254:1234' :: [ 00:41:56 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source 10.167.2.254:1234' (Expected 0, got 0) :: [ 00:41:57 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' :: [ 00:41:57 ] :: [ PASS ] :: Command 'ip netns exec server iptables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 00:41:58 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' :: [ 00:41:58 ] :: [ PASS ] :: Command 'ip netns exec server iptables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 00:41:58 ] :: [ BEGIN ] :: Running 'ip netns exec router tcpdump -nni r_s -w snat.pcap' :: [ 00:41:58 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 00:41:59 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -l 9999 ' :: [ 00:41:59 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -4 -u -l 9999 ' :: [ 00:42:02 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:42:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 10.167.2.2 9999' abc :: [ 00:42:03 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 10.167.2.2 9999' (Expected 0, got 0) :: [ 00:42:03 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 00:42:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -4 -u 10.167.2.2 9999' abc :: [ 00:42:04 ] :: [ PASS ] :: Command 'ip netns exec client ncat -4 -u 10.167.2.2 9999' (Expected 0, got 0) :: [ 00:42:04 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 2 flow entries have been shown. udp 17 29 src=10.167.1.1 dst=10.167.2.2 sport=59322 dport=9999 [UNREPLIED] src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 118 TIME_WAIT src=10.167.1.1 dst=10.167.2.2 sport=34808 dport=9999 src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 00:42:04 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:42:05 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source 10.167.2.254:1234' :: [ 00:42:05 ] :: [ PASS ] :: Command 'ip netns exec router iptables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source 10.167.2.254:1234' (Expected 0, got 0) :: [ 00:42:06 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' :: [ 00:42:06 ] :: [ PASS ] :: Command 'ip netns exec server iptables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 00:42:07 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 00:42:07 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=0.0.0.0, port=distinct, family=2 seed = 1675057327 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 00:42:10 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:42:10 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.2.2 -p 9999 -s -c 1 -x 1 -X 1' remote:addr=10.167.2.2, port=distinct, family=2 local:addr=10.167.1.1, port=6013, family=2 seed = 1675057330 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:10.167.1.1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) (stream=0 flags=0x1 ppid=549946279 close(sk=3) Data 1452 bytes. First 10 bytes: 012345678 recvmsg(sk=3) :: [ 00:42:11 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 10.167.1.1 -P 6013 -h 10.167.2.2 -p 9999 -s -c 1 -x 1 -X 1' (Expected 0, got 0) Notification: SCTP_ASSOC_CHANGE(SHUTDOWN_COMPLETE) (assoc_change: state=3, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 00:42:11 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 3 flow entries have been shown. udp 17 22 src=10.167.1.1 dst=10.167.2.2 sport=59322 dport=9999 [UNREPLIED] src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 111 TIME_WAIT src=10.167.1.1 dst=10.167.2.2 sport=34808 dport=9999 src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 sctp 132 9 CLOSED src=10.167.1.1 dst=10.167.2.2 sport=6013 dport=9999 src=10.167.2.2 dst=10.167.2.254 sport=9999 dport=1234 [ASSURED] secctx=system_u:object_r:unlabeled_t:s0 use=1 :: [ 00:42:11 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:42:12 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 00:42:12 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 00:42:13 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' :: [ 00:42:15 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 20 packets captured 20 packets received by filter 0 packets dropped by kernel :: [ 00:42:16 ] :: [ PASS ] :: Command 'ip netns exec router tcpdump -nni r_s -w snat.pcap' (Expected 0, got 0) Terminated :: [ 00:42:16 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 00:42:16 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 00:42:17 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file snat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 00:42:02.997992 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [S], seq 2372843011, win 64240, options [mss 1460,sackOK,TS val 2352437363 ecr 0,nop,wscale 7], length 0 00:42:02.998346 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [S.], seq 1422340763, ack 2372843012, win 65160, options [mss 1460,sackOK,TS val 1007406112 ecr 2352437363,nop,wscale 7], length 0 00:42:02.998657 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [.], ack 1, win 502, options [nop,nop,TS val 2352437364 ecr 1007406112], length 0 00:42:02.999220 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [P.], seq 1:5, ack 1, win 502, options [nop,nop,TS val 2352437364 ecr 1007406112], length 4 00:42:02.999347 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [.], ack 5, win 510, options [nop,nop,TS val 1007406113 ecr 2352437364], length 0 00:42:02.999683 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [F.], seq 5, ack 1, win 502, options [nop,nop,TS val 2352437365 ecr 1007406113], length 0 00:42:02.999873 IP 10.167.2.2.9999 > 10.167.2.254.1234: Flags [F.], seq 1, ack 6, win 510, options [nop,nop,TS val 1007406114 ecr 2352437365], length 0 00:42:03.000266 IP 10.167.2.254.1234 > 10.167.2.2.9999: Flags [.], ack 2, win 502, options [nop,nop,TS val 2352437365 ecr 1007406114], length 0 00:42:03.847547 IP 10.167.2.254.1234 > 10.167.2.2.9999: UDP, length 4 00:42:10.877906 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [INIT] [init tag: 1161730831] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 1287185882] 00:42:10.878803 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [INIT ACK] [init tag: 2207822932] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 2103395807] 00:42:10.880760 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [COOKIE ECHO] 00:42:10.880871 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [DATA] (U)(B) [TSN: 1287185882] [SID: 0] [SSEQ 0] [PPID 0xa783c720] 00:42:10.882022 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [COOKIE ACK] 00:42:10.882550 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [SACK] [cum ack 1287185882] [a_rwnd 105244] [#gap acks 0] [#dup tsns 0] 00:42:10.883219 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [DATA] (U)(E) [TSN: 1287185883] [SID: 0] [SSEQ 0] [PPID 0xa783c720] 00:42:11.085681 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [SACK] [cum ack 1287185883] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 00:42:11.086265 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [SHUTDOWN] 00:42:11.086704 IP 10.167.2.2.9999 > 10.167.2.254.1234: sctp (1) [SHUTDOWN ACK] 00:42:11.087426 IP 10.167.2.254.1234 > 10.167.2.2.9999: sctp (1) [SHUTDOWN COMPLETE] egrep: warning: egrep is obsolescent; using grep -E :: [ 00:42:18 ] :: [ INFO ] :: Sending snat.pcap as snat.pcap Uploading snat.pcap .done :: [ 00:42:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 60 SNAT 6 -- * r_s 0.0.0.0/0 0.0.0.0/0 to:10.167.2.254:1234 1 32 SNAT 17 -- * r_s 0.0.0.0/0 0.0.0.0/0 to:10.167.2.254:1234 1 68 SNAT 132 -- * r_s 0.0.0.0/0 0.0.0.0/0 to:10.167.2.254:1234 :: [ 00:42:19 ] :: [ PASS ] :: Command 'ip netns exec router iptables -tnat -nvL' (Expected 0, got 0) :: [ 00:42:19 ] :: [ BEGIN ] :: Running 'ip netns exec router iptables -F' :: [ 00:42:20 ] :: [ PASS ] :: Command 'ip netns exec router iptables -F' (Expected 0, got 0) :: [ 00:42:20 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -nvL' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP 6 -- s_r * 0.0.0.0/0 0.0.0.0/0 tcp spt:!1234 0 0 DROP 17 -- s_r * 0.0.0.0/0 0.0.0.0/0 udp spt:!1234 0 0 DROP 132 -- s_r * 0.0.0.0/0 0.0.0.0/0 sctp spt:!1234 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:42:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -nvL' (Expected 0, got 0) :: [ 00:42:21 ] :: [ BEGIN ] :: Running 'ip netns exec server iptables -F' :: [ 00:42:21 ] :: [ PASS ] :: Command 'ip netns exec server iptables -F' (Expected 0, got 0) Terminated :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 55s :: Assertions: 40 good, 0 bad :: [ 00:42:22 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: RESULT: PASS (iptables: Plain NAT test) ** iptables-Plain-NAT-test PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:42:31 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 00:43:42 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 72s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:43:52 ] :: [ LOG ] :: Phases fingerprint: 3TFH3dbq :: [ 00:43:52 ] :: [ LOG ] :: Asserts fingerprint: zya7aOOQ Uploading journal.xml .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 428s :: Phases: 4 good, 0 bad :: OVERALL RESULT: PASS (unknown) PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.289 ms --- ::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.289/0.289/0.289/0.000 ms :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:43:56 ] :: [ BEGIN ] :: ipv6 topo init done... :: actually running 'do_setup ipv6' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv6x == \i\p\v\6\x ]] +++ ip netns exec router sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 +++ ip_c=2001:db8:ffff:21::1 +++ ip_s=2001:db8:ffff:22::2 +++ ip_rc=2001:db8:ffff:21::fffe +++ ip_rs=2001:db8:ffff:22::fffe +++ N=64 +++ nodad=nodad +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=3.01 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.589 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.474 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.432 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.447 ms --- 2001:db8:ffff:22::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 820ms rtt min/avg/max/mdev = 0.432/0.990/3.010/1.011 ms PING 2001:db8:ffff:21::1(2001:db8:ffff:21::1) from 2001:db8:ffff:22::2 s_r: 56 data bytes 64 bytes from 2001:db8:ffff:21::1: icmp_seq=1 ttl=63 time=0.572 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=2 ttl=63 time=0.436 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=3 ttl=63 time=0.510 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=4 ttl=63 time=0.475 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=5 ttl=63 time=0.481 ms --- 2001:db8:ffff:21::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 830ms rtt min/avg/max/mdev = 0.436/0.494/0.572/0.045 ms :: [ 00:44:02 ] :: [ PASS ] :: ipv6 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv6) ** Forward-ipv6 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: ip6tables: Basic TARGETS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:44:11 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:44:11 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:44:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:44:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:44:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:44:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.461 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.388 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.391 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2029ms rtt min/avg/max/mdev = 0.388/0.413/0.461/0.033 ms :: [ 00:44:16 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:44:17 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:44:17 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:44:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 00:44:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:44:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:44:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:19 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:44:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:44:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:44:21 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:44:21 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:22 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2036ms :: [ 00:44:25 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:44:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:44:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:44:27 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 00:44:27 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:44:27 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:44:28 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:28 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:44:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -N TEST' :: [ 00:44:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -N TEST' (Expected 0, got 0) :: [ 00:44:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:44:30 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:44:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:44:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:44:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:44:32 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:44:32 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:44:32 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:33 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.452 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.609 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.509 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.452/0.523/0.609/0.064 ms :: [ 00:44:35 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:44:36 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:44:36 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:44:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 00:44:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:44:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -X' :: [ 00:44:38 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -X' (Expected 0, got 0) :: [ 00:44:38 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:44:38 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:44:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:40 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:44:40 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:41 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:44:41 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:44:41 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.472 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.466 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.515 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2067ms rtt min/avg/max/mdev = 0.466/0.484/0.515/0.021 ms :: [ 00:44:44 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:44:44 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:44:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:44:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 00:44:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:44:46 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:44:46 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:47 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:44:47 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:47 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:44:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:44:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:44:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:49 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2083ms :: [ 00:44:53 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:44:53 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:44:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:44:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 00:44:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:44:55 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:44:55 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:44:56 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:44:56 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -N TEST' :: [ 00:44:57 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -N TEST' (Expected 0, got 0) :: [ 00:44:57 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 00:44:57 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 00:44:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:44:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:44:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 00:44:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 00:44:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:45:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.454 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.509 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.501 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2045ms rtt min/avg/max/mdev = 0.454/0.488/0.509/0.024 ms :: [ 00:45:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:45:03 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:45:03 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:45:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -F' :: [ 00:45:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:45:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t filter -X' :: [ 00:45:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t filter -X' (Expected 0, got 0) :: [ 00:45:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:45:07 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:07 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:45:07 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:45:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:45:09 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.512 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.413 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.518 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2081ms rtt min/avg/max/mdev = 0.413/0.481/0.518/0.048 ms :: [ 00:45:11 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:45:11 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:45:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:45:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:45:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:45:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:45:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:15 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:45:15 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:45:15 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:45:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:17 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2036ms :: [ 00:45:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:45:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:45:21 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:45:21 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:45:21 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:45:22 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:22 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:45:23 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 00:45:24 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:45:24 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:45:24 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:45:25 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:45:25 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:45:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:45:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:45:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:45:27 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.381 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.420 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.452 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2054ms rtt min/avg/max/mdev = 0.381/0.417/0.452/0.029 ms :: [ 00:45:30 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:45:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:45:30 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:45:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:45:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:45:32 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 00:45:32 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:45:32 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:33 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:33 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:45:33 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:45:34 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:45:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:45:36 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.463 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.539 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.481 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2074ms rtt min/avg/max/mdev = 0.463/0.494/0.539/0.032 ms :: [ 00:45:38 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:45:38 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:45:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:45:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:45:40 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:45:40 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:40 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:41 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:45:41 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:41 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:45:42 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:45:42 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:45:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:43 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2065ms :: [ 00:45:47 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:45:47 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:45:47 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:45:48 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:45:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:45:49 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:49 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:49 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:45:50 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:50 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 00:45:50 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:45:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:45:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:45:52 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:45:52 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:45:52 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:45:53 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:45:53 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:45:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:45:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.437 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.427 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.480 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2073ms rtt min/avg/max/mdev = 0.427/0.448/0.480/0.023 ms :: [ 00:45:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:45:57 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:45:57 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:45:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:45:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:45:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 00:45:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:45:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:45:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:46:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:46:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:46:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.488 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.450 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.433 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2072ms rtt min/avg/max/mdev = 0.433/0.457/0.488/0.023 ms :: [ 00:46:05 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:46:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:46:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:46:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:46:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:46:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:46:07 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:07 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:46:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:46:09 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:46:09 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:10 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2028ms :: [ 00:46:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:46:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:46:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:46:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:46:15 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:46:15 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:46:15 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:17 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 00:46:17 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:46:17 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 00:46:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 00:46:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:46:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:46:19 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 00:46:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 00:46:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:46:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.683 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.405 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.420 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2053ms rtt min/avg/max/mdev = 0.405/0.502/0.683/0.127 ms :: [ 00:46:23 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:46:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:46:24 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:46:24 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:46:24 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:46:25 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 00:46:25 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:46:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:46:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:27 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:27 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:46:27 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:28 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:46:28 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:46:29 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.349 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.441 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.415 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2076ms rtt min/avg/max/mdev = 0.349/0.401/0.441/0.038 ms :: [ 00:46:31 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:46:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:46:32 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:46:32 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:46:32 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:46:33 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:46:33 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:34 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:46:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:46:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:46:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:36 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2078ms :: [ 00:46:40 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:46:40 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:46:40 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:46:41 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:46:41 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:46:42 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:46:42 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:42 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -N TEST' :: [ 00:46:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:46:44 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 00:46:44 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 00:46:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:46:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:46:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 00:46:46 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 00:46:46 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:46:46 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -A POSTROUTING -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.352 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.428 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.441 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2027ms rtt min/avg/max/mdev = 0.352/0.407/0.441/0.039 ms :: [ 00:46:49 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:46:50 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:46:50 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:46:50 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -F' :: [ 00:46:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:46:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t mangle -X' :: [ 00:46:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:46:52 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:46:52 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:53 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:46:53 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:53 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:46:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:46:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:46:55 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:46:55 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.367 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.426 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.441 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2089ms rtt min/avg/max/mdev = 0.367/0.411/0.441/0.031 ms :: [ 00:46:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:46:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:46:58 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:46:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 00:46:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:46:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:47:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:47:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:47:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:03 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2048ms :: [ 00:47:06 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:47:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:47:07 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:47:07 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 00:47:07 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:47:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:09 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:09 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:09 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -N TEST' :: [ 00:47:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -N TEST' (Expected 0, got 0) :: [ 00:47:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:47:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:47:11 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:47:11 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:47:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:47:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:47:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:47:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A PREROUTING -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:13 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.546 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.429 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.486 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.429/0.487/0.546/0.047 ms :: [ 00:47:16 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:47:16 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:47:16 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:47:17 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 00:47:17 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:47:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -X' :: [ 00:47:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -X' (Expected 0, got 0) :: [ 00:47:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:19 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:47:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:21 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:47:21 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:47:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.350 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.398 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.467 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2071ms rtt min/avg/max/mdev = 0.350/0.405/0.467/0.048 ms :: [ 00:47:24 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:47:24 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:47:25 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:47:25 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 00:47:25 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:47:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:26 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:26 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:27 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:27 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:47:28 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:47:28 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:47:28 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:29 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2033ms :: [ 00:47:32 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:47:33 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:47:33 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:47:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 00:47:34 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:47:34 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:35 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:35 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:36 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -N TEST' :: [ 00:47:36 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -N TEST' (Expected 0, got 0) :: [ 00:47:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 00:47:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 00:47:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:47:38 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:47:38 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 00:47:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 00:47:39 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:47:39 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:40 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.357 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.435 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.463 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.357/0.418/0.463/0.044 ms :: [ 00:47:42 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:47:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:47:43 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:47:43 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -F' :: [ 00:47:44 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:47:44 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t raw -X' :: [ 00:47:44 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t raw -X' (Expected 0, got 0) :: [ 00:47:45 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:45 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:46 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:46 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:46 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:47:47 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:47 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:47:48 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:47:48 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.347 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.441 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.415 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2059ms rtt min/avg/max/mdev = 0.347/0.401/0.441/0.039 ms :: [ 00:47:50 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:47:51 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:47:51 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:47:52 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 00:47:52 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 00:47:52 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:47:53 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:53 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:47:53 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:54 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:47:54 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:47:55 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:47:55 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:47:56 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2029ms :: [ 00:47:59 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:48:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:48:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:48:00 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 00:48:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 00:48:01 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:01 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:02 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:02 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:03 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -N TEST' :: [ 00:48:03 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -N TEST' (Expected 0, got 0) :: [ 00:48:03 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:48:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:48:04 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:48:04 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:48:05 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:48:05 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:48:06 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:48:06 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A INPUT -i s_r -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.415 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.500 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.429 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2065ms rtt min/avg/max/mdev = 0.415/0.448/0.500/0.037 ms :: [ 00:48:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:48:09 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- s_r * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:48:09 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:48:10 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 00:48:10 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 00:48:11 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -X' :: [ 00:48:11 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -X' (Expected 0, got 0) :: [ 00:48:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:12 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:12 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:13 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:13 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:48:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:14 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:48:14 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:48:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.411 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.483 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.373 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2077ms rtt min/avg/max/mdev = 0.373/0.422/0.483/0.045 ms :: [ 00:48:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:48:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:48:18 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:48:18 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 00:48:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 00:48:19 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:19 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:20 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:20 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:21 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:48:21 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:48:22 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:48:22 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2062ms :: [ 00:48:26 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:48:27 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:48:27 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:48:27 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 00:48:28 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 00:48:28 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:28 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:29 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:29 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -N TEST' :: [ 00:48:30 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -N TEST' (Expected 0, got 0) :: [ 00:48:30 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' :: [ 00:48:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j RETURN' (Expected 0, got 0) :: [ 00:48:31 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' :: [ 00:48:31 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A TEST -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j DROP' (Expected 0, got 0) :: [ 00:48:32 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' :: [ 00:48:32 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j TEST' (Expected 0, got 0) :: [ 00:48:33 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' :: [ 00:48:33 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -A OUTPUT -o s_r -s 2001:db8:ffff:22::2 -d 2001:db8:ffff:21::1 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:33 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.348 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.538 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.481 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2077ms rtt min/avg/max/mdev = 0.348/0.455/0.538/0.079 ms :: [ 00:48:36 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:48:36 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 3 312 ACCEPT 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 0 0 DROP 0 -- * s_r 2001:db8:ffff:22::2 2001:db8:ffff:21::1 :: [ 00:48:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:48:37 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -F' :: [ 00:48:37 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -F' (Expected 0, got 0) :: [ 00:48:38 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -t security -X' :: [ 00:48:38 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -t security -X' (Expected 0, got 0) :: [ 00:48:39 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:39 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:39 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:40 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:40 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:48:40 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:48:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:48:42 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.402 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.456 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.530 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2080ms rtt min/avg/max/mdev = 0.402/0.462/0.530/0.052 ms :: [ 00:48:44 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:48:45 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:48:45 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:48:45 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -F' :: [ 00:48:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:48:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:47 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:47 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:48 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:48:48 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:48:48 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:48:49 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:50 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2076ms :: [ 00:48:53 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:48:53 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:48:54 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:48:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -F' :: [ 00:48:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:48:55 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:48:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:56 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:48:56 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:48:57 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -N TEST' :: [ 00:48:57 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -N TEST' (Expected 0, got 0) :: [ 00:48:57 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:48:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:48:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:48:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:48:59 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:48:59 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:49:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:00 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.360 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.420 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.472 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2038ms rtt min/avg/max/mdev = 0.360/0.417/0.472/0.045 ms :: [ 00:49:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:49:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:49:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -L -n -v' (Expected 0, got 0) :: [ 00:49:04 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -F' :: [ 00:49:04 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -F' (Expected 0, got 0) :: [ 00:49:05 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t filter -X' :: [ 00:49:05 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t filter -X' (Expected 0, got 0) :: [ 00:49:05 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:49:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:49:07 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:07 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:07 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:08 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:49:08 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:49:09 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.444 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.437 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.962 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.437/0.614/0.962/0.245 ms :: [ 00:49:11 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:49:11 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:49:12 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:49:12 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:49:12 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:49:13 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:49:13 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:14 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:49:14 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:14 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:49:15 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:49:15 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:16 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:16 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2029ms :: [ 00:49:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:49:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:49:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:49:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:49:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:49:22 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:49:22 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:23 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:49:23 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:23 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -N TEST' :: [ 00:49:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:49:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:49:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:49:25 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:49:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:49:26 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:49:26 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:49:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.399 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.479 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.989 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2057ms rtt min/avg/max/mdev = 0.399/0.622/0.989/0.261 ms :: [ 00:49:30 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:49:30 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:49:31 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:49:31 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:49:31 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:49:32 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -X' :: [ 00:49:32 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:49:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:49:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:49:34 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:34 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:34 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:49:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:49:36 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.533 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.500 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.517 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2043ms rtt min/avg/max/mdev = 0.500/0.516/0.533/0.013 ms :: [ 00:49:38 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:49:39 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:49:39 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:49:39 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:49:40 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:49:40 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:49:40 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:49:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:42 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:49:42 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:49:42 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:43 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:44 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2062ms :: [ 00:49:47 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:49:47 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:49:48 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:49:48 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:49:48 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:49:49 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:49:49 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:50 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:49:50 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:51 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -N TEST' :: [ 00:49:51 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:49:51 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:49:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:49:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:49:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:49:53 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:49:53 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:49:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:49:54 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:49:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.359 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.489 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.438 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2045ms rtt min/avg/max/mdev = 0.359/0.428/0.489/0.053 ms :: [ 00:49:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:49:57 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:49:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:49:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:49:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:49:59 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -X' :: [ 00:49:59 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:50:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:00 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:01 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:02 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:02 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.352 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.421 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.387 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.352/0.386/0.421/0.028 ms :: [ 00:50:05 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:50:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:50:06 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:50:06 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:50:07 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:50:07 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:07 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:08 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:08 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:09 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:09 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:09 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:10 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:10 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2043ms :: [ 00:50:14 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:50:14 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:50:15 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:50:15 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:50:15 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:50:16 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:16 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:17 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:17 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:17 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -N TEST' :: [ 00:50:18 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -N TEST' (Expected 0, got 0) :: [ 00:50:18 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:50:18 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:50:19 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:19 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A TEST -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:50:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:50:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -A POSTROUTING -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.447 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.391 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.411 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2070ms rtt min/avg/max/mdev = 0.391/0.416/0.447/0.023 ms :: [ 00:50:24 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:50:24 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- * r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:50:24 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -L -n -v' (Expected 0, got 0) :: [ 00:50:25 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -F' :: [ 00:50:25 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -F' (Expected 0, got 0) :: [ 00:50:26 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t mangle -X' :: [ 00:50:26 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t mangle -X' (Expected 0, got 0) :: [ 00:50:26 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:27 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:27 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:28 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:28 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:28 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:29 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:29 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:30 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.405 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.409 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.396 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2074ms rtt min/avg/max/mdev = 0.396/0.403/0.409/0.005 ms :: [ 00:50:32 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:50:32 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 1 72 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:50:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:50:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -F' :: [ 00:50:33 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:50:34 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:34 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:35 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:35 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:36 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:36 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:37 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:37 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2088ms :: [ 00:50:41 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:50:41 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 64 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:50:41 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:50:42 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -F' :: [ 00:50:42 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:50:43 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:43 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:44 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:44 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -N TEST' :: [ 00:50:45 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -N TEST' (Expected 0, got 0) :: [ 00:50:45 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:50:45 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:50:46 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:46 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A TEST -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:47 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:50:47 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:50:48 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:48 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -A PREROUTING -i r_c -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:49 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.406 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.394 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.388 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2079ms rtt min/avg/max/mdev = 0.388/0.396/0.406/0.007 ms :: [ 00:50:51 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:50:51 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -L -n -v' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c * 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:50:52 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -L -n -v' (Expected 0, got 0) :: [ 00:50:52 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -F' :: [ 00:50:53 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -F' (Expected 0, got 0) :: [ 00:50:53 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t raw -X' :: [ 00:50:53 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t raw -X' (Expected 0, got 0) :: [ 00:50:54 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:50:54 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:55 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:50:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:56 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:50:56 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:50:56 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:50:57 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:50:57 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.424 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.472 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.403 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2033ms rtt min/avg/max/mdev = 0.403/0.433/0.472/0.028 ms :: [ 00:51:00 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:51:00 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:51:00 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:51:01 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -F' :: [ 00:51:01 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -F' (Expected 0, got 0) :: [ 00:51:02 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:51:02 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:51:02 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:51:03 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:51:03 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:51:04 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:51:04 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:51:04 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:51:05 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2077ms :: [ 00:51:09 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:51:09 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:51:09 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:51:10 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -F' :: [ 00:51:10 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -F' (Expected 0, got 0) :: [ 00:51:11 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' :: [ 00:51:11 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 136 -j ACCEPT' (Expected 0, got 0) :: [ 00:51:11 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' :: [ 00:51:12 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -p icmpv6 -m icmp6 --icmpv6-type 135 -j ACCEPT' (Expected 0, got 0) :: [ 00:51:12 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -N TEST' :: [ 00:51:13 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -N TEST' (Expected 0, got 0) :: [ 00:51:13 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' :: [ 00:51:13 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j RETURN' (Expected 0, got 0) :: [ 00:51:14 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' :: [ 00:51:14 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A TEST -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j DROP' (Expected 0, got 0) :: [ 00:51:15 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' :: [ 00:51:15 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j TEST' (Expected 0, got 0) :: [ 00:51:16 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' :: [ 00:51:16 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -A FORWARD -i r_c -o r_s -s 2001:db8:ffff:21::1 -d 2001:db8:ffff:22::2 -j ACCEPT' (Expected 0, got 0) :: [ 00:51:16 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.522 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.415 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.476 ms --- 2001:db8:ffff:22::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2036ms rtt min/avg/max/mdev = 0.415/0.471/0.522/0.043 ms :: [ 00:51:19 ] :: [ PASS ] :: Command 'ip netns exec client ping -W 1 -6 -I c_r 2001:db8:ffff:22::2 -c3' (Expected 0, got 0) :: [ 00:51:19 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -L -n -v' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT 58 -- * * ::/0 ::/0 ipv6-icmptype 135 3 312 TEST 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 3 312 ACCEPT 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain TEST (1 references) pkts bytes target prot opt in out source destination 3 312 RETURN 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 0 0 DROP 0 -- r_c r_s 2001:db8:ffff:21::1 2001:db8:ffff:22::2 :: [ 00:51:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -L -n -v' (Expected 0, got 0) :: [ 00:51:20 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -F' :: [ 00:51:20 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -F' (Expected 0, got 0) :: [ 00:51:21 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t security -X' :: [ 00:51:21 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t security -X' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 432s :: Assertions: 400 good, 0 bad :: RESULT: PASS (ip6tables: Basic TARGETS) ** ip6tables-Basic-TARGETS PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: ip6tables: Plain NAT test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:51:31 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server modprobe sctp && SCTP=true ' :: [ 00:51:31 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 00:51:32 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 1' :: [ 00:51:33 ] :: [ PASS ] :: Command 'ip netns exec server sleep 1' (Expected 0, got 0) :: [ 00:51:33 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' :: [ 00:51:34 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p tcp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' (Expected 0, got 0) :: [ 00:51:34 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' :: [ 00:51:34 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p udp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' (Expected 0, got 0) :: [ 00:51:35 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 00:51:35 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec router tcpdump -nni r_s -w dnat.pcap ' :: [ 00:51:35 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -l 9999 ' :: [ 00:51:35 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -u -l 9999 ' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 00:51:38 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:51:39 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 2001:db8:ffff:21::fffe 8888' abc :: [ 00:51:39 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 2001:db8:ffff:21::fffe 8888' (Expected 0, got 0) :: [ 00:51:39 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 00:51:40 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 -u 2001:db8:ffff:21::fffe 8888' abc :: [ 00:51:40 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 -u 2001:db8:ffff:21::fffe 8888' (Expected 0, got 0) :: [ 00:51:41 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 00:51:41 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:51:42 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' :: [ 00:51:42 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A PREROUTING -i r_c -p sctp -j DNAT --to-destination [2001:db8:ffff:22::2]:9999' (Expected 0, got 0) :: [ 00:51:42 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 00:51:43 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=::ffff:0.0.0.0, port=distinct, family=10 seed = 1675057903 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:::ffff:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 00:51:46 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:51:46 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:21::fffe -p 8888 -s -c 1 -x 1 -X 1' remote:addr=2001:db8:ffff:21::fffe, port=ddi-tcp-1, family=10 local:addr=2001:db8:ffff:21::1, port=6013, family=10 seed = 1675057906 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:2001:db8:ffff:21::1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCV(stream=0 flags=0x1 ppid=1467069243 close(sk=3) Notification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) Data 1452 bytes. First 10 bytes: 012345678 recvmsg(sk=3) :: [ 00:51:46 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:21::fffe -p 8888 -s -c 1 -x 1 -X 1' (Expected 0, got 0) Notification: SCTP_ASSOC_CHANGE(SHUTDOWN_COMPLETE) (assoc_change: state=3, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 00:51:47 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 00:51:47 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:51:48 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 00:51:48 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 00:51:49 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' :: [ 00:51:51 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 25 packets captured 25 packets received by filter 0 packets dropped by kernel :: [ 00:51:52 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) Terminated :: [ 00:51:52 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 00:51:52 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 00:51:53 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file dnat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 00:51:39.408979 IP6 2001:db8:ffff:21::1.52850 > 2001:db8:ffff:22::2.9999: Flags [S], seq 864246220, win 64800, options [mss 1440,sackOK,TS val 1359319522 ecr 0,nop,wscale 7], length 0 00:51:39.409310 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.52850: Flags [S.], seq 2307314059, ack 864246221, win 64260, options [mss 1440,sackOK,TS val 709459410 ecr 1359319522,nop,wscale 7], length 0 00:51:39.409657 IP6 2001:db8:ffff:21::1.52850 > 2001:db8:ffff:22::2.9999: Flags [.], ack 1, win 507, options [nop,nop,TS val 1359319522 ecr 709459410], length 0 00:51:39.410549 IP6 2001:db8:ffff:21::1.52850 > 2001:db8:ffff:22::2.9999: Flags [P.], seq 1:5, ack 1, win 507, options [nop,nop,TS val 1359319523 ecr 709459410], length 4 00:51:39.410795 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.52850: Flags [.], ack 5, win 502, options [nop,nop,TS val 709459412 ecr 1359319523], length 0 00:51:39.410926 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.52850: Flags [F.], seq 1, ack 5, win 502, options [nop,nop,TS val 709459412 ecr 1359319523], length 0 00:51:39.411103 IP6 2001:db8:ffff:21::1.52850 > 2001:db8:ffff:22::2.9999: Flags [F.], seq 5, ack 1, win 507, options [nop,nop,TS val 1359319524 ecr 709459412], length 0 00:51:39.411259 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.52850: Flags [.], ack 6, win 502, options [nop,nop,TS val 709459412 ecr 1359319524], length 0 00:51:39.411547 IP6 2001:db8:ffff:21::1.52850 > 2001:db8:ffff:22::2.9999: Flags [.], ack 2, win 507, options [nop,nop,TS val 1359319524 ecr 709459412], length 0 00:51:40.366384 IP6 2001:db8:ffff:21::1.45710 > 2001:db8:ffff:22::2.9999: UDP, length 4 00:51:44.653680 IP6 fe80::3c97:97ff:fe19:4009 > 2001:db8:ffff:22::fffe: ICMP6, neighbor solicitation, who has 2001:db8:ffff:22::fffe, length 32 00:51:44.654115 IP6 2001:db8:ffff:22::fffe > fe80::3c97:97ff:fe19:4009: ICMP6, neighbor advertisement, tgt is 2001:db8:ffff:22::fffe, length 24 00:51:46.837277 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [INIT] [init tag: 4284625635] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 2593739254] 00:51:46.838623 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [INIT ACK] [init tag: 2960142504] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 980538674] 00:51:46.840796 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [COOKIE ECHO] 00:51:46.840903 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(B) [TSN: 2593739254] [SID: 0] [SSEQ 0] [PPID 0x3bb37157] 00:51:46.842183 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [COOKIE ACK] 00:51:46.842913 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(E) [TSN: 2593739255] [SID: 0] [SSEQ 0] [PPID 0x3bb37157] 00:51:46.843119 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [SACK] [cum ack 2593739254] [a_rwnd 105264] [#gap acks 0] [#dup tsns 0] 00:51:47.046112 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [SACK] [cum ack 2593739255] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 00:51:47.047095 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [SHUTDOWN] 00:51:47.047705 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:21::1.6013: sctp (1) [SHUTDOWN ACK] 00:51:47.048742 IP6 2001:db8:ffff:21::1.6013 > 2001:db8:ffff:22::2.9999: sctp (1) [SHUTDOWN COMPLETE] 00:51:49.773679 IP6 fe80::38ce:d8ff:fe9c:699d > fe80::3c97:97ff:fe19:4009: ICMP6, neighbor solicitation, who has fe80::3c97:97ff:fe19:4009, length 32 00:51:49.773990 IP6 fe80::3c97:97ff:fe19:4009 > fe80::38ce:d8ff:fe9c:699d: ICMP6, neighbor advertisement, tgt is fe80::3c97:97ff:fe19:4009, length 24 egrep: warning: egrep is obsolescent; using grep -E :: [ 00:51:54 ] :: [ INFO ] :: Sending dnat.pcap as dnat.pcap Uploading dnat.pcap .done :: [ 00:51:55 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 80 DNAT 6 -- r_c * ::/0 ::/0 to:[2001:db8:ffff:22::2]:9999 1 52 DNAT 17 -- r_c * ::/0 ::/0 to:[2001:db8:ffff:22::2]:9999 1 88 DNAT 132 -- r_c * ::/0 ::/0 to:[2001:db8:ffff:22::2]:9999 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:51:55 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -tnat -nvL' (Expected 0, got 0) :: [ 00:51:56 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -tnat -F' :: [ 00:51:56 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -tnat -F' (Expected 0, got 0) Terminated :: [ 00:51:57 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 00:51:57 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' :: [ 00:51:57 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p tcp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' (Expected 0, got 0) :: [ 00:51:58 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' :: [ 00:51:58 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p udp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' (Expected 0, got 0) :: [ 00:51:58 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' :: [ 00:51:59 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -A INPUT -i s_r -p tcp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 00:51:59 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' :: [ 00:52:00 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -A INPUT -i s_r -p udp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 00:52:00 ] :: [ BEGIN ] :: Running 'ip netns exec router tcpdump -nni r_s -w snat.pcap' :: [ 00:52:00 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' dropped privs to tcpdump tcpdump: listening on r_s, link-type EN10MB (Ethernet), snapshot length 262144 bytes :: [ 00:52:00 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -u -l 9999 ' :: [ 00:52:01 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server ncat -6 -l 9999 ' :: [ 00:52:03 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:52:04 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 2001:db8:ffff:22::2 9999' abc :: [ 00:52:04 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 0) :: [ 00:52:04 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 2001:db8:ffff:22::2 9999' (Expected 0, got 0) :: [ 00:52:05 ] :: [ BEGIN ] :: Running 'ip netns exec client ncat -6 -u 2001:db8:ffff:22::2 9999' abc :: [ 00:52:06 ] :: [ PASS ] :: Command 'ip netns exec client ncat -6 -u 2001:db8:ffff:22::2 9999' (Expected 0, got 0) :: [ 00:52:06 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 00:52:07 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:52:07 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' :: [ 00:52:08 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -t nat -A POSTROUTING -o r_s -p sctp -j SNAT --to-source [2001:db8:ffff:22::fffe]:1234' (Expected 0, got 0) :: [ 00:52:08 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' :: [ 00:52:08 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -A INPUT -i s_r -p sctp ! --sport 1234 -j DROP' (Expected 0, got 0) :: [ 00:52:09 ] :: [ BEGIN ] :: Running 'ip netns exec server sleep 3' :: [ 00:52:09 ] :: [ BEGIN ] :: NoCheck :: actually running 'ip netns exec server sctp_test -H 0 -P 9999 -l ' local:addr=::ffff:0.0.0.0, port=distinct, family=10 seed = 1675057929 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:::ffff:0.0.0.0,p:distinct]) -- attempt 1/10 listen(sk=3,backlog=100) Server: Receiving packets. recvmsg(sk=3) :: [ 00:52:12 ] :: [ PASS ] :: Command 'ip netns exec server sleep 3' (Expected 0, got 0) :: [ 00:52:13 ] :: [ BEGIN ] :: Running 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:22::2 -p 9999 -s -c 1 -x 1 -X 1' remote:addr=2001:db8:ffff:22::2, port=distinct, family=10 local:addr=2001:db8:ffff:21::1, port=6013, family=10 seed = 1675057933 Starting tests... socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 bind(sk=3, [a:2001:db8:ffff:21::1,p:6013]) -- attempt 1/10 Client: Sending packets.(1/1) sendmsg(sk=3, assoc=0) 1452 bytes. SNDRCVNotification: SCTP_ASSOC_CHANGE(COMMUNICATION_UP) (assoc_change: state=0, error=0, instr=10 outstr=10) recvmsg(sk=3) (stream=0 flags=0x1 ppid=769892490 close(sk=3) Data 1452 bytes. First 10 bytes: 012345678 recvmsg(sk=3) :: [ 00:52:13 ] :: [ PASS ] :: Command 'ip netns exec client timeout 5 sctp_test -H 2001:db8:ffff:21::1 -P 6013 -h 2001:db8:ffff:22::2 -p 9999 -s -c 1 -x 1 -X 1' (Expected 0, got 0) Notification: SCTP_ASSOC_CHANGE(SHUTDOWN_COMPLETE) (assoc_change: state=3, error=0, instr=0 outstr=0) recvmsg(sk=3) :: [ 00:52:14 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -L' conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown. :: [ 00:52:14 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -L' (Expected 0, got 0) :: [ 00:52:15 ] :: [ BEGIN ] :: Running 'ip netns exec router conntrack -F' conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied. :: [ 00:52:15 ] :: [ PASS ] :: Command 'ip netns exec router conntrack -F' (Expected 0, got 0) :: [ 00:52:15 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 2' :: [ 00:52:18 ] :: [ PASS ] :: Command 'ip netns exec router sleep 2' (Expected 0, got 0) 23 packets captured 23 packets received by filter 0 packets dropped by kernel :: [ 00:52:18 ] :: [ PASS ] :: Command 'ip netns exec router tcpdump -nni r_s -w snat.pcap' (Expected 0, got 0) Terminated :: [ 00:52:19 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :: [ 00:52:19 ] :: [ BEGIN ] :: Running 'ip netns exec router sleep 1' :: [ 00:52:20 ] :: [ PASS ] :: Command 'ip netns exec router sleep 1' (Expected 0, got 0) reading from file snat.pcap, link-type EN10MB (Ethernet), snapshot length 262144 dropped privs to tcpdump 00:52:04.756897 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [S], seq 1917888887, win 64800, options [mss 1440,sackOK,TS val 1134248750 ecr 0,nop,wscale 7], length 0 00:52:04.757221 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [S.], seq 1204682964, ack 1917888888, win 64260, options [mss 1440,sackOK,TS val 1740011525 ecr 1134248750,nop,wscale 7], length 0 00:52:04.757530 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [.], ack 1, win 507, options [nop,nop,TS val 1134248750 ecr 1740011525], length 0 00:52:04.758072 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [P.], seq 1:5, ack 1, win 507, options [nop,nop,TS val 1134248751 ecr 1740011525], length 4 00:52:04.758213 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [.], ack 5, win 502, options [nop,nop,TS val 1740011526 ecr 1134248751], length 0 00:52:04.758316 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [F.], seq 1, ack 5, win 502, options [nop,nop,TS val 1740011526 ecr 1134248751], length 0 00:52:04.758545 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [F.], seq 5, ack 1, win 507, options [nop,nop,TS val 1134248751 ecr 1740011526], length 0 00:52:04.758693 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: Flags [.], ack 6, win 502, options [nop,nop,TS val 1740011527 ecr 1134248751], length 0 00:52:04.758916 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: Flags [.], ack 2, win 507, options [nop,nop,TS val 1134248752 ecr 1740011526], length 0 00:52:05.832171 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: UDP, length 4 00:52:10.253718 IP6 fe80::3c97:97ff:fe19:4009 > 2001:db8:ffff:22::fffe: ICMP6, neighbor solicitation, who has 2001:db8:ffff:22::fffe, length 32 00:52:10.254192 IP6 2001:db8:ffff:22::fffe > fe80::3c97:97ff:fe19:4009: ICMP6, neighbor advertisement, tgt is 2001:db8:ffff:22::fffe, length 24 00:52:13.338863 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [INIT] [init tag: 3099863485] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 2513632349] 00:52:13.339772 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [INIT ACK] [init tag: 3787125054] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 3949832862] 00:52:13.341054 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [COOKIE ECHO] 00:52:13.341162 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(B) [TSN: 2513632349] [SID: 0] [SSEQ 0] [PPID 0x8aa0e32d] 00:52:13.342224 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [COOKIE ACK] 00:52:13.342781 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [SACK] [cum ack 2513632349] [a_rwnd 105264] [#gap acks 0] [#dup tsns 0] 00:52:13.343364 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [DATA] (U)(E) [TSN: 2513632350] [SID: 0] [SSEQ 0] [PPID 0x8aa0e32d] 00:52:13.549757 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [SACK] [cum ack 2513632350] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 00:52:13.550536 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [SHUTDOWN] 00:52:13.551008 IP6 2001:db8:ffff:22::2.9999 > 2001:db8:ffff:22::fffe.1234: sctp (1) [SHUTDOWN ACK] 00:52:13.551924 IP6 2001:db8:ffff:22::fffe.1234 > 2001:db8:ffff:22::2.9999: sctp (1) [SHUTDOWN COMPLETE] egrep: warning: egrep is obsolescent; using grep -E :: [ 00:52:21 ] :: [ INFO ] :: Sending snat.pcap as snat.pcap Uploading snat.pcap .done :: [ 00:52:22 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -tnat -nvL' Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 80 SNAT 6 -- * r_s ::/0 ::/0 to:[2001:db8:ffff:22::fffe]:1234 1 52 SNAT 17 -- * r_s ::/0 ::/0 to:[2001:db8:ffff:22::fffe]:1234 1 88 SNAT 132 -- * r_s ::/0 ::/0 to:[2001:db8:ffff:22::fffe]:1234 :: [ 00:52:22 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -tnat -nvL' (Expected 0, got 0) :: [ 00:52:22 ] :: [ BEGIN ] :: Running 'ip netns exec router ip6tables -F' :: [ 00:52:23 ] :: [ PASS ] :: Command 'ip netns exec router ip6tables -F' (Expected 0, got 0) :: [ 00:52:23 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -nvL' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP 6 -- s_r * ::/0 ::/0 tcp spt:!1234 0 0 DROP 17 -- s_r * ::/0 ::/0 udp spt:!1234 0 0 DROP 132 -- s_r * ::/0 ::/0 sctp spt:!1234 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination :: [ 00:52:24 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -nvL' (Expected 0, got 0) :: [ 00:52:24 ] :: [ BEGIN ] :: Running 'ip netns exec server ip6tables -F' :: [ 00:52:25 ] :: [ PASS ] :: Command 'ip netns exec server ip6tables -F' (Expected 0, got 0) Terminated :: [ 00:52:25 ] :: [ PASS ] :: NoCheck (Expected 0-255, got 143) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 56s :: Assertions: 40 good, 0 bad :: RESULT: PASS (ip6tables: Plain NAT test) ** ip6tables-Plain-NAT-test PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:52:35 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 00:53:45 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 71s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:53:54 ] :: [ LOG ] :: Phases fingerprint: 3TFH3dbq :: [ 00:53:54 ] :: [ LOG ] :: Asserts fingerprint: N/nBkyJS Uploading journal.xml ..done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1030s :: Phases: 8 good, 0 bad :: OVERALL RESULT: PASS (unknown) /usr/sbin/nft :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv4 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:53:58 ] :: [ BEGIN ] :: ipv4 topo init done... :: actually running 'do_setup ipv4' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv4x == \i\p\v\6\x ]] +++ [[ ipv4x == \i\p\v\4\x ]] +++ ip netns exec router sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 +++ ip_c=10.167.1.1 +++ ip_s=10.167.2.2 +++ ip_rc=10.167.1.254 +++ ip_rs=10.167.2.254 +++ unset nodad +++ N=24 +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 10.167.2.2 (10.167.2.2) from 10.167.1.1 c_r: 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=1.47 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.367 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.332 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.302 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.314 ms --- 10.167.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 822ms rtt min/avg/max/mdev = 0.302/0.557/1.473/0.458 ms PING 10.167.1.1 (10.167.1.1) from 10.167.2.2 s_r: 56(84) bytes of data. 64 bytes from 10.167.1.1: icmp_seq=1 ttl=63 time=0.361 ms 64 bytes from 10.167.1.1: icmp_seq=2 ttl=63 time=16.6 ms 64 bytes from 10.167.1.1: icmp_seq=3 ttl=63 time=0.300 ms 64 bytes from 10.167.1.1: icmp_seq=4 ttl=63 time=0.339 ms 64 bytes from 10.167.1.1: icmp_seq=5 ttl=63 time=0.455 ms --- 10.167.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 818ms rtt min/avg/max/mdev = 0.300/3.616/16.625/6.504 ms :: [ 00:54:04 ] :: [ PASS ] :: ipv4 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv4) ** Forward-ipv4 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:54:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip filter' :: [ 00:54:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip filter' (Expected 0, got 0) :: [ 00:54:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 00:54:13 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:54:14 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.409 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.409/0.409/0.409/0.000 ms :: [ 00:54:14 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:54:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter prerouting' :: [ 00:54:15 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 00:54:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 00:54:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:54:17 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:54:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:54:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter prerouting' :: [ 00:54:19 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 00:54:20 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 00:54:20 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:54:20 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.393 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.393/0.393/0.393/0.000 ms :: [ 00:54:21 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:54:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter input' :: [ 00:54:22 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter input' (Expected 0, got 0) :: [ 00:54:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 00:54:22 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:54:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:54:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:54:25 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter input' :: [ 00:54:25 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter input' (Expected 0, got 0) :: [ 00:54:26 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 00:54:26 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:54:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.286 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.286/0.286/0.286/0.000 ms :: [ 00:54:27 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:54:27 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter output' :: [ 00:54:28 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter output' (Expected 0, got 0) :: [ 00:54:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 00:54:29 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:54:29 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:54:31 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:54:31 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter output' :: [ 00:54:32 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter output' (Expected 0, got 0) :: [ 00:54:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 00:54:32 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:54:33 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.306 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.306/0.306/0.306/0.000 ms :: [ 00:54:33 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:54:34 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter postrouting' :: [ 00:54:34 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 00:54:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 00:54:35 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:54:36 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:54:37 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:54:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter postrouting' :: [ 00:54:38 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 00:54:38 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.286 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.319 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.329 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.315 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.322 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.319 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.373 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.323 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.368 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.386 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.391 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=11.2 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.508 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.286 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.348 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.337 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.333 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.309 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.386 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.414 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.408 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.375 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.394 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.388 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.372 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.377 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.381 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.374 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.607 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.723 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6015ms rtt min/avg/max/mdev = 0.286/0.742/11.214/1.946 ms :: [ 00:54:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 00:54:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip filter' :: [ 00:54:46 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 34s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 policy test input/output path) ** nftables-ip-family-ipv4-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:54:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip filter' :: [ 00:54:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip filter' (Expected 0, got 0) :: [ 00:54:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 00:54:56 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:54:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.355 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.355/0.355/0.355/0.000 ms :: [ 00:54:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:54:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter prerouting' :: [ 00:54:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 00:54:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 00:54:58 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:54:59 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:55:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:55:01 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter prerouting' :: [ 00:55:02 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 00:55:02 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 00:55:02 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:55:03 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.305 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.305/0.305/0.305/0.000 ms :: [ 00:55:03 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:55:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter forward' :: [ 00:55:04 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter forward' (Expected 0, got 0) :: [ 00:55:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 00:55:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:55:06 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:55:07 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:55:07 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter forward' :: [ 00:55:08 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter forward' (Expected 0, got 0) :: [ 00:55:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 00:55:09 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:55:09 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.285 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.285/0.285/0.285/0.000 ms :: [ 00:55:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:55:10 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter postrouting' :: [ 00:55:10 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 00:55:11 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 00:55:11 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:55:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:55:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:55:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter postrouting' :: [ 00:55:14 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 00:55:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.333 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.300 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.388 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.335 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.327 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.363 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.320 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.300 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.318 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.376 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.328 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.307 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.304 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.313 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.294 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.317 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.304 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.293 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.309 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.559 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=14.4 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.264 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.269 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.266 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.254 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.250 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.262 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.279 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.261 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.266 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6019ms rtt min/avg/max/mdev = 0.250/0.783/14.446/2.537 ms :: [ 00:55:21 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 00:55:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip filter' :: [ 00:55:22 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 28s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 policy test forward path) ** nftables-ip-family-ipv4-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:55:31 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip filter' :: [ 00:55:31 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip filter' (Expected 0, got 0) :: [ 00:55:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 00:55:32 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 00:55:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' :: [ 00:55:33 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 00:55:34 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' :: [ 00:55:34 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 00:55:34 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.317 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.317/0.317/0.317/0.000 ms :: [ 00:55:35 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:55:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 00:55:36 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:55:36 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:55:36 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:55:37 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' :: [ 00:55:37 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 00:55:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' :: [ 00:55:38 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 00:55:39 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:55:40 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:55:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 00:55:41 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:55:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:55:42 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:55:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 00:55:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 00:55:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter return' :: [ 00:55:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter return' (Expected 0, got 0) :: [ 00:55:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' :: [ 00:55:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 00:55:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter jump test' :: [ 00:55:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 00:55:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' :: [ 00:55:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 00:55:47 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:55:48 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:55:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 00:55:49 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:55:50 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:55:50 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:55:50 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter prerouting' :: [ 00:55:51 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 00:55:51 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; }' :: [ 00:55:52 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 00:55:52 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' :: [ 00:55:52 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 00:55:53 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' :: [ 00:55:53 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 00:55:54 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.371 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.371/0.371/0.371/0.000 ms :: [ 00:55:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:55:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 00:55:55 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:55:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:55:56 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:55:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' :: [ 00:55:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 00:55:57 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' :: [ 00:55:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 00:55:58 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:56:00 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:56:00 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 00:56:00 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:01 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:02 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 00:56:02 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 00:56:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter return' :: [ 00:56:03 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter return' (Expected 0, got 0) :: [ 00:56:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' :: [ 00:56:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter jump test' :: [ 00:56:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 00:56:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' :: [ 00:56:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:06 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:56:07 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:56:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } } :: [ 00:56:08 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter input' :: [ 00:56:10 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter input' (Expected 0, got 0) :: [ 00:56:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; }' :: [ 00:56:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 00:56:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' :: [ 00:56:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' :: [ 00:56:12 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:13 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.368 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.368/0.368/0.368/0.000 ms :: [ 00:56:13 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:56:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 00:56:14 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:15 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' :: [ 00:56:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' :: [ 00:56:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:17 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:56:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:56:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 00:56:19 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:20 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:20 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 00:56:21 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 00:56:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter return' :: [ 00:56:22 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter return' (Expected 0, got 0) :: [ 00:56:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' :: [ 00:56:23 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter jump test' :: [ 00:56:23 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 00:56:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' :: [ 00:56:24 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:25 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:56:26 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:56:27 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 00:56:27 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:28 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter output' :: [ 00:56:29 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter output' (Expected 0, got 0) :: [ 00:56:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 00:56:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 00:56:30 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' :: [ 00:56:31 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:31 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' :: [ 00:56:31 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:32 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.324 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms :: [ 00:56:32 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:56:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 00:56:33 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:34 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:34 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' :: [ 00:56:35 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' :: [ 00:56:35 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:36 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:56:38 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:56:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 00:56:38 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:39 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:39 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:40 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip filter test' :: [ 00:56:40 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip filter test' (Expected 0, got 0) :: [ 00:56:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter return' :: [ 00:56:41 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter return' (Expected 0, got 0) :: [ 00:56:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' :: [ 00:56:42 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 00:56:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter jump test' :: [ 00:56:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 00:56:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' :: [ 00:56:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 00:56:44 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:56:46 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:56:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 00:56:46 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 00:56:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip filter' :: [ 00:56:47 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip filter' (Expected 0, got 0) :: [ 00:56:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip filter postrouting' :: [ 00:56:48 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 00:56:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip filter' :: [ 00:56:49 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 78s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 basic action test input/output path) ** nftables-ip-family-ipv4-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip family ipv4 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:56:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip filter' :: [ 00:56:59 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip filter' (Expected 0, got 0) :: [ 00:57:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 00:57:00 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 00:57:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' :: [ 00:57:01 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 00:57:01 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' :: [ 00:57:02 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 00:57:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.345 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.345/0.345/0.345/0.000 ms :: [ 00:57:02 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:57:03 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 00:57:03 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:04 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' :: [ 00:57:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 00:57:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' :: [ 00:57:06 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 00:57:07 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:57:08 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:57:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 00:57:09 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:09 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:10 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:10 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter test' :: [ 00:57:11 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter test' (Expected 0, got 0) :: [ 00:57:11 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c counter return' :: [ 00:57:11 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c counter return' (Expected 0, got 0) :: [ 00:57:12 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c counter accept' :: [ 00:57:12 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 00:57:13 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter jump test' :: [ 00:57:13 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 00:57:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' :: [ 00:57:14 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 00:57:15 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 9ms :: [ 00:57:16 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:57:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 jump test iifname "r_c" counter packets 1 bytes 84 drop } chain test { iifname "r_c" counter packets 1 bytes 84 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 00:57:17 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:18 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter prerouting' :: [ 00:57:19 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter prerouting' (Expected 0, got 0) :: [ 00:57:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; }' :: [ 00:57:19 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 00:57:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' :: [ 00:57:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 00:57:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' :: [ 00:57:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 00:57:22 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.391 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.391/0.391/0.391/0.000 ms :: [ 00:57:22 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:57:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 00:57:23 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' :: [ 00:57:24 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 00:57:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' :: [ 00:57:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 00:57:26 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:57:27 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:57:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 00:57:28 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:29 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:30 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter test' :: [ 00:57:30 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter test' (Expected 0, got 0) :: [ 00:57:30 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter return' :: [ 00:57:31 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 00:57:31 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter accept' :: [ 00:57:32 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 00:57:32 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter jump test' :: [ 00:57:32 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 00:57:33 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' :: [ 00:57:33 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 00:57:34 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:57:35 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:57:36 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 84 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 00:57:36 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:37 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:37 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:37 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter forward' :: [ 00:57:38 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter forward' (Expected 0, got 0) :: [ 00:57:38 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 00:57:39 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 00:57:39 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' :: [ 00:57:39 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 00:57:40 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' :: [ 00:57:40 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 00:57:41 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.311 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.311/0.311/0.311/0.000 ms :: [ 00:57:41 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:57:41 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 00:57:42 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:42 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:43 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:43 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' :: [ 00:57:43 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 00:57:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' :: [ 00:57:44 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 00:57:45 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:57:47 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:57:47 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 00:57:47 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:48 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:48 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:49 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip filter test' :: [ 00:57:49 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip filter test' (Expected 0, got 0) :: [ 00:57:50 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test oifname r_s counter return' :: [ 00:57:50 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test oifname r_s counter return' (Expected 0, got 0) :: [ 00:57:50 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter test oifname r_s counter accept' :: [ 00:57:51 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 00:57:51 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter jump test' :: [ 00:57:52 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 00:57:52 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' :: [ 00:57:53 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 00:57:53 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:57:55 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:57:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip filter { chain test { oifname "r_s" counter packets 1 bytes 84 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 jump test oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 00:57:56 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 00:57:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip filter' :: [ 00:57:56 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip filter' (Expected 0, got 0) :: [ 00:57:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip filter postrouting' :: [ 00:57:57 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip filter postrouting' (Expected 0, got 0) :: [ 00:57:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip filter' :: [ 00:57:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 61s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables ip family ipv4 basic action test forward path) ** nftables-ip-family-ipv4-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:58:07 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 00:59:18 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 71s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:59:27 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 00:59:27 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ..done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1363s :: Phases: 14 good, 0 bad :: OVERALL RESULT: PASS (unknown) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv4 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:59:31 ] :: [ BEGIN ] :: ipv4 topo init done... :: actually running 'do_setup ipv4' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv4x == \i\p\v\6\x ]] +++ [[ ipv4x == \i\p\v\4\x ]] +++ ip netns exec router sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 +++ ip_c=10.167.1.1 +++ ip_s=10.167.2.2 +++ ip_rc=10.167.1.254 +++ ip_rs=10.167.2.254 +++ unset nodad +++ N=24 +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 10.167.2.2 (10.167.2.2) from 10.167.1.1 c_r: 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=1.44 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.363 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.345 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.342 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.335 ms --- 10.167.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 822ms rtt min/avg/max/mdev = 0.335/0.565/1.441/0.437 ms PING 10.167.1.1 (10.167.1.1) from 10.167.2.2 s_r: 56(84) bytes of data. 64 bytes from 10.167.1.1: icmp_seq=1 ttl=63 time=0.375 ms 64 bytes from 10.167.1.1: icmp_seq=2 ttl=63 time=0.365 ms 64 bytes from 10.167.1.1: icmp_seq=3 ttl=63 time=0.333 ms 64 bytes from 10.167.1.1: icmp_seq=4 ttl=63 time=0.400 ms 64 bytes from 10.167.1.1: icmp_seq=5 ttl=63 time=0.389 ms --- 10.167.1.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 828ms rtt min/avg/max/mdev = 0.333/0.372/0.400/0.023 ms :: [ 00:59:37 ] :: [ PASS ] :: ipv4 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv4) ** Forward-ipv4 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 00:59:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 00:59:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 00:59:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 00:59:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:59:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.291 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms :: [ 00:59:47 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:59:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 00:59:48 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 00:59:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 00:59:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:59:50 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:59:51 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:59:52 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 00:59:52 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 00:59:53 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 00:59:53 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 00:59:53 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.383 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.383/0.383/0.383/0.000 ms :: [ 00:59:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 00:59:54 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 00:59:55 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 00:59:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 00:59:55 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 00:59:56 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 00:59:57 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 00:59:58 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 00:59:58 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 00:59:59 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 00:59:59 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:00:00 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.291 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms :: [ 01:00:00 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:00:00 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 01:00:01 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 01:00:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 01:00:01 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:00:02 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:00:04 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:00:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 01:00:04 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 01:00:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 01:00:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:00:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.293 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms :: [ 01:00:06 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:00:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 01:00:07 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:00:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 01:00:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:00:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:00:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:00:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 01:00:11 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:00:11 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.339 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.327 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.342 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.339 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.337 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.332 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.332 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.333 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.330 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.334 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.348 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.329 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.343 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.329 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.340 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.356 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.336 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.354 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.347 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.322 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.339 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.328 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.358 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.336 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.352 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.321 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.341 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.339 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.338 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.361 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6031ms rtt min/avg/max/mdev = 0.321/0.338/0.361/0.010 ms :: [ 01:00:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 01:00:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 01:00:18 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 34s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 policy test input/output path) ** nftables-inet-family-ipv4-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:00:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 01:00:28 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 01:00:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 01:00:29 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:00:29 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.409 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.409/0.409/0.409/0.000 ms :: [ 01:00:29 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:00:30 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 01:00:30 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:00:31 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 01:00:31 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:00:32 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:00:33 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:00:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 01:00:34 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:00:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 01:00:35 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:00:35 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.293 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms :: [ 01:00:36 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:00:36 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 01:00:36 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 01:00:37 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 01:00:37 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:00:38 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:00:39 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:00:40 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 01:00:40 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 01:00:41 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 01:00:41 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:00:42 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.285 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.285/0.285/0.285/0.000 ms :: [ 01:00:42 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:00:42 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 01:00:43 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:00:43 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 01:00:44 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:00:44 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:00:46 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:00:46 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 01:00:47 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:00:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.358 ms 64 bytes from 10.167.2.2: icmp_seq=2 ttl=63 time=0.298 ms 64 bytes from 10.167.2.2: icmp_seq=3 ttl=63 time=0.560 ms 64 bytes from 10.167.2.2: icmp_seq=4 ttl=63 time=0.523 ms 64 bytes from 10.167.2.2: icmp_seq=5 ttl=63 time=0.331 ms 64 bytes from 10.167.2.2: icmp_seq=6 ttl=63 time=0.431 ms 64 bytes from 10.167.2.2: icmp_seq=7 ttl=63 time=0.336 ms 64 bytes from 10.167.2.2: icmp_seq=8 ttl=63 time=0.303 ms 64 bytes from 10.167.2.2: icmp_seq=9 ttl=63 time=0.429 ms 64 bytes from 10.167.2.2: icmp_seq=10 ttl=63 time=0.359 ms 64 bytes from 10.167.2.2: icmp_seq=11 ttl=63 time=0.325 ms 64 bytes from 10.167.2.2: icmp_seq=12 ttl=63 time=0.326 ms 64 bytes from 10.167.2.2: icmp_seq=13 ttl=63 time=0.597 ms 64 bytes from 10.167.2.2: icmp_seq=14 ttl=63 time=0.529 ms 64 bytes from 10.167.2.2: icmp_seq=15 ttl=63 time=0.330 ms 64 bytes from 10.167.2.2: icmp_seq=16 ttl=63 time=0.560 ms 64 bytes from 10.167.2.2: icmp_seq=17 ttl=63 time=0.520 ms 64 bytes from 10.167.2.2: icmp_seq=18 ttl=63 time=0.452 ms 64 bytes from 10.167.2.2: icmp_seq=19 ttl=63 time=0.369 ms 64 bytes from 10.167.2.2: icmp_seq=20 ttl=63 time=0.321 ms 64 bytes from 10.167.2.2: icmp_seq=21 ttl=63 time=0.328 ms 64 bytes from 10.167.2.2: icmp_seq=22 ttl=63 time=0.338 ms 64 bytes from 10.167.2.2: icmp_seq=23 ttl=63 time=0.340 ms 64 bytes from 10.167.2.2: icmp_seq=24 ttl=63 time=0.361 ms 64 bytes from 10.167.2.2: icmp_seq=25 ttl=63 time=0.334 ms 64 bytes from 10.167.2.2: icmp_seq=26 ttl=63 time=0.326 ms 64 bytes from 10.167.2.2: icmp_seq=27 ttl=63 time=0.345 ms 64 bytes from 10.167.2.2: icmp_seq=28 ttl=63 time=0.329 ms 64 bytes from 10.167.2.2: icmp_seq=29 ttl=63 time=0.326 ms 64 bytes from 10.167.2.2: icmp_seq=30 ttl=63 time=0.338 ms --- 10.167.2.2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6024ms rtt min/avg/max/mdev = 0.298/0.387/0.597/0.088 ms :: [ 01:00:54 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 01:00:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 01:00:54 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 28s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 policy test forward path) ** nftables-inet-family-ipv4-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:01:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 01:01:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 01:01:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 01:01:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 01:01:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 01:01:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 01:01:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.381 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.381/0.381/0.381/0.000 ms :: [ 01:01:08 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:01:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:01:08 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:09 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 01:01:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:11 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 01:01:11 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:01:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:01:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:01:14 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:15 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:01:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:01:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 01:01:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 01:01:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 01:01:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' :: [ 01:01:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 01:01:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 01:01:19 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:20 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:01:21 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:01:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:01:22 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:23 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 01:01:24 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:01:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' :: [ 01:01:25 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 01:01:25 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 01:01:26 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:26 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 01:01:26 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.360 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms :: [ 01:01:27 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:01:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:01:28 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:29 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:30 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 01:01:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:30 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 01:01:31 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:32 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:01:33 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:01:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:01:34 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:34 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:35 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:01:35 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:01:36 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 01:01:36 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 01:01:37 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 01:01:37 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:37 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' :: [ 01:01:38 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 01:01:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 01:01:39 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:39 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:01:41 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:01:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { iifname "s_r" counter packets 1 bytes 84 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 84 jump test iifname "s_r" counter packets 1 bytes 84 drop } } :: [ 01:01:42 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:42 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 01:01:43 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 01:01:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' :: [ 01:01:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 01:01:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 01:01:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 01:01:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.315 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.315/0.315/0.315/0.000 ms :: [ 01:01:47 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:01:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:01:47 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:48 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 01:01:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:50 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 01:01:50 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:51 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:01:52 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:01:53 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:01:53 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:01:54 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:01:54 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:01:54 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:01:55 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:01:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 01:01:56 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 01:01:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 01:01:56 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 01:01:57 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' :: [ 01:01:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 01:01:58 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 01:01:58 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:01:59 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:02:00 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:02:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 01:02:01 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:02:02 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:02:02 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 01:02:03 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 01:02:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 01:02:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 01:02:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 01:02:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 01:02:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 01:02:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:02:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.361 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms :: [ 01:02:06 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:02:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:02:07 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:02:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:02:08 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 01:02:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:02:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 01:02:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 01:02:10 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:02:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:02:12 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:02:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:02:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:02:13 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:02:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:02:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 01:02:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 01:02:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 01:02:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 01:02:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' :: [ 01:02:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 01:02:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 01:02:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:02:19 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:02:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:02:20 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 1 bytes 84 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 84 jump test oifname "s_r" counter packets 1 bytes 84 drop } } :: [ 01:02:21 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:02:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:02:22 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 01:02:23 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:02:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 01:02:23 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 80s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 basic action test input/output path) ** nftables-inet-family-ipv4-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv4 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:02:33 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 01:02:33 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 01:02:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 01:02:34 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 01:02:35 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 01:02:35 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 01:02:35 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 01:02:36 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:02:36 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.374 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.374/0.374/0.374/0.000 ms :: [ 01:02:36 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:02:37 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 01:02:37 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:02:38 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:02:38 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:39 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 01:02:39 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:02:40 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 01:02:40 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 01:02:41 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:02:42 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:02:43 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 01:02:43 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:02:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:02:44 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 01:02:45 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 01:02:45 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter return' :: [ 01:02:46 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter return' (Expected 0, got 0) :: [ 01:02:46 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' :: [ 01:02:46 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 01:02:47 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' :: [ 01:02:47 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 01:02:48 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 01:02:48 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:02:49 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:02:50 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:02:51 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 84 jump test iifname "r_c" counter packets 1 bytes 84 drop } chain test { iifname "r_c" counter packets 1 bytes 84 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 01:02:51 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:02:52 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:02:52 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:53 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 01:02:53 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:02:53 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' :: [ 01:02:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 01:02:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 01:02:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:02:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 01:02:56 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:02:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.325 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.325/0.325/0.325/0.000 ms :: [ 01:02:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:02:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 01:02:57 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:02:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:02:58 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:02:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 01:02:59 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:03:00 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 01:03:00 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:03:01 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:03:02 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:03:03 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 01:03:03 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:03:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:03:04 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:03:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 01:03:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 01:03:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' :: [ 01:03:06 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 01:03:06 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' :: [ 01:03:07 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:03:07 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' :: [ 01:03:08 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 01:03:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 01:03:08 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:03:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:03:11 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:03:11 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 84 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 84 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 01:03:11 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:03:12 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:03:12 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:03:13 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 01:03:13 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 01:03:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 01:03:14 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 01:03:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 01:03:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 01:03:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 01:03:16 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:03:16 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -4 10.167.2.2 -c1' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. 64 bytes from 10.167.2.2: icmp_seq=1 ttl=63 time=0.363 ms --- 10.167.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.363/0.363/0.363/0.000 ms :: [ 01:03:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -4 10.167.2.2 -c1' (Expected 0, got 0) :: [ 01:03:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 01:03:18 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:03:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:03:18 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:03:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 01:03:19 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:03:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 01:03:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 01:03:21 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:03:23 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:03:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 01:03:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:03:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:03:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:03:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 01:03:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 01:03:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter return' :: [ 01:03:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter return' (Expected 0, got 0) :: [ 01:03:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' :: [ 01:03:27 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 01:03:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' :: [ 01:03:28 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 01:03:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 01:03:29 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:03:30 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -4 10.167.2.2 -c1 -W 1 ' PING 10.167.2.2 (10.167.2.2) 56(84) bytes of data. --- 10.167.2.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:03:31 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:03:32 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { oifname "r_s" counter packets 1 bytes 84 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 84 jump test oifname "r_s" counter packets 1 bytes 84 drop } } :: [ 01:03:32 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:03:33 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:03:33 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:03:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 01:03:34 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:03:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 01:03:35 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 63s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables inet family ipv4 basic action test forward path) ** nftables-inet-family-ipv4-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:03:45 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 01:04:55 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 72s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:05:04 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 01:05:05 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ...done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1701s :: Phases: 20 good, 0 bad :: OVERALL RESULT: PASS (unknown) PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.249 ms --- ::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.249/0.249/0.249/0.000 ms :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:05:08 ] :: [ BEGIN ] :: ipv6 topo init done... :: actually running 'do_setup ipv6' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv6x == \i\p\v\6\x ]] +++ ip netns exec router sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 +++ ip_c=2001:db8:ffff:21::1 +++ ip_s=2001:db8:ffff:22::2 +++ ip_rc=2001:db8:ffff:21::fffe +++ ip_rs=2001:db8:ffff:22::fffe +++ N=64 +++ nodad=nodad +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=2.63 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.451 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.419 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.814 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.520 ms --- 2001:db8:ffff:22::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 811ms rtt min/avg/max/mdev = 0.419/0.966/2.628/0.842 ms PING 2001:db8:ffff:21::1(2001:db8:ffff:21::1) from 2001:db8:ffff:22::2 s_r: 56 data bytes 64 bytes from 2001:db8:ffff:21::1: icmp_seq=1 ttl=63 time=0.449 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=2 ttl=63 time=0.514 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=3 ttl=63 time=0.616 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=4 ttl=63 time=0.625 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=5 ttl=63 time=0.501 ms --- 2001:db8:ffff:21::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 820ms rtt min/avg/max/mdev = 0.449/0.541/0.625/0.068 ms :: [ 01:05:14 ] :: [ PASS ] :: ipv6 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv6) ** Forward-ipv6 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:05:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip6 filter' :: [ 01:05:23 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip6 filter' (Expected 0, got 0) :: [ 01:05:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 01:05:24 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:05:24 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.320 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.320/0.320/0.320/0.000 ms :: [ 01:05:25 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:05:25 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter prerouting' :: [ 01:05:25 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 01:05:26 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 01:05:26 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:05:27 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:05:29 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:05:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter prerouting' :: [ 01:05:29 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 01:05:30 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 01:05:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:05:31 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.491 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.491/0.491/0.491/0.000 ms :: [ 01:05:31 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:05:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter input' :: [ 01:05:32 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter input' (Expected 0, got 0) :: [ 01:05:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 01:05:33 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:05:34 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:05:35 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:05:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter input' :: [ 01:05:36 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter input' (Expected 0, got 0) :: [ 01:05:36 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 01:05:37 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:05:37 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.371 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.371/0.371/0.371/0.000 ms :: [ 01:05:38 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:05:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter output' :: [ 01:05:38 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter output' (Expected 0, got 0) :: [ 01:05:39 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 01:05:39 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:05:40 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:05:41 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:05:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter output' :: [ 01:05:42 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter output' (Expected 0, got 0) :: [ 01:05:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 01:05:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:05:44 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.335 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.335/0.335/0.335/0.000 ms :: [ 01:05:44 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:05:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter postrouting' :: [ 01:05:45 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 01:05:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 01:05:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:05:47 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:05:48 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:05:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter postrouting' :: [ 01:05:49 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 01:05:49 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.340 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.619 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.542 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.477 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.660 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.386 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.670 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.776 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.629 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.461 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.708 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.757 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.577 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.439 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.500 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.412 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.548 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.392 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.463 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.461 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.489 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.497 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.708 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.603 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.641 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.391 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.377 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.372 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.447 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.798 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 5979ms rtt min/avg/max/mdev = 0.340/0.538/0.798/0.130 ms :: [ 01:05:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 01:05:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip6 filter' :: [ 01:05:57 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 35s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 policy test input/output path) ** nftables-ip6-family-ipv6-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:06:06 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip6 filter' :: [ 01:06:06 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip6 filter' (Expected 0, got 0) :: [ 01:06:06 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 01:06:07 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:06:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.379 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.379/0.379/0.379/0.000 ms :: [ 01:06:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:06:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter prerouting' :: [ 01:06:08 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 01:06:09 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 01:06:09 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:06:10 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:06:11 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:06:12 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter prerouting' :: [ 01:06:12 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 01:06:13 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 01:06:13 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:06:13 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.475 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.475/0.475/0.475/0.000 ms :: [ 01:06:14 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:06:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter forward' :: [ 01:06:15 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter forward' (Expected 0, got 0) :: [ 01:06:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 01:06:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:06:16 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:06:18 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:06:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter forward' :: [ 01:06:18 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter forward' (Expected 0, got 0) :: [ 01:06:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 01:06:19 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:06:20 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.334 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.334/0.334/0.334/0.000 ms :: [ 01:06:20 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:06:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter postrouting' :: [ 01:06:21 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 01:06:21 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 01:06:22 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:06:23 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:06:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:06:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter postrouting' :: [ 01:06:25 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 01:06:25 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.329 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.405 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.565 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.414 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.511 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.886 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.760 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.517 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.694 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.551 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.421 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.367 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.379 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.599 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.639 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.560 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.712 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.652 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.367 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.423 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.522 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.640 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.466 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.624 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.691 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.836 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.766 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.671 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.811 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.353 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 5947ms rtt min/avg/max/mdev = 0.329/0.571/0.886/0.155 ms :: [ 01:06:32 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 01:06:32 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip6 filter' :: [ 01:06:33 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 28s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 policy test forward path) ** nftables-ip6-family-ipv6-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:06:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table ip6 filter' :: [ 01:06:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add table ip6 filter' (Expected 0, got 0) :: [ 01:06:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 01:06:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 01:06:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' :: [ 01:06:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 01:06:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' :: [ 01:06:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:06:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.429 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.429/0.429/0.429/0.000 ms :: [ 01:06:46 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:06:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:06:47 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:06:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:06:48 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:06:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' :: [ 01:06:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:06:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' :: [ 01:06:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 01:06:50 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:06:52 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:06:52 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:06:53 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:06:53 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:06:54 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:06:54 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 01:06:55 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:06:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' :: [ 01:06:55 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' (Expected 0, got 0) :: [ 01:06:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' :: [ 01:06:56 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 01:06:57 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter jump test' :: [ 01:06:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 01:06:58 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' :: [ 01:06:58 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:06:59 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:07:00 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:07:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:07:01 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:02 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:02 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:02 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter prerouting' :: [ 01:07:03 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 01:07:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; }' :: [ 01:07:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 01:07:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' :: [ 01:07:05 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' :: [ 01:07:06 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:06 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.366 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.366/0.366/0.366/0.000 ms :: [ 01:07:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:07:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:07:08 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:08 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' :: [ 01:07:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' :: [ 01:07:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:07:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:07:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 3 bytes 232 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:07:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:14 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 01:07:15 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:07:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' :: [ 01:07:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter return' (Expected 0, got 0) :: [ 01:07:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' :: [ 01:07:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter jump test' :: [ 01:07:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 01:07:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' :: [ 01:07:18 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:19 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:07:20 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:07:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } } :: [ 01:07:21 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:22 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter input' :: [ 01:07:23 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter input' (Expected 0, got 0) :: [ 01:07:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; }' :: [ 01:07:24 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 01:07:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' :: [ 01:07:25 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:25 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' :: [ 01:07:26 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:26 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=1.42 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.422/1.422/1.422/0.000 ms :: [ 01:07:26 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:07:27 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 2 bytes 176 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:07:27 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:28 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' :: [ 01:07:29 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' :: [ 01:07:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:31 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:07:32 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:07:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:07:33 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:34 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:34 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 01:07:35 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:07:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' :: [ 01:07:36 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' (Expected 0, got 0) :: [ 01:07:36 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' :: [ 01:07:37 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:37 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter jump test' :: [ 01:07:37 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 01:07:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' :: [ 01:07:38 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:39 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:07:40 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:07:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { oifname "s_r" counter packets 1 bytes 104 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 jump test oifname "s_r" counter packets 1 bytes 104 drop } } :: [ 01:07:41 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:42 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter output' :: [ 01:07:43 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter output' (Expected 0, got 0) :: [ 01:07:44 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 01:07:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 01:07:45 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' :: [ 01:07:45 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' :: [ 01:07:46 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:46 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.345 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.345/0.345/0.345/0.000 ms :: [ 01:07:47 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:07:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:07:48 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:49 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' :: [ 01:07:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:07:50 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' :: [ 01:07:50 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:51 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:07:52 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:07:53 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:07:53 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:07:54 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:07:54 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:07:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain ip6 filter test' :: [ 01:07:55 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:07:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' :: [ 01:07:56 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter return' (Expected 0, got 0) :: [ 01:07:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' :: [ 01:07:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 01:07:57 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter jump test' :: [ 01:07:58 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 01:07:58 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' :: [ 01:07:59 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule ip6 filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:08:00 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:08:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:08:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table ip6 filter { chain test { oifname "s_r" counter packets 1 bytes 104 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 jump test oifname "s_r" counter packets 1 bytes 104 drop } } :: [ 01:08:02 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:08:02 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table ip6 filter' :: [ 01:08:02 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain ip6 filter postrouting' :: [ 01:08:03 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 01:08:04 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table ip6 filter' :: [ 01:08:04 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 83s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 basic action test input/output path) ** nftables-ip6-family-ipv6-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables ip6 family ipv6 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:08:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table ip6 filter' :: [ 01:08:14 ] :: [ PASS ] :: Command 'ip netns exec router nft add table ip6 filter' (Expected 0, got 0) :: [ 01:08:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 01:08:15 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 01:08:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' :: [ 01:08:16 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 01:08:16 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' :: [ 01:08:16 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:08:17 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.411 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.411/0.411/0.411/0.000 ms :: [ 01:08:17 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:08:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 01:08:18 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:19 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' :: [ 01:08:20 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:08:20 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' :: [ 01:08:21 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 01:08:21 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:08:23 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:08:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 3 bytes 248 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 01:08:24 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:24 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter test' :: [ 01:08:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:08:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c counter return' :: [ 01:08:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c counter return' (Expected 0, got 0) :: [ 01:08:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c counter accept' :: [ 01:08:27 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 01:08:27 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter jump test' :: [ 01:08:28 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 01:08:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' :: [ 01:08:29 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:08:29 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:08:31 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:08:31 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 2 bytes 144 jump test iifname "r_c" counter packets 2 bytes 144 drop } chain test { iifname "r_c" counter packets 2 bytes 144 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 01:08:32 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:32 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:32 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:33 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter prerouting' :: [ 01:08:33 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter prerouting' (Expected 0, got 0) :: [ 01:08:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; }' :: [ 01:08:34 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 01:08:35 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' :: [ 01:08:35 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:08:35 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' :: [ 01:08:36 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:08:36 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.944 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.944/0.944/0.944/0.000 ms :: [ 01:08:37 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:08:37 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 01:08:38 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:38 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:38 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:39 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' :: [ 01:08:39 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:08:40 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' :: [ 01:08:40 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:08:41 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:08:42 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:08:43 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 01:08:43 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:44 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:45 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter test' :: [ 01:08:45 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:08:46 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter return' :: [ 01:08:46 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 01:08:46 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter accept' :: [ 01:08:47 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:08:47 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter jump test' :: [ 01:08:48 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 01:08:48 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' :: [ 01:08:48 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:08:49 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:08:50 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:08:51 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 104 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop } } :: [ 01:08:51 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:52 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:52 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:53 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter forward' :: [ 01:08:53 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter forward' (Expected 0, got 0) :: [ 01:08:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 01:08:54 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 01:08:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' :: [ 01:08:55 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 01:08:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' :: [ 01:08:56 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:08:56 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.402 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.402/0.402/0.402/0.000 ms :: [ 01:08:56 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:08:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 01:08:57 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:08:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:08:58 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:08:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' :: [ 01:08:59 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:08:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' :: [ 01:09:00 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 01:09:01 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:09:02 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:09:02 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 01:09:03 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:09:03 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:09:04 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:09:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain ip6 filter test' :: [ 01:09:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain ip6 filter test' (Expected 0, got 0) :: [ 01:09:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test oifname r_s counter return' :: [ 01:09:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test oifname r_s counter return' (Expected 0, got 0) :: [ 01:09:06 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter test oifname r_s counter accept' :: [ 01:09:06 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 01:09:07 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter jump test' :: [ 01:09:07 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 01:09:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' :: [ 01:09:08 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule ip6 filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:09:09 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:09:10 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:09:11 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table ip6 filter { chain test { oifname "r_s" counter packets 1 bytes 104 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 jump test oifname "r_s" counter packets 1 bytes 104 drop } } :: [ 01:09:11 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:09:12 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table ip6 filter' :: [ 01:09:12 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table ip6 filter' (Expected 0, got 0) :: [ 01:09:12 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain ip6 filter postrouting' :: [ 01:09:13 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain ip6 filter postrouting' (Expected 0, got 0) :: [ 01:09:13 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table ip6 filter' :: [ 01:09:14 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table ip6 filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 61s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables ip6 family ipv6 basic action test forward path) ** nftables-ip6-family-ipv6-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:09:23 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 01:10:33 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 70s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:10:42 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 01:10:42 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ...done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2038s :: Phases: 26 good, 0 bad :: OVERALL RESULT: PASS (unknown) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Forward ipv6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:10:46 ] :: [ BEGIN ] :: ipv6 topo init done... :: actually running 'do_setup ipv6' +++ do_clean +++ for ns in client router server +++ ip netns +++ grep client +++ for ns in client router server +++ ip netns +++ grep router +++ for ns in client router server +++ ip netns +++ grep server +++ local i +++ for i in client router server +++ ip netns add client +++ for i in client router server +++ ip netns add router +++ for i in client router server +++ ip netns add server +++ [[ ipv6x == \i\p\v\6\x ]] +++ ip netns exec router sysctl -w net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.forwarding = 1 +++ ip_c=2001:db8:ffff:21::1 +++ ip_s=2001:db8:ffff:22::2 +++ ip_rc=2001:db8:ffff:21::fffe +++ ip_rs=2001:db8:ffff:22::fffe +++ N=64 +++ nodad=nodad +++ ip -d -n router -b /dev/stdin +++ ip -d -n server -b /dev/stdin +++ ip -d -n client -b /dev/stdin +++ sleep 2 +++ set +x PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) from 2001:db8:ffff:21::1 c_r: 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=2.60 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.447 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.404 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.383 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.423 ms --- 2001:db8:ffff:22::2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 823ms rtt min/avg/max/mdev = 0.383/0.850/2.595/0.872 ms PING 2001:db8:ffff:21::1(2001:db8:ffff:21::1) from 2001:db8:ffff:22::2 s_r: 56 data bytes 64 bytes from 2001:db8:ffff:21::1: icmp_seq=1 ttl=63 time=0.516 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=2 ttl=63 time=0.438 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=3 ttl=63 time=0.443 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=4 ttl=63 time=12.7 ms 64 bytes from 2001:db8:ffff:21::1: icmp_seq=5 ttl=63 time=0.427 ms --- 2001:db8:ffff:21::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 823ms rtt min/avg/max/mdev = 0.427/2.903/12.693/4.894 ms :: [ 01:10:52 ] :: [ PASS ] :: ipv6 topo init done... (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 7s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Forward ipv6) ** Forward-ipv6 PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 policy test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:11:00 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 01:11:00 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 01:11:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 01:11:01 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.508 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.508/0.508/0.508/0.000 ms :: [ 01:11:02 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 01:11:03 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:11:03 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 01:11:04 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:11:05 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:11:06 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:11:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 01:11:07 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:11:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' :: [ 01:11:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:08 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.353 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms :: [ 01:11:08 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 01:11:09 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 01:11:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' :: [ 01:11:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:11:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:11:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:11:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 01:11:13 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 01:11:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' :: [ 01:11:14 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:15 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.477 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.477/0.477/0.477/0.000 ms :: [ 01:11:15 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 01:11:16 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 01:11:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' :: [ 01:11:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:11:18 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:11:19 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:11:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 01:11:20 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 01:11:20 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 01:11:21 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.452 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.452/0.452/0.452/0.000 ms :: [ 01:11:21 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 01:11:22 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:11:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 01:11:23 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:11:24 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:11:25 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:11:26 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 01:11:26 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:11:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.370 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.466 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=0.362 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.399 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.447 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.450 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.474 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.457 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.383 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.379 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.422 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.440 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.449 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.472 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.390 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.368 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.791 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.910 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.824 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.706 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.823 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.757 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.832 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.624 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.806 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.804 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.662 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.666 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=27.1 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.734 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 5934ms rtt min/avg/max/mdev = 0.362/1.459/27.127/4.769 ms :: [ 01:11:33 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 01:11:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 01:11:34 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 34s :: Assertions: 27 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 policy test input/output path) ** nftables-inet-family-ipv6-policy-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 policy test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:11:43 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 01:11:43 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 01:11:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' :: [ 01:11:44 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:45 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.461 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.461/0.461/0.461/0.000 ms :: [ 01:11:45 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:45 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 01:11:46 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:11:46 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' :: [ 01:11:47 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:11:47 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:11:49 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:11:49 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 01:11:50 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:11:50 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' :: [ 01:11:50 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:51 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.340 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.340/0.340/0.340/0.000 ms :: [ 01:11:51 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:52 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 01:11:52 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 01:11:53 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' :: [ 01:11:53 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:11:54 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:11:55 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:11:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 01:11:56 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 01:11:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' :: [ 01:11:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy accept \; }' (Expected 0, got 0) :: [ 01:11:57 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.328 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.328/0.328/0.328/0.000 ms :: [ 01:11:57 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:11:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 01:11:58 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:11:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' :: [ 01:11:59 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; policy drop \; }' (Expected 0, got 0) :: [ 01:12:00 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:12:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:12:01 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 01:12:02 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:12:02 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.379 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=2 ttl=63 time=0.485 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=3 ttl=63 time=15.5 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=4 ttl=63 time=0.367 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=5 ttl=63 time=0.455 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=6 ttl=63 time=0.413 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=7 ttl=63 time=0.364 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=8 ttl=63 time=0.355 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=9 ttl=63 time=0.379 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=10 ttl=63 time=0.349 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=11 ttl=63 time=0.365 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=12 ttl=63 time=0.369 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=13 ttl=63 time=0.387 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=14 ttl=63 time=0.364 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=15 ttl=63 time=0.358 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=16 ttl=63 time=0.370 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=17 ttl=63 time=0.413 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=18 ttl=63 time=0.439 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=19 ttl=63 time=0.442 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=20 ttl=63 time=0.424 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=21 ttl=63 time=0.388 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=22 ttl=63 time=0.458 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=23 ttl=63 time=0.413 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=24 ttl=63 time=0.391 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=25 ttl=63 time=0.440 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=26 ttl=63 time=0.392 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=27 ttl=63 time=0.383 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=28 ttl=63 time=0.371 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=29 ttl=63 time=0.438 ms 64 bytes from 2001:db8:ffff:22::2: icmp_seq=30 ttl=63 time=0.367 ms --- 2001:db8:ffff:22::2 ping statistics --- 30 packets transmitted, 30 received, 0% packet loss, time 6022ms rtt min/avg/max/mdev = 0.349/0.902/15.548/2.719 ms :: [ 01:12:09 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c 30 -i 0.2' (Expected 0, got 0) :: [ 01:12:09 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 01:12:09 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 27s :: Assertions: 21 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 policy test forward path) ** nftables-inet-family-ipv6-policy-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 basic action test input/output path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:12:18 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add table inet filter' :: [ 01:12:19 ] :: [ PASS ] :: Command 'ip netns exec server nft add table inet filter' (Expected 0, got 0) :: [ 01:12:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 01:12:19 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 01:12:20 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 01:12:20 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 01:12:21 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:21 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.420 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.420/0.420/0.420/0.000 ms :: [ 01:12:22 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:12:22 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:12:23 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:12:23 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:12:23 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:12:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 01:12:24 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:25 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' :: [ 01:12:25 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:26 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:12:27 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:12:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 2 bytes 168 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:12:28 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:12:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:12:29 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:12:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:12:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:12:30 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 01:12:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 01:12:31 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 01:12:31 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' :: [ 01:12:32 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter jump test' (Expected 0, got 0) :: [ 01:12:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' :: [ 01:12:33 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter prerouting iifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:34 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:12:35 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:12:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "s_r" counter packets 2 bytes 176 jump test iifname "s_r" counter packets 1 bytes 104 drop } chain test { iifname "s_r" counter packets 2 bytes 176 return iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:12:36 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:12:36 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:12:36 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:12:37 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter prerouting' :: [ 01:12:37 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:12:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' :: [ 01:12:38 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter input { type filter hook input priority 0 \; }' (Expected 0, got 0) :: [ 01:12:38 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 01:12:39 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:39 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 01:12:40 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:40 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.383 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.383/0.383/0.383/0.000 ms :: [ 01:12:40 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:12:41 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 accept iifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:12:41 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:12:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:12:42 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:12:42 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 01:12:43 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:43 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' :: [ 01:12:44 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:44 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:12:46 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:12:46 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 3 bytes 248 drop iifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:12:47 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:12:47 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:12:47 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:12:48 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:12:48 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:12:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter return' :: [ 01:12:49 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter return' (Expected 0, got 0) :: [ 01:12:49 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' :: [ 01:12:50 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test iifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:50 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' :: [ 01:12:50 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter jump test' (Expected 0, got 0) :: [ 01:12:51 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' :: [ 01:12:51 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter input iifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:52 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:12:53 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:12:54 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { iifname "s_r" counter packets 1 bytes 104 return iifname "s_r" counter packets 0 bytes 0 accept } chain input { type filter hook input priority filter; policy accept; iifname "s_r" counter packets 1 bytes 104 jump test iifname "s_r" counter packets 1 bytes 104 drop } } :: [ 01:12:54 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:12:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:12:55 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:12:55 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter input' :: [ 01:12:56 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter input' (Expected 0, got 0) :: [ 01:12:56 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' :: [ 01:12:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter output { type filter hook output priority 0 \; }' (Expected 0, got 0) :: [ 01:12:57 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 01:12:57 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 01:12:58 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 01:12:58 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:12:59 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.348 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.348/0.348/0.348/0.000 ms :: [ 01:12:59 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:12:59 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:13:00 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:13:00 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:13:00 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:01 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 01:13:01 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:13:02 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' :: [ 01:13:02 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter accept' (Expected 0, got 0) :: [ 01:13:03 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:13:04 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:13:05 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 2 bytes 176 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:13:05 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:13:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:13:06 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:06 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:13:07 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:13:07 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 01:13:08 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 01:13:08 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 01:13:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 01:13:09 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' :: [ 01:13:09 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter jump test' (Expected 0, got 0) :: [ 01:13:10 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' :: [ 01:13:10 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter output oifname s_r counter drop' (Expected 0, got 0) :: [ 01:13:11 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:13:12 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:13:13 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 3 bytes 232 return oifname "s_r" counter packets 0 bytes 0 accept } chain output { type filter hook output priority filter; policy accept; oifname "s_r" counter packets 3 bytes 232 jump test oifname "s_r" counter packets 3 bytes 232 drop } } :: [ 01:13:13 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:13:14 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:13:14 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter output' :: [ 01:13:15 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter output' (Expected 0, got 0) :: [ 01:13:15 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 01:13:16 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 01:13:16 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 01:13:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 01:13:17 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 01:13:17 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:13:18 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.378 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.378/0.378/0.378/0.000 ms :: [ 01:13:18 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:13:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 1 bytes 104 accept oifname "s_r" counter packets 0 bytes 0 drop } } :: [ 01:13:19 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:13:19 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:13:20 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:20 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 01:13:21 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:13:21 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' :: [ 01:13:21 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter accept' (Expected 0, got 0) :: [ 01:13:22 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:13:24 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:13:24 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 3 bytes 232 drop oifname "s_r" counter packets 0 bytes 0 accept } } :: [ 01:13:24 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:13:25 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:13:25 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:26 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add chain inet filter test' :: [ 01:13:26 ] :: [ PASS ] :: Command 'ip netns exec server nft add chain inet filter test' (Expected 0, got 0) :: [ 01:13:27 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter return' :: [ 01:13:27 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter return' (Expected 0, got 0) :: [ 01:13:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' :: [ 01:13:28 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter test oifname s_r counter accept' (Expected 0, got 0) :: [ 01:13:28 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' :: [ 01:13:29 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter jump test' (Expected 0, got 0) :: [ 01:13:29 ] :: [ BEGIN ] :: Running 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' :: [ 01:13:30 ] :: [ PASS ] :: Command 'ip netns exec server nft add rule inet filter postrouting oifname s_r counter drop' (Expected 0, got 0) :: [ 01:13:30 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:13:32 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:13:32 ] :: [ BEGIN ] :: Running 'ip netns exec server nft list ruleset' table inet filter { chain test { oifname "s_r" counter packets 4 bytes 320 return oifname "s_r" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "s_r" counter packets 4 bytes 320 jump test oifname "s_r" counter packets 4 bytes 320 drop } } :: [ 01:13:33 ] :: [ PASS ] :: Command 'ip netns exec server nft list ruleset' (Expected 0, got 0) :: [ 01:13:33 ] :: [ BEGIN ] :: Running 'ip netns exec server nft flush table inet filter' :: [ 01:13:33 ] :: [ PASS ] :: Command 'ip netns exec server nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:34 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete chain inet filter postrouting' :: [ 01:13:34 ] :: [ PASS ] :: Command 'ip netns exec server nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:13:35 ] :: [ BEGIN ] :: Running 'ip netns exec server nft delete table inet filter' :: [ 01:13:35 ] :: [ PASS ] :: Command 'ip netns exec server nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 77s :: Assertions: 82 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 basic action test input/output path) ** nftables-inet-family-ipv6-basic-action-test-input-output-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: nftables inet family ipv6 basic action test forward path :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:13:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add table inet filter' :: [ 01:13:44 ] :: [ PASS ] :: Command 'ip netns exec router nft add table inet filter' (Expected 0, got 0) :: [ 01:13:45 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' :: [ 01:13:45 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter prerouting { type filter hook prerouting priority 0 \; }' (Expected 0, got 0) :: [ 01:13:46 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 01:13:46 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 01:13:47 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 01:13:47 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:13:47 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.437 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.437/0.437/0.437/0.000 ms :: [ 01:13:48 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:13:48 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 2 bytes 176 accept iifname "r_c" counter packets 0 bytes 0 drop } } :: [ 01:13:49 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:13:49 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:13:49 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:50 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 01:13:50 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:13:51 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' :: [ 01:13:51 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter accept' (Expected 0, got 0) :: [ 01:13:52 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:13:53 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:13:54 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 3 bytes 232 drop iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 01:13:54 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:13:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:13:55 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:13:55 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 01:13:56 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 01:13:56 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter return' :: [ 01:13:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter return' (Expected 0, got 0) :: [ 01:13:57 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' :: [ 01:13:57 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c counter accept' (Expected 0, got 0) :: [ 01:13:58 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' :: [ 01:13:58 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter jump test' (Expected 0, got 0) :: [ 01:13:59 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' :: [ 01:13:59 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter prerouting iifname r_c counter drop' (Expected 0, got 0) :: [ 01:14:00 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:14:01 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:14:02 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; iifname "r_c" counter packets 1 bytes 104 jump test iifname "r_c" counter packets 1 bytes 104 drop } chain test { iifname "r_c" counter packets 1 bytes 104 return iifname "r_c" counter packets 0 bytes 0 accept } } :: [ 01:14:02 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:03 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:03 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:03 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter prerouting' :: [ 01:14:04 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter prerouting' (Expected 0, got 0) :: [ 01:14:04 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' :: [ 01:14:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter forward { type filter hook forward priority 0 \; }' (Expected 0, got 0) :: [ 01:14:05 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 01:14:05 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:14:06 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 01:14:06 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:14:07 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.849 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.849/0.849/0.849/0.000 ms :: [ 01:14:07 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:14:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 accept iifname "r_c" oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 01:14:08 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:08 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:09 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:09 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 01:14:10 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:14:10 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' :: [ 01:14:11 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:14:12 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:14:13 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:14:14 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 01:14:14 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:15 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:15 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 01:14:16 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 01:14:16 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' :: [ 01:14:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter return' (Expected 0, got 0) :: [ 01:14:17 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' :: [ 01:14:17 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test iifname r_c oifname r_s counter accept' (Expected 0, got 0) :: [ 01:14:18 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' :: [ 01:14:18 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter jump test' (Expected 0, got 0) :: [ 01:14:19 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' :: [ 01:14:19 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter forward iifname r_c oifname r_s counter drop' (Expected 0, got 0) :: [ 01:14:20 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:14:21 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:14:22 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { iifname "r_c" oifname "r_s" counter packets 1 bytes 104 return iifname "r_c" oifname "r_s" counter packets 0 bytes 0 accept } chain forward { type filter hook forward priority filter; policy accept; iifname "r_c" oifname "r_s" counter packets 1 bytes 104 jump test iifname "r_c" oifname "r_s" counter packets 1 bytes 104 drop } } :: [ 01:14:22 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:23 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:23 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter forward' :: [ 01:14:24 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter forward' (Expected 0, got 0) :: [ 01:14:24 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' :: [ 01:14:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter postrouting { type filter hook postrouting priority 0 \; }' (Expected 0, got 0) :: [ 01:14:25 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 01:14:25 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 01:14:26 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 01:14:26 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:14:27 ] :: [ BEGIN ] :: Running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes 64 bytes from 2001:db8:ffff:22::2: icmp_seq=1 ttl=63 time=0.353 ms --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms :: [ 01:14:27 ] :: [ PASS ] :: Command 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1' (Expected 0, got 0) :: [ 01:14:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 1 bytes 104 accept oifname "r_s" counter packets 0 bytes 0 drop } } :: [ 01:14:28 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:28 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:29 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:29 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 01:14:30 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:14:30 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' :: [ 01:14:30 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter accept' (Expected 0, got 0) :: [ 01:14:31 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:14:33 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:14:33 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 3 bytes 232 drop oifname "r_s" counter packets 0 bytes 0 accept } } :: [ 01:14:34 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:34 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:34 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:35 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add chain inet filter test' :: [ 01:14:35 ] :: [ PASS ] :: Command 'ip netns exec router nft add chain inet filter test' (Expected 0, got 0) :: [ 01:14:36 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter return' :: [ 01:14:36 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter return' (Expected 0, got 0) :: [ 01:14:36 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' :: [ 01:14:37 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter test oifname r_s counter accept' (Expected 0, got 0) :: [ 01:14:37 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' :: [ 01:14:38 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter jump test' (Expected 0, got 0) :: [ 01:14:38 ] :: [ BEGIN ] :: Running 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' :: [ 01:14:39 ] :: [ PASS ] :: Command 'ip netns exec router nft add rule inet filter postrouting oifname r_s counter drop' (Expected 0, got 0) :: [ 01:14:40 ] :: [ BEGIN ] :: assert_fail :: actually running 'ip netns exec client ping -6 2001:db8:ffff:22::2 -c1 -W 1 ' PING 2001:db8:ffff:22::2(2001:db8:ffff:22::2) 56 data bytes --- 2001:db8:ffff:22::2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms :: [ 01:14:41 ] :: [ PASS ] :: assert_fail (Expected 1-255, got 1) :: [ 01:14:41 ] :: [ BEGIN ] :: Running 'ip netns exec router nft list ruleset' table inet filter { chain test { oifname "r_s" counter packets 4 bytes 320 return oifname "r_s" counter packets 0 bytes 0 accept } chain postrouting { type filter hook postrouting priority filter; policy accept; oifname "r_s" counter packets 4 bytes 320 jump test oifname "r_s" counter packets 4 bytes 320 drop } } :: [ 01:14:42 ] :: [ PASS ] :: Command 'ip netns exec router nft list ruleset' (Expected 0, got 0) :: [ 01:14:42 ] :: [ BEGIN ] :: Running 'ip netns exec router nft flush table inet filter' :: [ 01:14:42 ] :: [ PASS ] :: Command 'ip netns exec router nft flush table inet filter' (Expected 0, got 0) :: [ 01:14:43 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete chain inet filter postrouting' :: [ 01:14:43 ] :: [ PASS ] :: Command 'ip netns exec router nft delete chain inet filter postrouting' (Expected 0, got 0) :: [ 01:14:44 ] :: [ BEGIN ] :: Running 'ip netns exec router nft delete table inet filter' :: [ 01:14:44 ] :: [ PASS ] :: Command 'ip netns exec router nft delete table inet filter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 61s :: Assertions: 62 good, 0 bad :: RESULT: PASS (nftables inet family ipv6 basic action test forward path) ** nftables-inet-family-ipv6-basic-action-test-forward-path PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:14:53 ] :: [ BEGIN ] :: Running 'do_clean' client :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean router :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean server :: [ LOG ] :: xtables rules clean :: [ LOG ] :: nft rules clean :: [ LOG ] :: ipset rules clean :: [ LOG ] :: ipvsadm rules clean :: [ 01:16:03 ] :: [ PASS ] :: Command 'do_clean' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 70s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) ** Cleanup PASS Score:0 Uploading resultoutputfile.log .done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 01:16:12 ] :: [ LOG ] :: Phases fingerprint: wG6Jb0bU :: [ 01:16:12 ] :: [ LOG ] :: Asserts fingerprint: C2K5D35U Uploading journal.xml ...done :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2368s :: Phases: 32 good, 0 bad :: OVERALL RESULT: PASS (unknown)