~hc/RK356X_SDK_RELEASE.git

..	..	@@ -35,6 +35,8 @@
35	35	for i in 1 2;do ip netns del nsrouter$i;done
36	36	}
37	37
	38	+trap cleanup EXIT
	39	+
38	40	ipv4() {
39	41	echo -n 192.168.$1.2
40	42	}
..	..	@@ -146,11 +148,17 @@
146	148	table inet filter {
147	149	counter unknown { }
148	150	counter related { }
	151	+ counter redir4 { }
	152	+ counter redir6 { }
149	153	chain input {
150	154	type filter hook input priority 0; policy accept;
151		- meta l4proto { icmp, icmpv6 } ct state established,untracked accept
152	155
	156	+ icmp type "redirect" ct state "related" counter name "redir4" accept
	157	+ icmpv6 type "nd-redirect" ct state "related" counter name "redir6" accept
	158	+
	159	+ meta l4proto { icmp, icmpv6 } ct state established,untracked accept
153	160	meta l4proto { icmp, icmpv6 } ct state "related" counter name "related" accept
	161	+
154	162	counter name "unknown" drop
155	163	}
156	164	}
..	..	@@ -279,5 +287,29 @@
279	287	echo "ERROR: icmp error RELATED state test has failed"
280	288	fi
281	289
282		-cleanup
	290	+# add 'bad' route, expect icmp REDIRECT to be generated
	291	+ip netns exec nsclient1 ip route add 192.168.1.42 via 192.168.1.1
	292	+ip netns exec nsclient1 ip route add dead:1::42 via dead:1::1
	293	+
	294	+ip netns exec "nsclient1" ping -q -c 2 192.168.1.42 > /dev/null
	295	+
	296	+expect="packets 1 bytes 112"
	297	+check_counter nsclient1 "redir4" "$expect"
	298	+if [ $? -ne 0 ];then
	299	+ ret=1
	300	+fi
	301	+
	302	+ip netns exec "nsclient1" ping -c 1 dead:1::42 > /dev/null
	303	+expect="packets 1 bytes 192"
	304	+check_counter nsclient1 "redir6" "$expect"
	305	+if [ $? -ne 0 ];then
	306	+ ret=1
	307	+fi
	308	+
	309	+if [ $ret -eq 0 ];then
	310	+ echo "PASS: icmp redirects had RELATED state"
	311	+else
	312	+ echo "ERROR: icmp redirect RELATED state test has failed"
	313	+fi
	314	+
283	315	exit $ret