diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-05-09 13:35:41 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-09 17:19:50 +0200 |
| commit | 1b8953e75c20437b5c563d86c3ba11d1b24e3ec4 (patch) | |
| tree | 6d71a2ffbede3d03f74d350a0a9feb81551f7b7d /tests/py/inet | |
| parent | 43cb4f27da74184da350c62cad8dd573590b09c6 (diff) | |
json: Fix tproxy support regarding latest changes
Family may be specified also if no address is given at the same time,
make parser/printer tolerant to that. Also fix for missing/incorrect
JSON equivalents in tests/py.
While being at it, fix two issues in non-JSON tests:
* Ruleset is printed in numeric mode, so use 'l4proto 6' instead of
'l4proto tcp' in rules to avoid having to specify expected output for
that unrelated bit.
* In ip and ip6 family tables, family parameter is not deserialized on
output.
Fixes: 3edb96200690b ("parser_bison: missing tproxy syntax with port only for inet family")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet')
| -rw-r--r-- | tests/py/inet/tproxy.t | 2 | ||||
| -rw-r--r-- | tests/py/inet/tproxy.t.json | 80 | ||||
| -rw-r--r-- | tests/py/inet/tproxy.t.payload | 2 |
3 files changed, 82 insertions, 2 deletions
diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t index 0ba78ef1..d23bbcb5 100644 --- a/tests/py/inet/tproxy.t +++ b/tests/py/inet/tproxy.t @@ -18,4 +18,4 @@ ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail meta l4proto 17 tproxy ip to :50080;ok meta l4proto 17 tproxy ip6 to :50080;ok meta l4proto 17 tproxy to :50080;ok -ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000;ok +ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000;ok diff --git a/tests/py/inet/tproxy.t.json b/tests/py/inet/tproxy.t.json index 2897d200..7b3b11c4 100644 --- a/tests/py/inet/tproxy.t.json +++ b/tests/py/inet/tproxy.t.json @@ -84,6 +84,48 @@ } ] +# meta l4proto 17 tproxy ip to :50080 +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 17 + } + }, + { + "tproxy": { + "family": "ip", + "port": 50080 + } + } +] + +# meta l4proto 17 tproxy ip6 to :50080 +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 17 + } + }, + { + "tproxy": { + "family": "ip6", + "port": 50080 + } + } +] + # meta l4proto 17 tproxy to :50080 [ { @@ -103,3 +145,41 @@ } } ] + +# ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000 +[ + { + "match": { + "left": { + "payload": { + "field": "daddr", + "protocol": "ip" + } + }, + "op": "==", + "right": { + "prefix": { + "addr": "0.0.0.0", + "len": 0 + } + } + } + }, + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "tproxy": { + "family": "ip", + "port": 2000 + } + } +] diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload index 8a6ba036..82ff928d 100644 --- a/tests/py/inet/tproxy.t.payload +++ b/tests/py/inet/tproxy.t.payload @@ -49,7 +49,7 @@ inet x y [ immediate reg 1 0x0000a0c3 ] [ tproxy ip6 port reg 1 ] -# ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000 +# ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000 inet x y [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] |