diff options
author | Florian Westphal <fw@strlen.de> | 2017-09-29 13:55:54 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-09-29 13:55:54 +0200 |
commit | 54a0c5dc0f4db879ad2f44fc77bcd2568719be42 (patch) | |
tree | 5d5e17e0fca1c3cdd9fd582f17273705f8d6555f /tests/py/inet | |
parent | 28180991740e6942adfb12650ff2472d73e89387 (diff) | |
parent | 26589362c1a3a7c3f0fdb5e70e831bcb4077b0d1 (diff) |
Merge branch 'ct_rt_syntax_06'
inet family (and others, e.g. bridge) lack context to figure out the
layer 3 address type.
examples:
ct original saddr $addr
rt nexthop $addr
We can't use $addr, because it might be a set reference, e.g.
ct original saddr @whitelist
currently implemented workaround is to use 'meta nfproto' to provide the
l3 context, e.g.
meta nfproto ip rt nexthop 10.2.3.4
i.e. users need to fill dependency manually.
Pablo suggested to instead specify ip saddr, ip6 saddr:
ct original ip saddr $address
and then let nft handle the dependency injection, these changes do this.
Old syntax is preserved.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet')
-rw-r--r-- | tests/py/inet/ct.t | 7 | ||||
-rw-r--r-- | tests/py/inet/ct.t.payload | 4 | ||||
-rw-r--r-- | tests/py/inet/icmpX.t | 4 | ||||
-rw-r--r-- | tests/py/inet/rt.t | 10 | ||||
-rw-r--r-- | tests/py/inet/rt.t.payload | 4 |
5 files changed, 18 insertions, 11 deletions
diff --git a/tests/py/inet/ct.t b/tests/py/inet/ct.t index c56c3bc8..1a656aa4 100644 --- a/tests/py/inet/ct.t +++ b/tests/py/inet/ct.t @@ -3,8 +3,11 @@ *inet;test-inet;input -meta nfproto ipv4 ct original saddr 1.2.3.4;ok -meta nfproto ipv6 ct original saddr ::1;ok +meta nfproto ipv4 ct original saddr 1.2.3.4;ok;ct original ip saddr 1.2.3.4 +ct original ip6 saddr ::1;ok # missing protocol context ct original saddr ::1;fail + +# wrong protocol context +ct original ip saddr ::1;fail diff --git a/tests/py/inet/ct.t.payload b/tests/py/inet/ct.t.payload index 21c74581..97128ecc 100644 --- a/tests/py/inet/ct.t.payload +++ b/tests/py/inet/ct.t.payload @@ -5,9 +5,9 @@ ip test-ip4 output [ ct load src => reg 1 , dir original ] [ cmp eq reg 1 0x04030201 ] -# meta nfproto ipv6 ct original saddr ::1 +# ct original ip6 saddr ::1 inet test-inet input - [ meta load nfproto => reg 1 ] + [ ct load l3protocol => reg 1 , dir original ] [ cmp eq reg 1 0x0000000a ] [ ct load src => reg 1 , dir original ] [ cmp eq reg 1 0x00000000 0x00000000 0x00000000 0x01000000 ] diff --git a/tests/py/inet/icmpX.t b/tests/py/inet/icmpX.t index 7617e701..1b467a18 100644 --- a/tests/py/inet/icmpX.t +++ b/tests/py/inet/icmpX.t @@ -3,6 +3,6 @@ *inet;test-inet;input ip protocol icmp icmp type echo-request;ok;icmp type echo-request -icmp type echo-request;ok;meta nfproto ipv4 meta l4proto 1 icmp type echo-request +icmp type echo-request;ok ip6 nexthdr icmpv6 icmpv6 type echo-request;ok;icmpv6 type echo-request -icmpv6 type echo-request;ok;meta nfproto ipv6 meta l4proto 58 icmpv6 type echo-request +icmpv6 type echo-request;ok diff --git a/tests/py/inet/rt.t b/tests/py/inet/rt.t index 9543738b..23608ab2 100644 --- a/tests/py/inet/rt.t +++ b/tests/py/inet/rt.t @@ -4,7 +4,13 @@ rt nexthop 192.168.0.1;fail rt nexthop fd00::1;fail -meta nfproto ipv4 rt nexthop 192.168.0.1;ok -meta nfproto ipv6 rt nexthop fd00::1;ok + +meta nfproto ipv4 rt nexthop 192.168.0.1;ok;meta nfproto ipv4 rt ip nexthop 192.168.0.1 +rt ip6 nexthop fd00::1;ok + +# missing context +rt nexthop fd00::1;fail +# wrong context +rt ip nexthop fd00::1;fail tcp option maxseg size set rt mtu;ok diff --git a/tests/py/inet/rt.t.payload b/tests/py/inet/rt.t.payload index 928e0095..84dea12c 100644 --- a/tests/py/inet/rt.t.payload +++ b/tests/py/inet/rt.t.payload @@ -5,10 +5,8 @@ inet test-inet output [ rt load nexthop4 => reg 1 ] [ cmp eq reg 1 0x0100a8c0 ] -# meta nfproto ipv6 rt nexthop fd00::1 +# rt ip6 nexthop fd00::1 inet test-inet output - [ meta load nfproto => reg 1 ] - [ cmp eq reg 1 0x0000000a ] [ rt load nexthop6 => reg 1 ] [ cmp eq reg 1 0x000000fd 0x00000000 0x00000000 0x01000000 ] |