Merge branch 'meta_l4_dependency'

Currently nft inserts different types of dependencies for l4 protocols, depending on the family. For inet, nft inserts 'meta l4proto' to e.g. check for tcp, for ip, nft uses 'ip protocol'. Both are fine. The ip6 family however uses 'ip6 nexthdr', and thats a problem because e.g. tcp dport 22 will not match packets that use ipv6 extension headers. The series switches both ipv6 and ipv4 to use meta l4 instead so ipv6 will always check the last transport header value. We could ignore ip as only ipv6 uses extension headers. However, switching ipv4 as well makes things a bit simpler because nft then creates the same l4 dependency for all families. Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2017-05-25 09:14:58 +0200
committer: Florian Westphal <fw@strlen.de> 2017-05-25 09:16:38 +0200
commit: bb6a7f201a817652dd2c795539236c9319a23ad7 (patch)
tree: 1d56b003ba39a44ef0acca8f777389b7eccad394 /tests/py/ip/dnat.t.payload.ip
parent: 1e6ae0e42bdc161d178277c336886e18c259caf5 (diff)
parent: 5f46b18745d18c486e959c93da649c18c8b10fe0 (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip
index 7a7f5a82..1b869d0a 100644
--- a/tests/py/ip/dnat.t.payload.ip
+++ b/tests/py/ip/dnat.t.payload.ip
@@ -2,7 +2,7 @@
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
-  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ cmp gte reg 1 0x00005000 ]
@@ -14,7 +14,7 @@ ip test-ip4 prerouting
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
-  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ range neq reg 1 0x00005000 0x00005a00 ]
@@ -28,7 +28,7 @@ __set%d test-ip4 0
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
-  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ lookup reg 1 set __set%d ]
@@ -42,7 +42,7 @@ __set%d test-ip4 0
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
-  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
@@ -53,7 +53,7 @@ ip test-ip4 prerouting
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
-  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ range neq reg 1 0x00001700 0x00002200 ]
@@ -64,7 +64,7 @@ ip test-ip4 prerouting
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
-  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ cmp eq reg 1 0x00005100 ]
author	Florian Westphal <fw@strlen.de>	2017-05-25 09:14:58 +0200
committer	Florian Westphal <fw@strlen.de>	2017-05-25 09:16:38 +0200
commit	bb6a7f201a817652dd2c795539236c9319a23ad7 (patch)
tree	1d56b003ba39a44ef0acca8f777389b7eccad394 /tests/py/ip/dnat.t.payload.ip
parent	1e6ae0e42bdc161d178277c336886e18c259caf5 (diff)
parent	5f46b18745d18c486e959c93da649c18c8b10fe0 (diff)