summaryrefslogtreecommitdiffstats
path: root/tests/py/ip/snat.t
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-09-28 22:34:10 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-09-29 18:59:44 +0200
commit50780456a01a077d778c236c4d4b64a00ed5acac (patch)
tree789fd2f3e610fc833db2b06f8c39d60a558901dc /tests/py/ip/snat.t
parent82f3b6171d0f79d27662266ddd9876d416879dc8 (diff)
evaluate: check for missing transport protocol match in nat map with concatenations
Restore this error with NAT maps: # nft add rule 'ip ipfoo c dnat to ip daddr map @y' Error: transport protocol mapping is only valid after transport protocol match add rule ip ipfoo c dnat to ip daddr map @y ~~~~ ^^^^^^^^^^^^^^^ Allow for transport protocol match in the map too, which is implicitly pulling in a transport protocol dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip/snat.t')
-rw-r--r--tests/py/ip/snat.t6
1 files changed, 5 insertions, 1 deletions
diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t
index a8ff8d1a..d4b0d2cb 100644
--- a/tests/py/ip/snat.t
+++ b/tests/py/ip/snat.t
@@ -11,7 +11,11 @@ iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240;ok
iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok
-snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok
+meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok
snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok
snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 };ok
snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 };ok
+
+meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80};ok
+snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };fail
+snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80 };fail