diff options
author | Florian Westphal <fw@strlen.de> | 2015-07-10 11:56:31 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2015-07-20 17:26:37 +0200 |
commit | 0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 (patch) | |
tree | 0b4b3f892c990e66f4a01a5d5ba15d3a9c720d47 /tests/regression/ip6/dnat.t.payload.ip6 | |
parent | efd09355038d53fdd3841ab5ccae1543c4967daf (diff) |
tests: validate generated netlink instructions
compare netlink instructions generated by given nft command line
with recorded version.
Example: udp dport 80 accept in ip family should look like
ip test-ip4 input
[ payload load 1b @ network header + 9 => reg 1 ]
[ cmp eq reg 1 0x00000011 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00005000 ]
[ immediate reg 0 accept ]
This is stored in udp.t.payload.ip
Other suffixes:
.payload.ip6
.payload.inet
.payload ('any')
The test script first looks for 'testname.t.payload.$family', if that
doesn't exist 'testname.t.payload' is used.
This allows for family independent test (e.g. meta), where we don't
expect/have any family specific expressions.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/regression/ip6/dnat.t.payload.ip6')
-rw-r--r-- | tests/regression/ip6/dnat.t.payload.ip6 | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/regression/ip6/dnat.t.payload.ip6 b/tests/regression/ip6/dnat.t.payload.ip6 new file mode 100644 index 00000000..13c7a0e3 --- /dev/null +++ b/tests/regression/ip6/dnat.t.payload.ip6 @@ -0,0 +1,25 @@ +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00005000 ] + [ immediate reg 4 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] + +# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x38080120 0x02005f03 0x00000000 0x00000000 ] + [ immediate reg 3 0x00006400 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] + |