diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-13 20:18:27 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-13 20:25:33 +0200 |
commit | c68314dd4263575abaed43e052c7e61f6b359040 (patch) | |
tree | 858f9baaf7ebd9e697ca224739319c314b9519c2 /tests/shell | |
parent | 9b169bfc650ebeb81aff80ba2bf87d729dc3143e (diff) |
src: infer NAT mapping with concatenation from set
If the map is anonymous, infer it from the set elements. Otherwise, the
set definition already have an explicit concatenation definition in the
data side of the mapping.
This update simplifies the NAT mapping syntax with concatenations, e.g.
snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 }
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rw-r--r-- | tests/shell/testcases/maps/dumps/0010concat_map_0.nft | 2 | ||||
-rw-r--r-- | tests/shell/testcases/maps/dumps/nat_addr_port.nft | 24 |
2 files changed, 13 insertions, 13 deletions
diff --git a/tests/shell/testcases/maps/dumps/0010concat_map_0.nft b/tests/shell/testcases/maps/dumps/0010concat_map_0.nft index 328c653c..b6bc338c 100644 --- a/tests/shell/testcases/maps/dumps/0010concat_map_0.nft +++ b/tests/shell/testcases/maps/dumps/0010concat_map_0.nft @@ -6,6 +6,6 @@ table inet x { chain y { type nat hook prerouting priority dstnat; policy accept; - meta nfproto ipv4 dnat ip addr . port to ip saddr . ip protocol . tcp dport map @z + meta nfproto ipv4 dnat ip to ip saddr . ip protocol . tcp dport map @z } } diff --git a/tests/shell/testcases/maps/dumps/nat_addr_port.nft b/tests/shell/testcases/maps/dumps/nat_addr_port.nft index 89c3bd14..cf6b957f 100644 --- a/tests/shell/testcases/maps/dumps/nat_addr_port.nft +++ b/tests/shell/testcases/maps/dumps/nat_addr_port.nft @@ -27,10 +27,10 @@ table ip ipfoo { dnat to ip daddr map @x ip saddr 10.1.1.1 dnat to 10.2.3.4 ip saddr 10.1.1.2 tcp dport 42 dnat to 10.2.3.4:4242 - meta l4proto tcp dnat ip addr . port to ip saddr map @y - dnat ip addr . port to ip saddr . tcp dport map @z + meta l4proto tcp dnat ip to ip saddr map @y + dnat ip to ip saddr . tcp dport map @z dnat to numgen inc mod 2 map @t1 - meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2 + meta l4proto tcp dnat ip to numgen inc mod 2 map @t2 } } table ip6 ip6foo { @@ -60,10 +60,10 @@ table ip6 ip6foo { dnat to ip6 daddr map @x ip6 saddr dead::1 dnat to feed::1 ip6 saddr dead::2 tcp dport 42 dnat to [c0::1a]:4242 - meta l4proto tcp dnat ip6 addr . port to ip6 saddr map @y - dnat ip6 addr . port to ip6 saddr . tcp dport map @z + meta l4proto tcp dnat ip6 to ip6 saddr map @y + dnat ip6 to ip6 saddr . tcp dport map @z dnat to numgen inc mod 2 map @t1 - meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2 + meta l4proto tcp dnat ip6 to numgen inc mod 2 map @t2 } } table inet inetfoo { @@ -114,16 +114,16 @@ table inet inetfoo { dnat ip to ip daddr map @x4 ip saddr 10.1.1.1 dnat ip to 10.2.3.4 ip saddr 10.1.1.2 tcp dport 42 dnat ip to 10.2.3.4:4242 - meta l4proto tcp meta nfproto ipv4 dnat ip addr . port to ip saddr map @y4 - meta nfproto ipv4 dnat ip addr . port to ip saddr . tcp dport map @z4 + meta l4proto tcp meta nfproto ipv4 dnat ip to ip saddr map @y4 + meta nfproto ipv4 dnat ip to ip saddr . tcp dport map @z4 dnat ip to numgen inc mod 2 map @t1v4 - meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2v4 + meta l4proto tcp dnat ip to numgen inc mod 2 map @t2v4 dnat ip6 to ip6 daddr map @x6 ip6 saddr dead::1 dnat ip6 to feed::1 ip6 saddr dead::2 tcp dport 42 dnat ip6 to [c0::1a]:4242 - meta l4proto tcp meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr map @y6 - meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr . tcp dport map @z6 + meta l4proto tcp meta nfproto ipv6 dnat ip6 to ip6 saddr map @y6 + meta nfproto ipv6 dnat ip6 to ip6 saddr . tcp dport map @z6 dnat ip6 to numgen inc mod 2 map @t1v6 - meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2v6 + meta l4proto tcp dnat ip6 to numgen inc mod 2 map @t2v6 } } |