diff options
| author | Neil Wilson <neil@aldur.co.uk> | 2017-03-16 11:49:03 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-03-17 12:40:51 +0100 |
| commit | 29b390a2122143997a651e6b25d7496e62ead2a1 (patch) | |
| tree | 03d1604ab5edbec82272e67dcd01d8fee0bd07a5 /tests/conntrack/testsuite/07nat6 | |
| parent | 39398cd3c1e488e099ea186ad1e5b725c2f09d1d (diff) | |
conntrack: Support IPv6 NAT
Refactor and improve nat support to allow conntrack to manage IPv6
NAT entries.
Refactor and improve conntrack nat tests to include IPv6 NAT.
Signed-off-by: Neil Wilson <neil@aldur.co.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/conntrack/testsuite/07nat6')
| -rw-r--r-- | tests/conntrack/testsuite/07nat6 | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/tests/conntrack/testsuite/07nat6 b/tests/conntrack/testsuite/07nat6 new file mode 100644 index 0000000..8cecd8e --- /dev/null +++ b/tests/conntrack/testsuite/07nat6 @@ -0,0 +1,56 @@ +# create dummy +-I -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 --dst-nat 2001:DB8::3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# show +-L --dst-nat ; OK +# show +-L --dst-nat 2001:DB8::3.3.3.3 ; OK +# show +-L --src-nat ; OK +# delete +-D -s 2001:DB8::1.1.1.1 ; OK +# create dummy again +-I -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 --src-nat 2001:DB8::3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# show +-L --src-nat ; OK +# show +-L --src-nat 2001:DB8::3.3.3.3 ; OK +# show +-L --dst-nat ; OK +# show any-nat +-L --any-nat ; OK +# delete +-D -s 2001:DB8::1.1.1.1 ; OK +# bad combination +-L --dst-nat --any-nat ; BAD +# bad combination +-L --src-nat --any-nat ; BAD +# bad combination +-L --src-nat --dst-nat --any-nat ; BAD +# create +-I -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 --dst-nat [2001:DB8::3.3.3.3]:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK +# show +-L --dst-nat [2001:DB8::3.3.3.3]:80 ; OK +# show +-L --any-nat [2001:DB8::3.3.3.3]:80 ; OK +# show +-L --dst-nat [2001:DB8::3.3.3.3]:81 ; OK +# show +-L --dst-nat [2001:DB8::1.1.1.1]:80 ; OK +# noport +-L --dst-nat [2001:DB8::1.1.1.1]: ; BAD +# badport +-L --dst-nat [2001:DB8::1.1.1.1]:: ; BAD +# badport +-L --dst-nat [2001:DB8::1.1.1.1]:80:80 ; BAD +# badport +-L --dst-nat [2001:DB8::1.1.1.1]:65536 ; BAD +# delete +-D -s 2001:DB8::1.1.1.1 ; OK +# mismatched address family +-I -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 --dst-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +# mismatched address family +-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 2001:DB8::3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +# create - brackets only for ports in nat +-I -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 --dst-nat [2001:DB8::3.3.3.3] -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD +# create - brackets rejected elsewhere +-I -s [2001:DB8::1.1.1.1] -d 2001:DB8::2.2.2.2 --dst-nat 2001:DB8::3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD |