diff options
author | Máté Eckl <ecklm94@gmail.com> | 2018-07-20 09:46:44 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-03 12:17:31 +0200 |
commit | 7dfc5e6586286d72cc294a4a33acbbaa8d2f73ac (patch) | |
tree | f156f9c07cb6c15d63918492699767dc279abf1d | |
parent | 2be1d52644cf77bb2634fb504a265da480c5e901 (diff) |
tests: py: Add test cases for tproxy support
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | tests/py/inet/tproxy.t | 20 | ||||
-rw-r--r-- | tests/py/inet/tproxy.t.payload | 37 | ||||
-rw-r--r-- | tests/py/ip/tproxy.t | 14 | ||||
-rw-r--r-- | tests/py/ip/tproxy.t.payload | 22 | ||||
-rw-r--r-- | tests/py/ip6/tproxy.t | 16 | ||||
-rw-r--r-- | tests/py/ip6/tproxy.t.payload | 44 |
6 files changed, 153 insertions, 0 deletions
diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t new file mode 100644 index 00000000..f80f7734 --- /dev/null +++ b/tests/py/inet/tproxy.t @@ -0,0 +1,20 @@ +:y;type filter hook prerouting priority -150 + +*inet;x;y + +tproxy;fail +meta l4proto 17 tproxy to 192.0.2.1;fail +meta l4proto 6 tproxy to 192.0.2.1:50080;fail +meta l4proto 17 tproxy ip to 192.0.2.1;ok +meta l4proto 6 tproxy ip to 192.0.2.1:50080;ok +ip protocol 6 tproxy ip6 to [2001:db8::1];fail + +meta l4proto 6 tproxy to [2001:db8::1];fail +meta l4proto 17 tproxy to [2001:db8::1]:50080;fail +meta l4proto 6 tproxy ip6 to [2001:db8::1];ok +meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok +ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail + +meta l4proto 17 tproxy ip to :50080;fail +meta l4proto 17 tproxy ip6 to :50080;fail +meta l4proto 17 tproxy to :50080;ok diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload new file mode 100644 index 00000000..4b18460d --- /dev/null +++ b/tests/py/inet/tproxy.t.payload @@ -0,0 +1,37 @@ +# meta l4proto 17 tproxy ip to 192.0.2.1 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x010200c0 ] + [ tproxy ip addr reg 1 ] + +# meta l4proto 6 tproxy ip to 192.0.2.1:50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x010200c0 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy ip addr reg 1 port reg 2 ] + +# meta l4proto 6 tproxy ip6 to [2001:db8::1] +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ tproxy ip6 addr reg 1 ] + +# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy ip6 addr reg 1 port reg 2 ] + +# meta l4proto 17 tproxy to :50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy port reg 1 ] + diff --git a/tests/py/ip/tproxy.t b/tests/py/ip/tproxy.t new file mode 100644 index 00000000..6e959f47 --- /dev/null +++ b/tests/py/ip/tproxy.t @@ -0,0 +1,14 @@ +:y;type filter hook prerouting priority -150 + +*ip;x;y + +tproxy;fail +tproxy to 192.0.2.1;fail +tproxy to 192.0.2.1:50080;fail +tproxy to :50080;fail +meta l4proto 17 tproxy to 192.0.2.1;ok +meta l4proto 6 tproxy to 192.0.2.1:50080;ok +ip protocol 6 tproxy to :50080;ok +meta l4proto 17 tproxy ip to 192.0.2.1;fail +meta l4proto 6 tproxy ip to 192.0.2.1:50080;fail +ip protocol 6 tproxy ip to :50080;fail diff --git a/tests/py/ip/tproxy.t.payload b/tests/py/ip/tproxy.t.payload new file mode 100644 index 00000000..9a899a8d --- /dev/null +++ b/tests/py/ip/tproxy.t.payload @@ -0,0 +1,22 @@ +# meta l4proto 17 tproxy to 192.0.2.1 +ip x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x010200c0 ] + [ tproxy ip addr reg 1 ] + +# meta l4proto 6 tproxy to 192.0.2.1:50080 +ip x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x010200c0 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy ip addr reg 1 port reg 2 ] + +# ip protocol 6 tproxy to :50080 +ip x y + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy ip port reg 1 ] + diff --git a/tests/py/ip6/tproxy.t b/tests/py/ip6/tproxy.t new file mode 100644 index 00000000..dcd2bd8f --- /dev/null +++ b/tests/py/ip6/tproxy.t @@ -0,0 +1,16 @@ +:y;type filter hook prerouting priority -150 + +*ip6;x;y + +tproxy;fail +tproxy to [2001:db8::1];fail +tproxy to [2001:db8::1]:50080;fail +tproxy to :50080;fail +meta l4proto 6 tproxy to [2001:db8::1];ok +meta l4proto 17 tproxy to [2001:db8::1]:50080;ok +meta l4proto 6 tproxy to :50080;ok +meta l4proto 6 tproxy ip6 to [2001:db8::1];fail +meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;fail +meta l4proto 6 tproxy ip6 to :50080;fail + + diff --git a/tests/py/ip6/tproxy.t.payload b/tests/py/ip6/tproxy.t.payload new file mode 100644 index 00000000..d03beee4 --- /dev/null +++ b/tests/py/ip6/tproxy.t.payload @@ -0,0 +1,44 @@ +# meta l4proto 6 tproxy to [2001:db8::1] +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ tproxy ip6 addr reg 1 ] + +# meta l4proto 17 tproxy to [2001:db8::1]:50080 +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy ip6 addr reg 1 port reg 2 ] + +# meta l4proto 6 tproxy to :50080 +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy ip6 port reg 1 ] + +# meta l4proto 6 tproxy to [2001:db8::1] +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ tproxy ip6 addr reg 1 ] + +# meta l4proto 17 tproxy to [2001:db8::1]:50080 +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy ip6 addr reg 1 port reg 2 ] + +# meta l4proto 6 tproxy to :50080 +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy ip6 port reg 1 ] + |