diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-04-03 23:40:04 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-04-04 13:19:33 +0200 |
commit | 3edb96200690b804ceb76a9fb0ae441ed7d4d8f0 (patch) | |
tree | 76580b8f2fe88638ba8231d50e453da88511034d /tests/py/inet | |
parent | 3b29acc8f29944c5cf34259f2e2b5b40b4d0ccdd (diff) |
parser_bison: missing tproxy syntax with port only for inet family
# nft add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000
Error: syntax error, unexpected colon
add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000
^
Syntax with no protocol for tproxy complains with:
# nft add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy to :2000
Error: Conflicting network layer protocols.
add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy to :2000
^^^^^^^^^^^^^^^
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1310
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet')
-rw-r--r-- | tests/py/inet/tproxy.t | 5 | ||||
-rw-r--r-- | tests/py/inet/tproxy.t.payload | 26 |
2 files changed, 29 insertions, 2 deletions
diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t index f80f7734..0ba78ef1 100644 --- a/tests/py/inet/tproxy.t +++ b/tests/py/inet/tproxy.t @@ -15,6 +15,7 @@ meta l4proto 6 tproxy ip6 to [2001:db8::1];ok meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail -meta l4proto 17 tproxy ip to :50080;fail -meta l4proto 17 tproxy ip6 to :50080;fail +meta l4proto 17 tproxy ip to :50080;ok +meta l4proto 17 tproxy ip6 to :50080;ok meta l4proto 17 tproxy to :50080;ok +ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000;ok diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload index 4b18460d..8a6ba036 100644 --- a/tests/py/inet/tproxy.t.payload +++ b/tests/py/inet/tproxy.t.payload @@ -35,3 +35,29 @@ inet x y [ immediate reg 1 0x0000a0c3 ] [ tproxy port reg 1 ] +# meta l4proto 17 tproxy ip to :50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy ip port reg 1 ] + +# meta l4proto 17 tproxy ip6 to :50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy ip6 port reg 1 ] + +# ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000 +inet x y + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 4b @ network header + 16 => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000000 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000d007 ] + [ tproxy ip port reg 1 ] + |