diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-21 10:28:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-21 18:49:07 +0200 |
commit | 7f742d0a9071f932836b4f8525a6d3f7261ae083 (patch) | |
tree | cd972674de9ea2efbd6e39747acd435b100bf154 /tests/py/ip/ct.t.payload | |
parent | fb5a36ad5c1032244cf76171648fdefbbe571519 (diff) |
ct: support for NFT_CT_{SRC,DST}_{IP,IP6}
These keys are available since kernel >= 4.17.
You can still use NFT_CT_{SRC,DST}, however, you need to specify 'meta
protocol' in first place to provide layer 3 context.
Note that NFT_CT_{SRC,DST} are broken with set, maps and concatenations.
This patch is implicitly fixing these cases.
If your kernel is < 4.17, you can still use address matching via
explicit meta nfproto:
meta nfproto ipv4 ct original saddr 1.2.3.4
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip/ct.t.payload')
-rw-r--r-- | tests/py/ip/ct.t.payload | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload index b7cd130d..d5faed4c 100644 --- a/tests/py/ip/ct.t.payload +++ b/tests/py/ip/ct.t.payload @@ -1,44 +1,44 @@ # ct original ip saddr 192.168.0.1 ip test-ip4 output - [ ct load src => reg 1 , dir original ] + [ ct load src_ip => reg 1 , dir original ] [ cmp eq reg 1 0x0100a8c0 ] # ct reply ip saddr 192.168.0.1 ip test-ip4 output - [ ct load src => reg 1 , dir reply ] + [ ct load src_ip => reg 1 , dir reply ] [ cmp eq reg 1 0x0100a8c0 ] # ct original ip daddr 192.168.0.1 ip test-ip4 output - [ ct load dst => reg 1 , dir original ] + [ ct load dst_ip => reg 1 , dir original ] [ cmp eq reg 1 0x0100a8c0 ] # ct reply ip daddr 192.168.0.1 ip test-ip4 output - [ ct load dst => reg 1 , dir reply ] + [ ct load dst_ip => reg 1 , dir reply ] [ cmp eq reg 1 0x0100a8c0 ] # ct original ip saddr 192.168.1.0/24 ip test-ip4 output - [ ct load src => reg 1 , dir original ] + [ ct load src_ip => reg 1 , dir original ] [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct reply ip saddr 192.168.1.0/24 ip test-ip4 output - [ ct load src => reg 1 , dir reply ] + [ ct load src_ip => reg 1 , dir reply ] [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct original ip daddr 192.168.1.0/24 ip test-ip4 output - [ ct load dst => reg 1 , dir original ] + [ ct load dst_ip => reg 1 , dir original ] [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] # ct reply ip daddr 192.168.1.0/24 ip test-ip4 output - [ ct load dst => reg 1 , dir reply ] + [ ct load dst_ip => reg 1 , dir reply ] [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] |