diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-05-08 13:08:45 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-11 12:17:45 +0200 |
| commit | d196dccf1853039656f15c8da94ad349a3b7d07c (patch) | |
| tree | ada3c2446bd764efd12fed37ea7a9bc16ab4b328 /tests/py/ip/dnat.t.json | |
| parent | 875232bc3e6bf55cc31f3763449503a80a7c2382 (diff) | |
tests/py: Support testing JSON input and output as well
This extends nft-test.py by optional JSON testing capabilities,
activated via '-j'/'--enable-json' parameter).
JSON testing happens for all rules which are supposed to work: After a
rule has been added and the existing tests (payload, ruleset listing
output) have been performed, basically the same test is done again using
a recorded JSON equivalent and (if necessary) a recorded listing output.
The code tries to ease new test case creation overhead by
auto-generating JSON equivalent input via listing the (non-JSON) rule in
JSON format. Also, differing netlink debug and listing output are stored
in *.got files to assist in analyzing/fixing failing test cases.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip/dnat.t.json')
| -rw-r--r-- | tests/py/ip/dnat.t.json | 255 |
1 files changed, 255 insertions, 0 deletions
diff --git a/tests/py/ip/dnat.t.json b/tests/py/ip/dnat.t.json new file mode 100644 index 00000000..56f8272f --- /dev/null +++ b/tests/py/ip/dnat.t.json @@ -0,0 +1,255 @@ +# iifname "eth0" tcp dport 80-90 dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 80, 90 ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": { + "set": [ + 23, + 80, + 90 + ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "set": [ + 23, + 80, + 90 + ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "op": "!=", + "right": { + "range": [ 23, 34 ] + } + } + }, + { + "dnat": { + "addr": "192.168.3.2" + } + } +] + +# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080 +[ + { + "match": { + "left": { + "meta": "iifname" + }, + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "name": "tcp" + } + }, + "right": 81 + } + }, + { + "dnat": { + "addr": "192.168.3.2", + "port": 8080 + } + } +] + +# dnat to ct mark map { 0x00000014 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "ct": { + "key": "mark" + } + }, + "right": { + "set": [ + [ + "0x00000014", + "1.2.3.4" + ] + ] + } + } + } + } + } +] + +# dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "left": { + "concat": [ + { + "ct": { + "key": "mark" + } + }, + { + "payload": { + "field": "daddr", + "name": "ip" + } + } + ] + }, + "right": { + "set": [ + [ + { + "concat": [ + "0x00000014", + "1.1.1.1" + ] + }, + "1.2.3.4" + ] + ] + } + } + } + } + } +] + |