diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-31 23:17:20 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-31 23:43:18 +0100 |
| commit | 55d4a890af9fae63226511e056e44ab74a94f197 (patch) | |
| tree | 8d57ebb27897438aa7391e3e9cb0a592a8b8e13a /tests/py/ip6 | |
| parent | 878b97fc251a09c12db489c32b87bf33aa5aa81b (diff) | |
tests/py: test port ranges and maps for redirect
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6')
| -rw-r--r-- | tests/py/ip6/redirect.t | 4 | ||||
| -rw-r--r-- | tests/py/ip6/redirect.t.payload.ip6 | 19 |
2 files changed, 23 insertions, 0 deletions
diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t index d5a0a3b2..fca84e5b 100644 --- a/tests/py/ip6/redirect.t +++ b/tests/py/ip6/redirect.t @@ -22,6 +22,7 @@ udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect ra # port specification udp dport 1234 redirect to 1234;ok ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok +ip6 nexthdr tcp redirect to 100-200;ok;ip6 nexthdr 6 redirect to 100-200 tcp dport 39128 redirect to 993;ok redirect to 1234;fail redirect to 12341111;fail @@ -43,3 +44,6 @@ ip6 saddr ::1 redirect drop;fail tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok + +# redirect with maps +ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6 index 3369a7a3..4e78a244 100644 --- a/tests/py/ip6/redirect.t.payload.ip6 +++ b/tests/py/ip6/redirect.t.payload.ip6 @@ -117,6 +117,14 @@ ip6 test-ip6 output [ immediate reg 1 0x00007319 ] [ redir proto_min reg 1 ] +# ip6 nexthdr tcp redirect to 100-200 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00006400 ] + [ immediate reg 2 0x0000c800 ] + [ redir proto_min reg 1 proto_max reg 2 ] + # tcp dport 39128 redirect to 993 ip6 test-ip6 output [ payload load 1b @ network header + 6 => reg 1 ] @@ -183,3 +191,14 @@ ip6 test-ip6 output [ lookup reg 1 set map%d dreg 0 ] [ redir ] +# ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080} +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end] +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ redir proto_min reg 1 ] + |