diff options
author | Florian Westphal <fw@strlen.de> | 2017-05-29 19:25:38 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-06-06 20:53:03 +0200 |
commit | 8786dc5f30db5a686c25de7cc80da1fd21082683 (patch) | |
tree | 706e4dbc79ecb6f69c5a7764216c691780a16869 /tests/py | |
parent | 37988cf255e51efba0d81dbc43eb4f0a41e99813 (diff) |
ct: fix inet/bridge/netdev family handling for saddr/daddr
"ct orignal saddr" has an invalid data type, as the address can be either ipv4 or ipv6.
For some cases we could infer it from the rhs, but there are cases where we don't have any
information, e.g. when passing ct original saddr to jhash expression.
So do the same thing that we do for "rt nexthop" -- error out and hint to user
they need to specifiy the desired address type with "meta nfproto".
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
-rw-r--r-- | tests/py/any/ct.t | 4 | ||||
-rw-r--r-- | tests/py/any/ct.t.payload | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index 96a80f84..667126e6 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -91,6 +91,10 @@ ct bytes original reply;fail # missing direction ct saddr 1.2.3.4;fail +meta nfproto ipv4 ct original saddr 1.2.3.4;ok +# wrong base (ip6 but ipv4 address given) +meta nfproto ipv6 ct original saddr 1.2.3.4;fail + # direction, but must be used without ct original mark 42;fail # swapped key and direction diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index 6077e5da..c5fa7c8d 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -373,6 +373,13 @@ ip test-ip4 output [ byteorder reg 1 = hton(reg 1, 8, 8) ] [ cmp lt reg 1 0x00000000 0xf4010000 ] +# meta nfproto ipv4 ct original saddr 1.2.3.4 +ip test-ip4 output + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ ct load src => reg 1 , dir original ] + [ cmp eq reg 1 0x04030201 ] + # ct status expected,seen-reply,assured,confirmed,snat,dnat,dying ip test-ip4 output [ ct load status => reg 1 ] |