summaryrefslogtreecommitdiffstats
path: root/tests/regression/ip/dnat.t.payload.ip
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2015-07-10 11:56:31 +0200
committerFlorian Westphal <fw@strlen.de>2015-07-20 17:26:37 +0200
commit0abfb2b7e01ca07efe1be16a1a5bd8925340dc41 (patch)
tree0b4b3f892c990e66f4a01a5d5ba15d3a9c720d47 /tests/regression/ip/dnat.t.payload.ip
parentefd09355038d53fdd3841ab5ccae1543c4967daf (diff)
tests: validate generated netlink instructions
compare netlink instructions generated by given nft command line with recorded version. Example: udp dport 80 accept in ip family should look like ip test-ip4 input [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00005000 ] [ immediate reg 0 accept ] This is stored in udp.t.payload.ip Other suffixes: .payload.ip6 .payload.inet .payload ('any') The test script first looks for 'testname.t.payload.$family', if that doesn't exist 'testname.t.payload' is used. This allows for family independent test (e.g. meta), where we don't expect/have any family specific expressions. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/regression/ip/dnat.t.payload.ip')
-rw-r--r--tests/regression/ip/dnat.t.payload.ip50
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/regression/ip/dnat.t.payload.ip b/tests/regression/ip/dnat.t.payload.ip
new file mode 100644
index 00000000..93c4d68b
--- /dev/null
+++ b/tests/regression/ip/dnat.t.payload.ip
@@ -0,0 +1,50 @@
+# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2
+ip test-ip4 prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x0203a8c0 ]
+ [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+
+# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2
+ip test-ip4 prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp lt reg 1 0x00005000 ]
+ [ cmp gt reg 1 0x00005a00 ]
+ [ immediate reg 1 0x0203a8c0 ]
+ [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+
+# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2
+set%d test-ip4 3
+set%d test-ip4 0
+ element 00005000 : 0 [end] element 00005a00 : 0 [end] element 00001700 : 0 [end]
+ip test-ip4 prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set set%d ]
+ [ immediate reg 1 0x0203a8c0 ]
+ [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+
+# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2
+ip test-ip4 prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp lt reg 1 0x00001700 ]
+ [ cmp gt reg 1 0x00002200 ]
+ [ immediate reg 1 0x0203a8c0 ]
+ [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+