summaryrefslogtreecommitdiffstats
path: root/tests/shell
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2022-03-27 23:14:43 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2022-03-29 12:06:15 +0200
commit214494aa7d9efaaba2f8c6e041355afc8662964c (patch)
tree534785b8ab62599a9888c8e125edeb74348e15ed /tests/shell
parent82762ab6f261226030debd5ffe4e22d987ebdb7b (diff)
optimize: Restore optimization for raw payload expressions
This patch reverts d0f14b5337e7 ("optimize: do not merge raw payload expressions") after adding support for concatenation with variable length TYPE_INTEGER. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rw-r--r--tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft31
-rwxr-xr-xtests/shell/testcases/optimizations/merge_vmap_raw32
2 files changed, 63 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft b/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
new file mode 100644
index 00000000..18847116
--- /dev/null
+++ b/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
@@ -0,0 +1,31 @@
+table inet x {
+ chain nat_dns_dnstc {
+ meta l4proto udp redirect to :5300
+ drop
+ }
+
+ chain nat_dns_this_5301 {
+ meta l4proto udp redirect to :5301
+ drop
+ }
+
+ chain nat_dns_saturn_5301 {
+ meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5301
+ drop
+ }
+
+ chain nat_dns_saturn_5302 {
+ meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5302
+ drop
+ }
+
+ chain nat_dns_saturn_5303 {
+ meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5303
+ drop
+ }
+
+ chain nat_dns_acme {
+ udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : goto nat_dns_dnstc, 62-78 . 0xe31393032383939353831343037320e : goto nat_dns_this_5301, 62-78 . 0xe31363436323733373931323934300e : goto nat_dns_saturn_5301, 62-78 . 0xe32393535373539353636383732310e : goto nat_dns_saturn_5302, 62-78 . 0xe38353439353637323038363633390e : goto nat_dns_saturn_5303 }
+ drop
+ }
+}
diff --git a/tests/shell/testcases/optimizations/merge_vmap_raw b/tests/shell/testcases/optimizations/merge_vmap_raw
new file mode 100755
index 00000000..f3dc0721
--- /dev/null
+++ b/tests/shell/testcases/optimizations/merge_vmap_raw
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table inet x {
+ chain nat_dns_dnstc { meta l4proto udp redirect to :5300 ; drop ; }
+ chain nat_dns_this_5301 { meta l4proto udp redirect to :5301 ; drop ; }
+ chain nat_dns_saturn_5301 { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5301 ; drop ; }
+ chain nat_dns_saturn_5302 { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5302 ; drop ; }
+ chain nat_dns_saturn_5303 { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5303 ; drop ; }
+
+ chain nat_dns_acme {
+ udp length 47-63 @th,160,128 0x0e373135363130333131303735353203 \
+ goto nat_dns_dnstc
+
+ udp length 62-78 @th,160,128 0x0e31393032383939353831343037320e \
+ goto nat_dns_this_5301
+
+ udp length 62-78 @th,160,128 0x0e31363436323733373931323934300e \
+ goto nat_dns_saturn_5301
+
+ udp length 62-78 @th,160,128 0x0e32393535373539353636383732310e \
+ goto nat_dns_saturn_5302
+
+ udp length 62-78 @th,160,128 0x0e38353439353637323038363633390e \
+ goto nat_dns_saturn_5303
+
+ drop
+ }
+}"
+
+$NFT -o -f - <<< $RULESET