diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-06-02 17:14:59 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-06-02 18:08:42 +0200 |
commit | 575cc4519aa177c573481f683e07c2789a2f870a (patch) | |
tree | 46909685c0940c50db60fa3a75fa753d4cbcb2aa /tests | |
parent | 99632dd169d7db6c66abc06df017de83feec2d38 (diff) |
tests: regression: fix NAT tests
snat can be only used from prerouting and input, and dnat from output and
postrouting.
ip/nat.t: ERROR: line 12: nft add rule ip test-ip4 output iifname eth0 tcp sport 23-34 snat 192.168.3.2: This rule should not have failed.
Split the test file as they require different chain configuration.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/regression/ip/dnat.t (renamed from tests/regression/ip/nat.t) | 8 | ||||
-rw-r--r-- | tests/regression/ip/snat.t | 12 | ||||
-rw-r--r-- | tests/regression/ip6/dnat.t (renamed from tests/regression/ip6/nat.t) | 3 | ||||
-rw-r--r-- | tests/regression/ip6/snat.t | 6 |
4 files changed, 20 insertions, 9 deletions
diff --git a/tests/regression/ip/nat.t b/tests/regression/ip/dnat.t index 26c8cbf7..78fc454d 100644 --- a/tests/regression/ip/nat.t +++ b/tests/regression/ip/dnat.t @@ -1,16 +1,10 @@ *ip;test-ip4 -# bug: Nat tables is not supported yet in inet table. --*inet;test-inet - -:output;type nat hook output priority 0 +:prerouting;type nat hook prerouting priority 0 iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok - iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok - -iifname eth0 tcp sport 23-34 snat 192.168.3.2;ok - - iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok # BUG: invalid expression type set # nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. diff --git a/tests/regression/ip/snat.t b/tests/regression/ip/snat.t new file mode 100644 index 00000000..1caf7c76 --- /dev/null +++ b/tests/regression/ip/snat.t @@ -0,0 +1,12 @@ +*ip;test-ip4 +:postrouting;type nat hook postrouting priority 0 + +iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok +iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok +iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok +- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok +- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok +# BUG: invalid expression type set +# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed. + +iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok diff --git a/tests/regression/ip6/nat.t b/tests/regression/ip6/dnat.t index 2fb4ac81..a2555c72 100644 --- a/tests/regression/ip6/nat.t +++ b/tests/regression/ip6/dnat.t @@ -1,6 +1,5 @@ *ip6;test-ip6 -- *inet;test-inet -:input;type nat hook input priority 0 +:prerouting;type nat hook prerouting priority 0 tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok diff --git a/tests/regression/ip6/snat.t b/tests/regression/ip6/snat.t new file mode 100644 index 00000000..73452752 --- /dev/null +++ b/tests/regression/ip6/snat.t @@ -0,0 +1,6 @@ +*ip6;test-ip6 +- *inet;test-inet +:postrouting;type nat hook postrouting priority 0 + +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :100;ok |