src: add synproxy stateful object support

Add support for "synproxy" stateful object. For example (for TCP port 80 and using maps with saddr): table ip foo { synproxy https-synproxy { mss 1460 wscale 7 timestamp sack-perm } synproxy other-synproxy { mss 1460 wscale 5 } chain bar { tcp dport 80 synproxy name "https-synproxy" synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } } } Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Fernando Fernandez Mancera <ffmancera@riseup.net> 2019-09-13 01:07:05 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-09-13 13:34:53 +0200
commit: f44ab88b1088eeee8a1a9e1a63db4978932f257f (patch)
tree: fc293e4fc3ea752801dc9a9c6169d626e59c9677 /tests
parent: 80ac631e0eae75f47962aa73d74d2d9c0a0ddaaa (diff)
3 files changed, 43 insertions, 0 deletions
diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t
index 35d01101..4fcde7cc 100644
--- a/tests/py/ip/objects.t
+++ b/tests/py/ip/objects.t
@@ -50,3 +50,9 @@ ct timeout set "cttime1";ok
 %ctexpect5 type ct expectation { protocol udp; dport 9876; timeout 2m; size 12; l3proto ip; };ok
 
 ct expectation set "ctexpect1";ok
+
+# synproxy
+%synproxy1 type synproxy mss 1460 wscale 7;ok
+%synproxy2 type synproxy mss 1460 wscale 7 timestamp sack-perm;ok
+
+synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"};ok
diff --git a/tests/py/ip/objects.t.json b/tests/py/ip/objects.t.json
index 596ad188..634f1921 100644
--- a/tests/py/ip/objects.t.json
+++ b/tests/py/ip/objects.t.json
@@ -200,3 +200,30 @@
     }
 ]
 
+# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"}
+[
+    {
+        "synproxy": {
+            "map": {
+                "key": {
+                    "payload": {
+                        "field": "dport",
+                        "protocol": "tcp"
+                    }
+                },
+                "data": {
+                    "set": [
+                        [
+                            80,
+                            "synproxy2"
+                        ],
+                        [
+                            443,
+                            "synproxy1"
+                        ]
+                    ]
+                }
+            }
+        }
+    }
+]
diff --git a/tests/py/ip/objects.t.payload b/tests/py/ip/objects.t.payload
index ef3e86aa..5252724c 100644
--- a/tests/py/ip/objects.t.payload
+++ b/tests/py/ip/objects.t.payload
@@ -67,3 +67,13 @@ ip test-ip4 output
 # ct expectation set "ctexpect1"
 ip test-ip4 output
   [ objref type 9 name ctexpect1 ]
+
+# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"}
+__objmap%d test-ip4 43 size 2
+__objmap%d test-ip4 0
+	element 0000bb01  : 0 [end]	element 00005000  : 0 [end]
+ip test-ip4 output
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ payload load 2b @ transport header + 2 => reg 1 ]
+  [ objref sreg 1 set __objmap%d ]
author	Fernando Fernandez Mancera <ffmancera@riseup.net>	2019-09-13 01:07:05 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-09-13 13:34:53 +0200
commit	f44ab88b1088eeee8a1a9e1a63db4978932f257f (patch)
tree	fc293e4fc3ea752801dc9a9c6169d626e59c9677 /tests
parent	80ac631e0eae75f47962aa73d74d2d9c0a0ddaaa (diff)