summaryrefslogtreecommitdiffstats
path: root/tests/py/ip/snat.t
Commit message (Collapse)AuthorAgeFilesLines
* evaluate: check for missing transport protocol match in nat map with ↵Pablo Neira Ayuso2021-09-291-1/+5
| | | | | | | | | | | | | | | | concatenations Restore this error with NAT maps: # nft add rule 'ip ipfoo c dnat to ip daddr map @y' Error: transport protocol mapping is only valid after transport protocol match add rule ip ipfoo c dnat to ip daddr map @y ~~~~ ^^^^^^^^^^^^^^^ Allow for transport protocol match in the map too, which is implicitly pulling in a transport protocol dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netlink: rework range_expr_to_prefix()Pablo Neira Ayuso2021-09-091-0/+2
| | | | | | | | | Consolidate prefix calculation in range_expr_is_prefix(). Add tests/py for 9208fb30dc49 ("src: Check range bounds before converting to prefix"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support for nat with interval concatenationPablo Neira Ayuso2021-07-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows you to combine concatenation and interval in NAT mappings, e.g. add rule x y dnat to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2-10.141.10.5 . 8888-8999 } This generates the following NAT expression: [ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ] which expects to obtain the following tuple: IP address (min), source port (min), IP address (max), source port (max) to be obtained from the map. This representation simplifies the delinearize path, since the datatype is specified as: ipv4_addr . inet_service. A few more notes on this update: - alloc_nftnl_setelem() needs a variant netlink_gen_data() to deal with the representation of the range on the rhs of the mapping. In contrast to interval concatenation in the key side, where the range is expressed as two netlink attributes, the data side of the set element mapping stores the interval concatenation in a contiguos memory area, see __netlink_gen_concat_expand() for reference. - add range_expr_postprocess() to postprocess the data mapping range. If either one single IP address or port is used, then the minimum and maximum value in the range is the same value, e.g. to avoid listing 80-80, this round simplify the range. This also invokes the range to prefix conversion routine. - add concat_elem_expr() helper function to consolidate code to build the concatenation expression on the rhs element data side. This patch also adds tests/py and tests/shell. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: infer NAT mapping with concatenation from setPablo Neira Ayuso2021-07-131-1/+1
| | | | | | | | | | | | If the map is anonymous, infer it from the set elements. Otherwise, the set definition already have an explicit concatenation definition in the data side of the mapping. This update simplifies the NAT mapping syntax with concatenations, e.g. snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove STMT_NAT_F_INTERVAL flags and interval keywordPablo Neira Ayuso2021-07-131-1/+1
| | | | | | | | | | | | | | | STMT_NAT_F_INTERVAL is not useful, the keyword interval can be removed to simplify the syntax, e.g. snat to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } This patch reworks 9599d9d25a6b ("src: NAT support for intervals in maps"). Do not remove STMT_NAT_F_INTERVAL yet since this flag is needed for interval concatenations coming in a follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: py: concatenation, netmap and nat mappingsPablo Neira Ayuso2020-04-281-0/+4
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Unmask negative set lookupAnatole Denis2016-11-291-4/+1
| | | | | | | | Many testcases were masked because of bug #888. This series of patches unmasks them Signed-off-by: Anatole Denis <anatole@rezel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add 'to' for snat and dnatPablo Neira Ayuso2016-08-181-6/+6
| | | | | | | | | | | This is extra syntaxtic sugar to get this consistent with other statements such as redirect, masquerade, dup and fwd that indicates where to go. Existing syntax is still preserved, but the listing shows the one including 'to'. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: update test files syntaxPablo M. Bermudo Garay2016-01-121-1/+2
| | | | | | | | The test files have been adapted to the syntax defined in the previous commit "tests/py: modify supported test file syntax" Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/: rearrange tests directoryArturo Borrero2015-12-151-0/+12
Rearrange the directory to obtain a better organization of files and tests-suites. We end with a tree like this: tests | .--- py .--- shell .--- files This was suggested by Pablo. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>