summaryrefslogtreecommitdiffstats
path: root/tests/py/ip6/dnat.t.json
Commit message (Collapse)AuthorAgeFilesLines
* json: fix ip6 dnat test case after range to prefix transformation changeFlorian Westphal2020-11-071-8/+9
| | | | | | | | Tests currently fail with ip6/dnat.t: WARNING: line 8: ... because test still expects a range expression. Fixes: ee4391d0ac1e7 ("nat: transform range to prefix expression when possible") Signed-off-by: Florian Westphal <fw@strlen.de>
* src: evaluate: support prefix expression in statementsFlorian Westphal2019-07-221-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | Currently nft dumps core when it encounters a prefix expression as part of a statement, e.g. iifname ens3 snat to 10.0.0.0/28 yields: BUG: unknown expression type prefix nft: netlink_linearize.c:688: netlink_gen_expr: Assertion `0' failed. This assertion is correct -- we can't linearize a prefix because kernel doesn't know what that is. For LHS prefixes, they get converted to a binary 'and' such as '10.0.0.0 & 255.255.255.240'. For RHS, we can do something similar and convert them into a range. snat to 10.0.0.0/28 will be converted into: iifname "ens3" snat to 10.0.0.0-10.0.0.15 Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1187 Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Make match op mandatory, introduce 'in' operatorPhil Sutter2018-08-301-0/+3
| | | | | | | | This special operator is required for cases where missing operator does not lead to same results as equal operator, i.e. with bitmasks on RHS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Review payload expressionPhil Sutter2018-08-301-3/+3
| | | | | | | | | | | For raw payloads, property "name" is not needed, it's clearly identified by base/offset/len properties. In non-raw payload expressions, rename property "name" to "protocol" as suggested during NFWS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Support testing JSON input and output as wellPhil Sutter2018-05-111-0/+75
This extends nft-test.py by optional JSON testing capabilities, activated via '-j'/'--enable-json' parameter). JSON testing happens for all rules which are supposed to work: After a rule has been added and the existing tests (payload, ruleset listing output) have been performed, basically the same test is done again using a recorded JSON equivalent and (if necessary) a recorded listing output. The code tries to ease new test case creation overhead by auto-generating JSON equivalent input via listing the (non-JSON) rule in JSON format. Also, differing netlink debug and listing output are stored in *.got files to assist in analyzing/fixing failing test cases. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>