From 575cc4519aa177c573481f683e07c2789a2f870a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 2 Jun 2015 17:14:59 +0200
Subject: tests: regression: fix NAT tests

snat can be only used from prerouting and input, and dnat from output and
postrouting.

 ip/nat.t: ERROR: line 12: nft add rule ip test-ip4 output iifname eth0 tcp sport 23-34 snat 192.168.3.2: This rule should not have failed.

Split the test file as they require different chain configuration.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/regression/ip/dnat.t  | 12 ++++++++++++
 tests/regression/ip/nat.t   | 18 ------------------
 tests/regression/ip/snat.t  | 12 ++++++++++++
 tests/regression/ip6/dnat.t |  5 +++++
 tests/regression/ip6/nat.t  |  6 ------
 tests/regression/ip6/snat.t |  6 ++++++
 6 files changed, 35 insertions(+), 24 deletions(-)
 create mode 100644 tests/regression/ip/dnat.t
 delete mode 100644 tests/regression/ip/nat.t
 create mode 100644 tests/regression/ip/snat.t
 create mode 100644 tests/regression/ip6/dnat.t
 delete mode 100644 tests/regression/ip6/nat.t
 create mode 100644 tests/regression/ip6/snat.t

diff --git a/tests/regression/ip/dnat.t b/tests/regression/ip/dnat.t
new file mode 100644
index 00000000..78fc454d
--- /dev/null
+++ b/tests/regression/ip/dnat.t
@@ -0,0 +1,12 @@
+*ip;test-ip4
+:prerouting;type nat hook prerouting priority 0
+
+iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok
+iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok
+iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok
diff --git a/tests/regression/ip/nat.t b/tests/regression/ip/nat.t
deleted file mode 100644
index 26c8cbf7..00000000
--- a/tests/regression/ip/nat.t
+++ /dev/null
@@ -1,18 +0,0 @@
-*ip;test-ip4
-# bug: Nat tables is not supported yet in inet table.
--*inet;test-inet
-
-:output;type nat hook output priority 0
-
-iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok
-iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok
-iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok
-- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok
-
-iifname eth0 tcp sport 23-34 snat 192.168.3.2;ok
-
-- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok
-# BUG: invalid expression type set
-# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
-
-iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok
diff --git a/tests/regression/ip/snat.t b/tests/regression/ip/snat.t
new file mode 100644
index 00000000..1caf7c76
--- /dev/null
+++ b/tests/regression/ip/snat.t
@@ -0,0 +1,12 @@
+*ip;test-ip4
+:postrouting;type nat hook postrouting priority 0
+
+iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok
+iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok
+iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok
+# BUG: invalid expression type set
+# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
+
+iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok
diff --git a/tests/regression/ip6/dnat.t b/tests/regression/ip6/dnat.t
new file mode 100644
index 00000000..a2555c72
--- /dev/null
+++ b/tests/regression/ip6/dnat.t
@@ -0,0 +1,5 @@
+*ip6;test-ip6
+:prerouting;type nat hook prerouting priority 0
+
+tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok
+tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok
diff --git a/tests/regression/ip6/nat.t b/tests/regression/ip6/nat.t
deleted file mode 100644
index 2fb4ac81..00000000
--- a/tests/regression/ip6/nat.t
+++ /dev/null
@@ -1,6 +0,0 @@
-*ip6;test-ip6
-- *inet;test-inet
-:input;type nat hook input priority 0
-
-tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok
-tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok
diff --git a/tests/regression/ip6/snat.t b/tests/regression/ip6/snat.t
new file mode 100644
index 00000000..73452752
--- /dev/null
+++ b/tests/regression/ip6/snat.t
@@ -0,0 +1,6 @@
+*ip6;test-ip6
+- *inet;test-inet
+:postrouting;type nat hook postrouting priority 0
+
+tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok
+tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :100;ok
-- 
cgit v1.2.3