From 2b1a0db97d40b1b9d9240ac0bb0cc771eb359516 Mon Sep 17 00:00:00 2001 From: Liping Zhang Date: Thu, 22 Sep 2016 22:34:52 +0800 Subject: src: support ct l3proto/protocol without direction syntax Acctually, ct l3proto and ct protocol are unrelated to direction, so it's unnecessary that we must specify dir if we want to use them. Now add support that we can match ct l3proto/protocol without direction: # nft add rule filter input ct l3proto ipv4 # nft add rule filter output ct protocol 17 Note: existing syntax is still preserved, so "ct reply l3proto ipv6" is still fine. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso --- tests/py/ip/ct.t | 8 ++++---- tests/py/ip/ct.t.payload | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'tests/py/ip') diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t index 65f5d921..d0f16c51 100644 --- a/tests/py/ip/ct.t +++ b/tests/py/ip/ct.t @@ -13,11 +13,11 @@ ct reply saddr 192.168.1.0/24;ok ct original daddr 192.168.1.0/24;ok ct reply daddr 192.168.1.0/24;ok -ct original l3proto ipv4;ok -ct reply l3proto foobar;fail +ct l3proto ipv4;ok +ct l3proto foobar;fail -ct original protocol 6 ct original proto-dst 22;ok -ct original protocol 17 ct reply proto-src 53;ok +ct protocol 6 ct original proto-dst 22;ok +ct original protocol 17 ct reply proto-src 53;ok;ct protocol 17 ct reply proto-src 53 # wrong address family ct reply daddr dead::beef;fail diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload index 0449b077..56633a24 100644 --- a/tests/py/ip/ct.t.payload +++ b/tests/py/ip/ct.t.payload @@ -42,14 +42,14 @@ ip test-ip4 output [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0001a8c0 ] -# ct original l3proto ipv4 +# ct l3proto ipv4 ip test-ip4 output - [ ct load l3protocol => reg 1 , dir original ] + [ ct load l3protocol => reg 1 ] [ cmp eq reg 1 0x00000002 ] -# ct original protocol 6 ct original proto-dst 22 +# ct protocol 6 ct original proto-dst 22 ip test-ip4 output - [ ct load protocol => reg 1 , dir original ] + [ ct load protocol => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ ct load proto_dst => reg 1 , dir original ] [ cmp eq reg 1 0x00001600 ] -- cgit v1.2.3