From 34f31e741d961b059a990579c2402dc39981e1e8 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 6 Sep 2021 22:04:51 +0200 Subject: netlink: rework range_expr_to_prefix() Consolidate prefix calculation in range_expr_is_prefix(). Add tests/py for 9208fb30dc49 ("src: Check range bounds before converting to prefix"). Signed-off-by: Pablo Neira Ayuso --- tests/py/ip/snat.t | 2 ++ tests/py/ip/snat.t.json | 84 ++++++++++++++++++++++++++++++++++++++++++++++ tests/py/ip/snat.t.payload | 26 ++++++++++++++ 3 files changed, 112 insertions(+) (limited to 'tests/py') diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t index 38acf52f..a8ff8d1a 100644 --- a/tests/py/ip/snat.t +++ b/tests/py/ip/snat.t @@ -6,6 +6,8 @@ iifname "eth0" tcp dport 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2;ok iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2;ok iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok +iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255;ok;iifname "eth0" tcp dport 80-90 snat to 192.168.3.0/24 +iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240;ok iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok diff --git a/tests/py/ip/snat.t.json b/tests/py/ip/snat.t.json index 0e1485fa..0813086c 100644 --- a/tests/py/ip/snat.t.json +++ b/tests/py/ip/snat.t.json @@ -166,6 +166,90 @@ } ] +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "range": [ + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": { + "prefix": { + "addr": "192.168.3.0", + "len": 24 + } + } + } + } +] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": { + "range": [ + 80, + 90 + ] + } + } + }, + { + "snat": { + "addr": { + "range": [ + "192.168.3.15", + "192.168.3.240" + ] + } + } + } +] + # snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } [ { diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload index 58b1c1a4..64f47896 100644 --- a/tests/py/ip/snat.t.payload +++ b/tests/py/ip/snat.t.payload @@ -60,6 +60,32 @@ ip test-ip4 postrouting [ immediate reg 1 0x0203a8c0 ] [ nat snat ip addr_min reg 1 ] +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0003a8c0 ] + [ immediate reg 2 0xff03a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 2 ] + +# iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 +ip + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x0f03a8c0 ] + [ immediate reg 2 0xf003a8c0 ] + [ nat snat ip addr_min reg 1 addr_max reg 2 ] + # snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } __map%d test-ip4 b size 1 __map%d test-ip4 0 -- cgit v1.2.3