From 501d8be41d4e4910e874a1131f7de1521e0252d4 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 9 May 2019 13:35:37 +0200 Subject: json: Support nat in inet family Add the missing bits to JSON parser, printer, man page and testsuite. Fixes: fbe27464dee45 ("src: add nat support for the inet family") Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- tests/py/inet/dnat.t.json | 166 ++++++++++++++++++++++++++++++++++++++++++++++ tests/py/inet/snat.t.json | 131 ++++++++++++++++++++++++++++++++++++ 2 files changed, 297 insertions(+) create mode 100644 tests/py/inet/dnat.t.json create mode 100644 tests/py/inet/snat.t.json (limited to 'tests/py') diff --git a/tests/py/inet/dnat.t.json b/tests/py/inet/dnat.t.json new file mode 100644 index 00000000..ac6dac62 --- /dev/null +++ b/tests/py/inet/dnat.t.json @@ -0,0 +1,166 @@ +# iifname "foo" tcp dport 80 redirect to :8080 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "foo" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 80 + } + }, + { + "redirect": { + "port": 8080 + } + } +] + +# iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 443 + } + }, + { + "dnat": { + "addr": "192.168.3.2", + "family": "ip" + } + } +] + +# iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 443 + } + }, + { + "dnat": { + "addr": "dead::beef", + "family": "ip6", + "port": 4443 + } + } +] + +# dnat ip to ct mark map { 0x00000014 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + 20, + "1.2.3.4" + ] + ] + }, + "key": { + "ct": { + "key": "mark" + } + } + } + }, + "family": "ip" + } + } +] + +# dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4} +[ + { + "dnat": { + "addr": { + "map": { + "data": { + "set": [ + [ + { + "concat": [ + 20, + "1.1.1.1" + ] + }, + "1.2.3.4" + ] + ] + }, + "key": { + "concat": [ + { + "ct": { + "key": "mark" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + } + } + }, + "family": "ip" + } + } +] + diff --git a/tests/py/inet/snat.t.json b/tests/py/inet/snat.t.json new file mode 100644 index 00000000..4671625d --- /dev/null +++ b/tests/py/inet/snat.t.json @@ -0,0 +1,131 @@ +# iifname "eth0" tcp dport 81 snat ip to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "snat": { + "addr": "192.168.3.2", + "family": "ip" + } + } +] + +# iifname "eth0" tcp dport 81 ip saddr 10.1.1.1 snat to 192.168.3.2 +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "match": { + "left": { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + "op": "==", + "right": "10.1.1.1" + } + }, + { + "snat": { + "addr": "192.168.3.2", + "family": "ip" + } + } +] + +# iifname "eth0" tcp dport 81 snat ip6 to dead::beef +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "eth0" + } + }, + { + "match": { + "left": { + "payload": { + "field": "dport", + "protocol": "tcp" + } + }, + "op": "==", + "right": 81 + } + }, + { + "snat": { + "addr": "dead::beef", + "family": "ip6" + } + } +] + +# iifname "foo" masquerade random +[ + { + "match": { + "left": { + "meta": { + "key": "iifname" + } + }, + "op": "==", + "right": "foo" + } + }, + { + "masquerade": { + "flags": "random" + } + } +] + -- cgit v1.2.3