From 575cc4519aa177c573481f683e07c2789a2f870a Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 2 Jun 2015 17:14:59 +0200 Subject: tests: regression: fix NAT tests snat can be only used from prerouting and input, and dnat from output and postrouting. ip/nat.t: ERROR: line 12: nft add rule ip test-ip4 output iifname eth0 tcp sport 23-34 snat 192.168.3.2: This rule should not have failed. Split the test file as they require different chain configuration. Signed-off-by: Pablo Neira Ayuso --- tests/regression/ip6/dnat.t | 5 +++++ tests/regression/ip6/nat.t | 6 ------ tests/regression/ip6/snat.t | 6 ++++++ 3 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 tests/regression/ip6/dnat.t delete mode 100644 tests/regression/ip6/nat.t create mode 100644 tests/regression/ip6/snat.t (limited to 'tests/regression/ip6') diff --git a/tests/regression/ip6/dnat.t b/tests/regression/ip6/dnat.t new file mode 100644 index 00000000..a2555c72 --- /dev/null +++ b/tests/regression/ip6/dnat.t @@ -0,0 +1,5 @@ +*ip6;test-ip6 +:prerouting;type nat hook prerouting priority 0 + +tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok +tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok diff --git a/tests/regression/ip6/nat.t b/tests/regression/ip6/nat.t deleted file mode 100644 index 2fb4ac81..00000000 --- a/tests/regression/ip6/nat.t +++ /dev/null @@ -1,6 +0,0 @@ -*ip6;test-ip6 -- *inet;test-inet -:input;type nat hook input priority 0 - -tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok -tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok diff --git a/tests/regression/ip6/snat.t b/tests/regression/ip6/snat.t new file mode 100644 index 00000000..73452752 --- /dev/null +++ b/tests/regression/ip6/snat.t @@ -0,0 +1,6 @@ +*ip6;test-ip6 +- *inet;test-inet +:postrouting;type nat hook postrouting priority 0 + +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok +tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :100;ok -- cgit v1.2.3