From 55d4a890af9fae63226511e056e44ab74a94f197 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 31 Jan 2016 23:17:20 +0100 Subject: tests/py: test port ranges and maps for redirect Signed-off-by: Pablo Neira Ayuso --- tests/py/ip/redirect.t | 5 +++++ tests/py/ip/redirect.t.payload | 19 +++++++++++++++++++ tests/py/ip6/redirect.t | 4 ++++ tests/py/ip6/redirect.t.payload.ip6 | 19 +++++++++++++++++++ 4 files changed, 47 insertions(+) (limited to 'tests') diff --git a/tests/py/ip/redirect.t b/tests/py/ip/redirect.t index 8161ae6d..7e205a90 100644 --- a/tests/py/ip/redirect.t +++ b/tests/py/ip/redirect.t @@ -22,6 +22,7 @@ tcp dport 22 redirect to 22;ok udp dport 1234 redirect to 4321;ok ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok tcp dport 39128 redirect to 993;ok +ip protocol tcp redirect to 100-200;ok;ip protocol 6 redirect to 100-200 redirect to 1234;fail redirect to 12341111;fail @@ -44,3 +45,7 @@ ip saddr 10.1.1.1 redirect drop;fail tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok + +# redirect with maps +ip protocol 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok + diff --git a/tests/py/ip/redirect.t.payload b/tests/py/ip/redirect.t.payload index ac718043..da603e73 100644 --- a/tests/py/ip/redirect.t.payload +++ b/tests/py/ip/redirect.t.payload @@ -124,6 +124,14 @@ ip test-ip4 output [ immediate reg 1 0x0000e103 ] [ redir proto_min reg 1 ] +# ip protocol tcp redirect to 100-200 +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00006400 ] + [ immediate reg 2 0x0000c800 ] + [ redir proto_min reg 1 proto_max reg 2 ] + # tcp dport 9128 redirect to 993 random ip test-ip4 output [ payload load 1b @ network header + 9 => reg 1 ] @@ -199,3 +207,14 @@ ip test-ip4 output [ lookup reg 1 set map%d dreg 0 ] [ redir ] +# ip protocol 6 redirect to tcp dport map { 22 : 8000, 80 : 8080} +map%d test-ip4 b +map%d test-ip4 0 + element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end] +ip test-ip4 output + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ redir proto_min reg 1 ] + diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t index d5a0a3b2..fca84e5b 100644 --- a/tests/py/ip6/redirect.t +++ b/tests/py/ip6/redirect.t @@ -22,6 +22,7 @@ udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect ra # port specification udp dport 1234 redirect to 1234;ok ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok +ip6 nexthdr tcp redirect to 100-200;ok;ip6 nexthdr 6 redirect to 100-200 tcp dport 39128 redirect to 993;ok redirect to 1234;fail redirect to 12341111;fail @@ -43,3 +44,6 @@ ip6 saddr ::1 redirect drop;fail tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok + +# redirect with maps +ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6 index 3369a7a3..4e78a244 100644 --- a/tests/py/ip6/redirect.t.payload.ip6 +++ b/tests/py/ip6/redirect.t.payload.ip6 @@ -117,6 +117,14 @@ ip6 test-ip6 output [ immediate reg 1 0x00007319 ] [ redir proto_min reg 1 ] +# ip6 nexthdr tcp redirect to 100-200 +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00006400 ] + [ immediate reg 2 0x0000c800 ] + [ redir proto_min reg 1 proto_max reg 2 ] + # tcp dport 39128 redirect to 993 ip6 test-ip6 output [ payload load 1b @ network header + 6 => reg 1 ] @@ -183,3 +191,14 @@ ip6 test-ip6 output [ lookup reg 1 set map%d dreg 0 ] [ redir ] +# ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080} +map%d test-ip6 b +map%d test-ip6 0 + element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end] +ip6 test-ip6 output + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ redir proto_min reg 1 ] + -- cgit v1.2.3