From eeba2cd956485d3059dabf86a7ad8dd59ee682dd Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 4 Feb 2022 14:18:44 +0100 Subject: [PATCH] tests: py: add dnat to port without defining destination address Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2030773 Upstream Status: nftables commit 0f27e258b37a5 Conflicts: Context changes due to missing commit ae1d822630e6d ("src: context tracking for multiple transport protocols") commit 0f27e258b37a592233d6ad5381cd1fae65e57514 Author: Pablo Neira Ayuso Date: Thu Jul 22 17:43:56 2021 +0200 tests: py: add dnat to port without defining destination address Add a test to cover dnat to port without destination address. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1428 Signed-off-by: Pablo Neira Ayuso --- tests/py/inet/dnat.t | 1 + tests/py/inet/dnat.t.json | 20 ++++++++++++++++++++ tests/py/inet/dnat.t.payload | 8 ++++++++ 3 files changed, 29 insertions(+) diff --git a/tests/py/inet/dnat.t b/tests/py/inet/dnat.t index fcdf943..6beceda 100644 --- a/tests/py/inet/dnat.t +++ b/tests/py/inet/dnat.t @@ -6,6 +6,7 @@ iifname "foo" tcp dport 80 redirect to :8080;ok iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2;ok iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443;ok +meta l4proto tcp dnat to :80;ok;meta l4proto 6 dnat to :80 dnat ip to ct mark map { 0x00000014 : 1.2.3.4};ok dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok diff --git a/tests/py/inet/dnat.t.json b/tests/py/inet/dnat.t.json index ac6dac6..f88e9cf 100644 --- a/tests/py/inet/dnat.t.json +++ b/tests/py/inet/dnat.t.json @@ -164,3 +164,23 @@ } ] +# meta l4proto tcp dnat to :80 +[ + { + "match": { + "left": { + "meta": { + "key": "l4proto" + } + }, + "op": "==", + "right": 6 + } + }, + { + "dnat": { + "port": 80 + } + } +] + diff --git a/tests/py/inet/dnat.t.payload b/tests/py/inet/dnat.t.payload index b81caf7..6d8569d 100644 --- a/tests/py/inet/dnat.t.payload +++ b/tests/py/inet/dnat.t.payload @@ -52,3 +52,11 @@ inet test-inet prerouting [ payload load 4b @ network header + 16 => reg 9 ] [ lookup reg 1 set __map%d dreg 1 ] [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + +# meta l4proto tcp dnat to :80 +inet + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00005000 ] + [ nat dnat inet proto_min reg 1 flags 0x2 ] + -- 2.31.1