diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:08:37 +0000 |
commit | 971e619d8602fa52b1bfcb3ea65b7ab96be85318 (patch) | |
tree | 26feb2498c72b796e07b86349d17f544046de279 /tests/py/ip6/masquerade.t.payload.ip6 | |
parent | Initial commit. (diff) | |
download | nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.tar.xz nftables-971e619d8602fa52b1bfcb3ea65b7ab96be85318.zip |
Adding upstream version 1.0.9.upstream/1.0.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/py/ip6/masquerade.t.payload.ip6')
-rw-r--r-- | tests/py/ip6/masquerade.t.payload.ip6 | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6 new file mode 100644 index 0000000..43ae2ae --- /dev/null +++ b/tests/py/ip6/masquerade.t.payload.ip6 @@ -0,0 +1,142 @@ +# udp dport 53 masquerade +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq ] + +# udp dport 53 masquerade random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x4 ] + +# udp dport 53 masquerade random,persistent +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade random,persistent,fully-random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade random,fully-random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x14 ] + +# udp dport 53 masquerade random,fully-random,persistent +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x8 ] + +# udp dport 53 masquerade persistent,random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0xc ] + +# udp dport 53 masquerade persistent,random,fully-random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# udp dport 53 masquerade persistent,fully-random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x18 ] + +# udp dport 53 masquerade persistent,fully-random,random +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ masq flags 0x1c ] + +# tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade +__set%d test-ip6 3 +__set%d test-ip6 0 + element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __set%d ] + [ masq ] + +# ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade +ip6 test-ip6 postrouting + [ payload load 16b @ network header + 24 => reg 1 ] + [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] + [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp eq reg 1 0x00003500 ] + [ counter pkts 0 bytes 0 ] + [ masq ] + +# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade +__map%d test-ip6 b +__map%d test-ip6 0 + element 00001600 : drop 0 [end] element 0000de00 : drop 0 [end] +ip6 test-ip6 postrouting + [ meta load iifname => reg 1 ] + [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] + [ ct load state => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000000a ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] + [ masq ] + +# meta l4proto 6 masquerade to :1024 +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000004 ] + [ masq proto_min reg 1 flags 0x2 ] + +# meta l4proto 6 masquerade to :1024-2048 +ip6 test-ip6 postrouting + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x00000004 ] + [ immediate reg 2 0x00000008 ] + [ masq proto_min reg 1 proto_max reg 2 flags 0x2 ] + |