summaryrefslogtreecommitdiffstats
path: root/tests/py/inet/dnat.t
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/py/inet/dnat.t22
-rw-r--r--tests/py/inet/dnat.t.json241
-rw-r--r--tests/py/inet/dnat.t.payload86
3 files changed, 349 insertions, 0 deletions
diff --git a/tests/py/inet/dnat.t b/tests/py/inet/dnat.t
new file mode 100644
index 0000000..e4e169f
--- /dev/null
+++ b/tests/py/inet/dnat.t
@@ -0,0 +1,22 @@
+:prerouting;type nat hook prerouting priority 0
+
+*inet;test-inet;prerouting
+
+iifname "foo" tcp dport 80 redirect to :8080;ok
+
+iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2;ok
+iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443;ok
+meta l4proto tcp dnat to :80;ok;meta l4proto 6 dnat to :80
+
+dnat ip to ct mark map { 0x00000014 : 1.2.3.4};ok
+dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok
+
+dnat ip6 to 1.2.3.4;fail
+dnat to 1.2.3.4;fail
+dnat ip6 to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};fail
+ip6 daddr dead::beef dnat to 10.1.2.3;fail
+
+meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80;ok;meta l4proto { 6, 17} dnat ip to 1.1.1.1:80
+ip protocol { tcp, udp } dnat ip to 1.1.1.1:80;ok;ip protocol { 6, 17} dnat ip to 1.1.1.1:80
+meta l4proto { tcp, udp } tcp dport 20 dnat to 1.1.1.1:80;fail
+ip protocol { tcp, udp } tcp dport 20 dnat to 1.1.1.1:80;fail
diff --git a/tests/py/inet/dnat.t.json b/tests/py/inet/dnat.t.json
new file mode 100644
index 0000000..c341a04
--- /dev/null
+++ b/tests/py/inet/dnat.t.json
@@ -0,0 +1,241 @@
+# iifname "foo" tcp dport 80 redirect to :8080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "iifname"
+ }
+ },
+ "op": "==",
+ "right": "foo"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 80
+ }
+ },
+ {
+ "redirect": {
+ "port": 8080
+ }
+ }
+]
+
+# iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "iifname"
+ }
+ },
+ "op": "==",
+ "right": "eth0"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 443
+ }
+ },
+ {
+ "dnat": {
+ "addr": "192.168.3.2",
+ "family": "ip"
+ }
+ }
+]
+
+# iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "iifname"
+ }
+ },
+ "op": "==",
+ "right": "eth0"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": 443
+ }
+ },
+ {
+ "dnat": {
+ "addr": "dead::beef",
+ "family": "ip6",
+ "port": 4443
+ }
+ }
+]
+
+# dnat ip to ct mark map { 0x00000014 : 1.2.3.4}
+[
+ {
+ "dnat": {
+ "addr": {
+ "map": {
+ "data": {
+ "set": [
+ [
+ 20,
+ "1.2.3.4"
+ ]
+ ]
+ },
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ }
+ }
+ },
+ "family": "ip"
+ }
+ }
+]
+
+# dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
+[
+ {
+ "dnat": {
+ "addr": {
+ "map": {
+ "data": {
+ "set": [
+ [
+ {
+ "concat": [
+ 20,
+ "1.1.1.1"
+ ]
+ },
+ "1.2.3.4"
+ ]
+ ]
+ },
+ "key": {
+ "concat": [
+ {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "family": "ip"
+ }
+ }
+]
+
+# meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17
+ ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": "1.1.1.1",
+ "family": "ip",
+ "port": 80
+ }
+ }
+]
+
+# ip protocol { tcp, udp } dnat ip to 1.1.1.1:80
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "protocol",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ 6,
+ 17
+ ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": "1.1.1.1",
+ "family": "ip",
+ "port": 80
+ }
+ }
+]
+
+# meta l4proto tcp dnat to :80
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "dnat": {
+ "port": 80
+ }
+ }
+]
+
diff --git a/tests/py/inet/dnat.t.payload b/tests/py/inet/dnat.t.payload
new file mode 100644
index 0000000..ce1601a
--- /dev/null
+++ b/tests/py/inet/dnat.t.payload
@@ -0,0 +1,86 @@
+# iifname "foo" tcp dport 80 redirect to :8080
+inet test-inet prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x006f6f66 0x00000000 0x00000000 0x00000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x00005000 ]
+ [ immediate reg 1 0x0000901f ]
+ [ redir proto_min reg 1 flags 0x2 ]
+
+# iifname "eth0" tcp dport 443 dnat ip to 192.168.3.2
+inet test-inet prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000bb01 ]
+ [ immediate reg 1 0x0203a8c0 ]
+ [ nat dnat ip addr_min reg 1 ]
+
+# iifname "eth0" tcp dport 443 dnat ip6 to [dead::beef]:4443
+inet test-inet prerouting
+ [ meta load iifname => reg 1 ]
+ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp eq reg 1 0x0000bb01 ]
+ [ immediate reg 1 0x0000adde 0x00000000 0x00000000 0xefbe0000 ]
+ [ immediate reg 2 0x00005b11 ]
+ [ nat dnat ip6 addr_min reg 1 proto_min reg 2 flags 0x2 ]
+
+# dnat ip to ct mark map { 0x00000014 : 1.2.3.4}
+__map%d test-inet b size 1
+__map%d test-inet 0
+ element 00000014 : 04030201 0 [end]
+inet test-inet prerouting
+ [ ct load mark => reg 1 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ nat dnat ip addr_min reg 1 ]
+
+# dnat ip to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
+__map%d test-inet b size 1
+__map%d test-inet 0
+ element 00000014 01010101 : 04030201 0 [end]
+inet test-inet prerouting
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ ct load mark => reg 1 ]
+ [ payload load 4b @ network header + 16 => reg 9 ]
+ [ lookup reg 1 set __map%d dreg 1 ]
+ [ nat dnat ip addr_min reg 1 ]
+
+# meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000006 : 0 [end] element 00000011 : 0 [end]
+inet
+ [ meta load l4proto => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 1 0x01010101 ]
+ [ immediate reg 2 0x00005000 ]
+ [ nat dnat ip addr_min reg 1 proto_min reg 2 flags 0x2 ]
+
+# ip protocol { tcp, udp } dnat ip to 1.1.1.1:80
+__set%d test-inet 3
+__set%d test-inet 0
+ element 00000006 : 0 [end] element 00000011 : 0 [end]
+inet
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ lookup reg 1 set __set%d ]
+ [ immediate reg 1 0x01010101 ]
+ [ immediate reg 2 0x00005000 ]
+ [ nat dnat ip addr_min reg 1 proto_min reg 2 flags 0x2 ]
+
+# meta l4proto tcp dnat to :80
+inet
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00005000 ]
+ [ nat dnat inet proto_min reg 1 flags 0x2 ]
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-22 12:43:04 +0000