summaryrefslogtreecommitdiffstats
path: root/tests/py/inet/tproxy.t
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/py/inet/tproxy.t21
-rw-r--r--tests/py/inet/tproxy.t.json185
-rw-r--r--tests/py/inet/tproxy.t.payload63
3 files changed, 269 insertions, 0 deletions
diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t
new file mode 100644
index 0000000..d23bbcb
--- /dev/null
+++ b/tests/py/inet/tproxy.t
@@ -0,0 +1,21 @@
+:y;type filter hook prerouting priority -150
+
+*inet;x;y
+
+tproxy;fail
+meta l4proto 17 tproxy to 192.0.2.1;fail
+meta l4proto 6 tproxy to 192.0.2.1:50080;fail
+meta l4proto 17 tproxy ip to 192.0.2.1;ok
+meta l4proto 6 tproxy ip to 192.0.2.1:50080;ok
+ip protocol 6 tproxy ip6 to [2001:db8::1];fail
+
+meta l4proto 6 tproxy to [2001:db8::1];fail
+meta l4proto 17 tproxy to [2001:db8::1]:50080;fail
+meta l4proto 6 tproxy ip6 to [2001:db8::1];ok
+meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok
+ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail
+
+meta l4proto 17 tproxy ip to :50080;ok
+meta l4proto 17 tproxy ip6 to :50080;ok
+meta l4proto 17 tproxy to :50080;ok
+ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000;ok
diff --git a/tests/py/inet/tproxy.t.json b/tests/py/inet/tproxy.t.json
new file mode 100644
index 0000000..7b3b11c
--- /dev/null
+++ b/tests/py/inet/tproxy.t.json
@@ -0,0 +1,185 @@
+# meta l4proto 17 tproxy ip to 192.0.2.1
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "192.0.2.1",
+ "family": "ip"
+ }
+ }
+]
+
+# meta l4proto 6 tproxy ip to 192.0.2.1:50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "192.0.2.1",
+ "family": "ip",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 6 tproxy ip6 to [2001:db8::1]
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1",
+ "family": "ip6"
+ }
+ }
+]
+
+# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "addr": "2001:db8::1",
+ "family": "ip6",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 17 tproxy ip to :50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "family": "ip",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 17 tproxy ip6 to :50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "family": "ip6",
+ "port": 50080
+ }
+ }
+]
+
+# meta l4proto 17 tproxy to :50080
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 17
+ }
+ },
+ {
+ "tproxy": {
+ "port": 50080
+ }
+ }
+]
+
+# ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": {
+ "prefix": {
+ "addr": "0.0.0.0",
+ "len": 0
+ }
+ }
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "tproxy": {
+ "family": "ip",
+ "port": 2000
+ }
+ }
+]
diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload
new file mode 100644
index 0000000..24bf8f6
--- /dev/null
+++ b/tests/py/inet/tproxy.t.payload
@@ -0,0 +1,63 @@
+# meta l4proto 17 tproxy ip to 192.0.2.1
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ tproxy ip addr reg 1 ]
+
+# meta l4proto 6 tproxy ip to 192.0.2.1:50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy ip addr reg 1 port reg 2 ]
+
+# meta l4proto 6 tproxy ip6 to [2001:db8::1]
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ tproxy ip6 addr reg 1 ]
+
+# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy ip6 addr reg 1 port reg 2 ]
+
+# meta l4proto 17 tproxy to :50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy port reg 1 ]
+
+# meta l4proto 17 tproxy ip to :50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy ip port reg 1 ]
+
+# meta l4proto 17 tproxy ip6 to :50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy ip6 port reg 1 ]
+
+# ip daddr 0.0.0.0/0 meta l4proto 6 tproxy ip to :2000
+inet x y
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ network header + 16 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000000 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000d007 ]
+ [ tproxy ip port reg 1 ]
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 01:58:02 +0000