new file mode 100644
@@ -0,0 +1,20 @@
+:y;type filter hook prerouting priority -150
+
+*inet;x;y
+
+tproxy;fail
+meta l4proto 17 tproxy to 192.0.2.1;fail
+meta l4proto 6 tproxy to 192.0.2.1:50080;fail
+meta l4proto 17 tproxy ip to 192.0.2.1;ok
+meta l4proto 6 tproxy ip to 192.0.2.1:50080;ok
+ip protocol 6 tproxy ip6 to [2001:db8::1];fail
+
+meta l4proto 6 tproxy to [2001:db8::1];fail
+meta l4proto 17 tproxy to [2001:db8::1]:50080;fail
+meta l4proto 6 tproxy ip6 to [2001:db8::1];ok
+meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok
+ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail
+
+meta l4proto 17 tproxy ip to :50080;fail
+meta l4proto 17 tproxy ip6 to :50080;fail
+meta l4proto 17 tproxy to :50080;ok
new file mode 100644
@@ -0,0 +1,46 @@
+# meta l4proto 17 tproxy ip to 192.0.2.1
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ tproxy tproxy ip addr reg 1 ]
+
+# meta l4proto 6 tproxy ip to 192.0.2.1:50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy tproxy ip addr reg 1 port reg 2 ]
+
+# meta l4proto 6 tproxy ip6 to [2001:db8::1]
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ tproxy tproxy ip6 addr reg 1 ]
+
+# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy tproxy ip6 addr reg 1 port reg 2 ]
+
+# ip protocol 6 tproxy to :50080
+inet x y
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy tproxy inet port reg 1 ]
+
+# meta l4proto 17 tproxy to :50080
+inet x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy tproxy inet port reg 1 ]
+
new file mode 100644
@@ -0,0 +1,14 @@
+:y;type filter hook prerouting priority -150
+
+*ip;x;y
+
+tproxy;fail
+tproxy to 192.0.2.1;fail
+tproxy to 192.0.2.1:50080;fail
+tproxy to :50080;fail
+meta l4proto 17 tproxy to 192.0.2.1;ok
+meta l4proto 6 tproxy to 192.0.2.1:50080;ok
+ip protocol 6 tproxy to :50080;ok
+meta l4proto 17 tproxy ip to 192.0.2.1;fail
+meta l4proto 6 tproxy ip to 192.0.2.1:50080;fail
+ip protocol 6 tproxy ip to :50080;fail
new file mode 100644
@@ -0,0 +1,36 @@
+# meta l4proto 17 tproxy to 192.0.2.1
+ip x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ tproxy tproxy ip addr reg 1 ]
+
+# ip protocol 6 tproxy to :50080
+ip x y
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy tproxy ip port reg 1 ]
+
+# meta l4proto 17 tproxy to 192.0.2.1
+ip x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ tproxy tproxy ip addr reg 1 ]
+
+# ip protocol 6 tproxy to :50080
+ip x y
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy tproxy ip port reg 1 ]
+
+# meta l4proto 6 tproxy to 192.0.2.1:50080
+ip x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x010200c0 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy tproxy ip addr reg 1 port reg 2 ]
+
new file mode 100644
@@ -0,0 +1,16 @@
+:y;type filter hook prerouting priority -150
+
+*ip6;x;y
+
+tproxy;fail
+tproxy to [2001:db8::1];fail
+tproxy to [2001:db8::1]:50080;fail
+tproxy to :50080;fail
+meta l4proto 6 tproxy to [2001:db8::1];ok
+meta l4proto 17 tproxy to [2001:db8::1]:50080;ok
+meta l4proto 6 tproxy to :50080;ok
+meta l4proto 6 tproxy ip6 to [2001:db8::1];fail
+meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;fail
+meta l4proto 6 tproxy ip6 to :50080;fail
+
+
new file mode 100644
@@ -0,0 +1,22 @@
+# meta l4proto 6 tproxy to [2001:db8::1]
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ tproxy tproxy ip6 addr reg 1 ]
+
+# meta l4proto 17 tproxy to [2001:db8::1]:50080
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000011 ]
+ [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ]
+ [ immediate reg 2 0x0000a0c3 ]
+ [ tproxy tproxy ip6 addr reg 1 port reg 2 ]
+
+# meta l4proto 6 tproxy to :50080
+ip6 x y
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x0000a0c3 ]
+ [ tproxy tproxy ip6 port reg 1 ]
+
Signed-off-by: Máté Eckl <ecklm94@gmail.com> --- tests/py/inet/tproxy.t | 20 +++++++++++++++ tests/py/inet/tproxy.t.payload | 46 ++++++++++++++++++++++++++++++++++ tests/py/ip/tproxy.t | 14 +++++++++++ tests/py/ip/tproxy.t.payload | 36 ++++++++++++++++++++++++++ tests/py/ip6/tproxy.t | 16 ++++++++++++ tests/py/ip6/tproxy.t.payload | 22 ++++++++++++++++ 6 files changed, 154 insertions(+) create mode 100644 tests/py/inet/tproxy.t create mode 100644 tests/py/inet/tproxy.t.payload create mode 100644 tests/py/ip/tproxy.t create mode 100644 tests/py/ip/tproxy.t.payload create mode 100644 tests/py/ip6/tproxy.t create mode 100644 tests/py/ip6/tproxy.t.payload