From patchwork Mon Jul 2 08:55:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= X-Patchwork-Id: 937745 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="gHR5Ba4N"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41K1Mg4phLz9s1b for ; Mon, 2 Jul 2018 18:56:47 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965007AbeGBI4q (ORCPT ); Mon, 2 Jul 2018 04:56:46 -0400 Received: from mail-wr0-f182.google.com ([209.85.128.182]:47052 "EHLO mail-wr0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933740AbeGBI4n (ORCPT ); Mon, 2 Jul 2018 04:56:43 -0400 Received: by mail-wr0-f182.google.com with SMTP id s11-v6so5425486wra.13 for ; Mon, 02 Jul 2018 01:56:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=fyML6v3Z7vkSHAdUjvDAtOyBIefVTI9b9elwAeHWtJ4=; b=gHR5Ba4Np/ctDJjYJr0l311BkjZARbke7xYec7xXK5vYhD/AaRKL7VKi+I1Oj18f63 VzVjRyHkP3W1B+25PoNUZYud0meYRD7DF1F4nBk5RDnVmM0H3eFUDCoYGeVJVI29JTtc dDeap9rzrLb8QDFbMk8XUw/ghM6Q3kJciKbZlzA1NXvB4kUSf26U2ij0x6Ms2TNLFEcr XtllKtJ2KvzO+muglzFW65xHiImmsMZo6l/msTbGJ25j+P9LzL9ZiaYiuc8diq2uJRTR /kgNXLmbn397sTv+U7LrKpbiOWPiXXBRzeWD86gHeXWiXsRUD1cftp5jCtiNXuIaju5b 0WFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fyML6v3Z7vkSHAdUjvDAtOyBIefVTI9b9elwAeHWtJ4=; b=FidHuig1mbuK7PZqcouG9VFygNfKspxlzN9v+0S8WJxlh+Xx+UBeOP4BlWofUb49U/ 2+bpmcyjRrkA6tzSF06zFyxNvwN25AA4pHzb6nBdBaFdyies9PP82IU5RKiF0+2GesvD HXBrs4hGnMjgGTdzmA8cZ2kMiODDfezOnfCf7wfKzY5mch5vXbfofwraPYi2wId0+kEo YHwPQQz6KvIK81tBd8rDGomwDKAKW5TOjltZkCib0DwpxulSB8Gv0Jwh6xXEYjuRcCEf ynxXL6n5obvo6LltLL0B7IWx58F5BJ7n0K2S8KUahVzjeVAnkbNml1q0miLe5wrQiYIM xK4Q== X-Gm-Message-State: APt69E0wr50rx9z+QZHaWnK/C6wwmex4r/Yq1NJfuRCWKUY/u3AdtWBf MAqDWoItoP1W3qj7Vlg+NatA9cmf X-Google-Smtp-Source: AAOMgpcvzHZqOEHCBmALB7J+abYVkk7PkB7pbcJwQoXmnsj+OmlcZjK0zMLyLWuiU5pvl7s+EJz2aA== X-Received: by 2002:adf:fb43:: with SMTP id c3-v6mr19635642wrs.32.1530521801668; Mon, 02 Jul 2018 01:56:41 -0700 (PDT) Received: from ecklm-lapos.localdomain (ecklm-pi.sch.bme.hu. [152.66.210.28]) by smtp.gmail.com with ESMTPSA id e128-v6sm9544657wma.46.2018.07.02.01.56.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Jul 2018 01:56:41 -0700 (PDT) From: =?utf-8?b?TcOhdMOpIEVja2w=?= To: netfilter-devel@vger.kernel.org Subject: [PATCH v2 nft] test: Add test cases for tproxy support Date: Mon, 2 Jul 2018 10:55:48 +0200 Message-Id: <20180702085546.2924-1-ecklm94@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180620112646.16425-1-ecklm94@gmail.com> References: <20180620112646.16425-1-ecklm94@gmail.com> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Máté Eckl --- tests/py/inet/tproxy.t | 20 +++++++++++++++ tests/py/inet/tproxy.t.payload | 46 ++++++++++++++++++++++++++++++++++ tests/py/ip/tproxy.t | 14 +++++++++++ tests/py/ip/tproxy.t.payload | 36 ++++++++++++++++++++++++++ tests/py/ip6/tproxy.t | 16 ++++++++++++ tests/py/ip6/tproxy.t.payload | 22 ++++++++++++++++ 6 files changed, 154 insertions(+) create mode 100644 tests/py/inet/tproxy.t create mode 100644 tests/py/inet/tproxy.t.payload create mode 100644 tests/py/ip/tproxy.t create mode 100644 tests/py/ip/tproxy.t.payload create mode 100644 tests/py/ip6/tproxy.t create mode 100644 tests/py/ip6/tproxy.t.payload diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t new file mode 100644 index 0000000..f80f773 --- /dev/null +++ b/tests/py/inet/tproxy.t @@ -0,0 +1,20 @@ +:y;type filter hook prerouting priority -150 + +*inet;x;y + +tproxy;fail +meta l4proto 17 tproxy to 192.0.2.1;fail +meta l4proto 6 tproxy to 192.0.2.1:50080;fail +meta l4proto 17 tproxy ip to 192.0.2.1;ok +meta l4proto 6 tproxy ip to 192.0.2.1:50080;ok +ip protocol 6 tproxy ip6 to [2001:db8::1];fail + +meta l4proto 6 tproxy to [2001:db8::1];fail +meta l4proto 17 tproxy to [2001:db8::1]:50080;fail +meta l4proto 6 tproxy ip6 to [2001:db8::1];ok +meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok +ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail + +meta l4proto 17 tproxy ip to :50080;fail +meta l4proto 17 tproxy ip6 to :50080;fail +meta l4proto 17 tproxy to :50080;ok diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload new file mode 100644 index 0000000..5ec02bd --- /dev/null +++ b/tests/py/inet/tproxy.t.payload @@ -0,0 +1,46 @@ +# meta l4proto 17 tproxy ip to 192.0.2.1 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x010200c0 ] + [ tproxy tproxy ip addr reg 1 ] + +# meta l4proto 6 tproxy ip to 192.0.2.1:50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x010200c0 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy tproxy ip addr reg 1 port reg 2 ] + +# meta l4proto 6 tproxy ip6 to [2001:db8::1] +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ tproxy tproxy ip6 addr reg 1 ] + +# meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy tproxy ip6 addr reg 1 port reg 2 ] + +# ip protocol 6 tproxy to :50080 +inet x y + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x00000002 ] + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy tproxy inet port reg 1 ] + +# meta l4proto 17 tproxy to :50080 +inet x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy tproxy inet port reg 1 ] + diff --git a/tests/py/ip/tproxy.t b/tests/py/ip/tproxy.t new file mode 100644 index 0000000..6e959f4 --- /dev/null +++ b/tests/py/ip/tproxy.t @@ -0,0 +1,14 @@ +:y;type filter hook prerouting priority -150 + +*ip;x;y + +tproxy;fail +tproxy to 192.0.2.1;fail +tproxy to 192.0.2.1:50080;fail +tproxy to :50080;fail +meta l4proto 17 tproxy to 192.0.2.1;ok +meta l4proto 6 tproxy to 192.0.2.1:50080;ok +ip protocol 6 tproxy to :50080;ok +meta l4proto 17 tproxy ip to 192.0.2.1;fail +meta l4proto 6 tproxy ip to 192.0.2.1:50080;fail +ip protocol 6 tproxy ip to :50080;fail diff --git a/tests/py/ip/tproxy.t.payload b/tests/py/ip/tproxy.t.payload new file mode 100644 index 0000000..063b684 --- /dev/null +++ b/tests/py/ip/tproxy.t.payload @@ -0,0 +1,36 @@ +# meta l4proto 17 tproxy to 192.0.2.1 +ip x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x010200c0 ] + [ tproxy tproxy ip addr reg 1 ] + +# ip protocol 6 tproxy to :50080 +ip x y + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy tproxy ip port reg 1 ] + +# meta l4proto 17 tproxy to 192.0.2.1 +ip x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0x010200c0 ] + [ tproxy tproxy ip addr reg 1 ] + +# ip protocol 6 tproxy to :50080 +ip x y + [ payload load 1b @ network header + 9 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy tproxy ip port reg 1 ] + +# meta l4proto 6 tproxy to 192.0.2.1:50080 +ip x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x010200c0 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy tproxy ip addr reg 1 port reg 2 ] + diff --git a/tests/py/ip6/tproxy.t b/tests/py/ip6/tproxy.t new file mode 100644 index 0000000..dcd2bd8 --- /dev/null +++ b/tests/py/ip6/tproxy.t @@ -0,0 +1,16 @@ +:y;type filter hook prerouting priority -150 + +*ip6;x;y + +tproxy;fail +tproxy to [2001:db8::1];fail +tproxy to [2001:db8::1]:50080;fail +tproxy to :50080;fail +meta l4proto 6 tproxy to [2001:db8::1];ok +meta l4proto 17 tproxy to [2001:db8::1]:50080;ok +meta l4proto 6 tproxy to :50080;ok +meta l4proto 6 tproxy ip6 to [2001:db8::1];fail +meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;fail +meta l4proto 6 tproxy ip6 to :50080;fail + + diff --git a/tests/py/ip6/tproxy.t.payload b/tests/py/ip6/tproxy.t.payload new file mode 100644 index 0000000..0dafcae --- /dev/null +++ b/tests/py/ip6/tproxy.t.payload @@ -0,0 +1,22 @@ +# meta l4proto 6 tproxy to [2001:db8::1] +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ tproxy tproxy ip6 addr reg 1 ] + +# meta l4proto 17 tproxy to [2001:db8::1]:50080 +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000011 ] + [ immediate reg 1 0xb80d0120 0x00000000 0x00000000 0x01000000 ] + [ immediate reg 2 0x0000a0c3 ] + [ tproxy tproxy ip6 addr reg 1 port reg 2 ] + +# meta l4proto 6 tproxy to :50080 +ip6 x y + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ immediate reg 1 0x0000a0c3 ] + [ tproxy tproxy ip6 port reg 1 ] +