@@ -1,21 +1,8 @@
#!/bin/bash
-set -e
-
-EXPECTED="table ip nat {
- map ipportmap {
- type ipv4_addr : interval ipv4_addr . inet_service
- flags interval
- elements = { 192.168.1.2 : 10.141.10.1-10.141.10.3 . 8888-8999 }
- }
- chain prerouting {
- type nat hook prerouting priority dstnat; policy accept;
- ip protocol tcp dnat ip to ip saddr map @ipportmap
- }
-}"
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_pipapo)
-$NFT -f - <<< $EXPECTED
-$NFT add element ip nat ipportmap { 192.168.2.0/24 : 10.141.11.5-10.141.11.20 . 8888-8999 }
+set -e
EXPECTED="table ip nat {
map ipportmap2 {
new file mode 100755
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip nat {
+ map ipportmap {
+ type ipv4_addr : interval ipv4_addr . inet_service
+ flags interval
+ elements = { 192.168.1.2 : 10.141.10.1-10.141.10.3 . 8888-8999 }
+ }
+ chain prerouting {
+ type nat hook prerouting priority dstnat; policy accept;
+ ip protocol tcp dnat ip to ip saddr map @ipportmap
+ }
+}"
+
+$NFT -f - <<< $EXPECTED
+$NFT add element ip nat ipportmap { 192.168.2.0/24 : 10.141.11.5-10.141.11.20 . 8888-8999 }
@@ -1,10 +1,4 @@
table ip nat {
- map ipportmap {
- type ipv4_addr : interval ipv4_addr . inet_service
- flags interval
- elements = { 192.168.1.2 : 10.141.10.1-10.141.10.3 . 8888-8999, 192.168.2.0/24 : 10.141.11.5-10.141.11.20 . 8888-8999 }
- }
-
map ipportmap2 {
type ipv4_addr . ipv4_addr : interval ipv4_addr . inet_service
flags interval
@@ -33,7 +27,6 @@ table ip nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
- ip protocol tcp dnat ip to ip saddr map @ipportmap
ip protocol tcp dnat ip to ip saddr . ip daddr map @ipportmap2
meta l4proto { tcp, udp } dnat ip to ip daddr . th dport map @fwdtoip_th
dnat ip to iifname . ip saddr map @ipportmap4
new file mode 100644
@@ -0,0 +1,12 @@
+table ip nat {
+ map ipportmap {
+ type ipv4_addr : interval ipv4_addr . inet_service
+ flags interval
+ elements = { 192.168.1.2 : 10.141.10.1-10.141.10.3 . 8888-8999, 192.168.2.0/24 : 10.141.11.5-10.141.11.20 . 8888-8999 }
+ }
+
+ chain prerouting {
+ type nat hook prerouting priority dstnat; policy accept;
+ ip protocol tcp dnat ip to ip saddr map @ipportmap
+ }
+}
Split test in two, one for interval sets and another with concatenation + intervals, so at least intervals are tested in older kernels with no pipapo support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- .../testcases/sets/0067nat_concat_interval_0 | 17 ++--------------- tests/shell/testcases/sets/0067nat_interval_0 | 18 ++++++++++++++++++ .../sets/dumps/0067nat_concat_interval_0.nft | 7 ------- .../sets/dumps/0067nat_interval_0.nft | 12 ++++++++++++ 4 files changed, 32 insertions(+), 22 deletions(-) create mode 100755 tests/shell/testcases/sets/0067nat_interval_0 create mode 100644 tests/shell/testcases/sets/dumps/0067nat_interval_0.nft