Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
tests/py/inet/dnat.t | 3 +
tests/py/inet/dnat.t.json | 91 +++++++++++++++++++++++++++
tests/py/inet/dnat.t.payload | 33 ++++++++++
tests/py/inet/snat.t | 3 +
tests/py/inet/snat.t.json | 91 +++++++++++++++++++++++++++
tests/py/inet/snat.t.payload | 34 ++++++++++
tests/py/ip/masquerade.t | 1 +
tests/py/ip/masquerade.t.json | 26 ++++++++
tests/py/ip/masquerade.t.payload | 8 +++
tests/py/ip/redirect.t | 1 +
tests/py/ip/redirect.t.json | 26 ++++++++
tests/py/ip/redirect.t.payload | 8 +++
tests/py/ip6/masquerade.t | 1 +
tests/py/ip6/masquerade.t.json | 25 ++++++++
tests/py/ip6/masquerade.t.payload.ip6 | 8 +++
tests/py/ip6/redirect.t | 1 +
tests/py/ip6/redirect.t.json | 26 ++++++++
tests/py/ip6/redirect.t.payload.ip6 | 8 +++
18 files changed, 394 insertions(+)
diff --git a/tests/py/inet/dnat.t b/tests/py/inet/dnat.t
index e4e169f2bc3e..9c47f51cfc71 100644
--- a/tests/py/inet/dnat.t
+++ b/tests/py/inet/dnat.t
@@ -20,3 +20,6 @@ meta l4proto { tcp, udp } dnat ip to 1.1.1.1:80;ok;meta l4proto { 6, 17} dnat ip
ip protocol { tcp, udp } dnat ip to 1.1.1.1:80;ok;ip protocol { 6, 17} dnat ip to 1.1.1.1:80
meta l4proto { tcp, udp } tcp dport 20 dnat to 1.1.1.1:80;fail
ip protocol { tcp, udp } tcp dport 20 dnat to 1.1.1.1:80;fail
+
+ip daddr 10.0.0.1 tcp dport 55900-55910 dnat ip to 192.168.127.1:5900-5910/55900;ok
+ip6 daddr 10::1 tcp dport 55900-55910 dnat ip6 to [::c0:a8:7f:1]:5900-5910/55900;ok
diff --git a/tests/py/inet/dnat.t.json b/tests/py/inet/dnat.t.json
index c341a0455fea..58d0ed4b76da 100644
--- a/tests/py/inet/dnat.t.json
+++ b/tests/py/inet/dnat.t.json
@@ -239,3 +239,94 @@
}
]
+# ip daddr 10.0.0.1 tcp dport 55900-55910 dnat ip to 192.168.127.1:5900-5910/55900
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": "10.0.0.1"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ 55900,
+ 55910
+ ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": "192.168.127.1",
+ "family": "ip",
+ "port": {
+ "range": [
+ 5900,
+ 5910
+ ]
+ },
+ "base_port": 55900
+ }
+ }
+]
+
+# ip6 daddr 10::1 tcp dport 55900-55910 dnat ip6 to [::c0:a8:7f:1]:5900-5910/55900
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "daddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "10::1"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "dport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ 55900,
+ 55910
+ ]
+ }
+ }
+ },
+ {
+ "dnat": {
+ "addr": "::c0:a8:7f:1",
+ "family": "ip6",
+ "port": {
+ "range": [
+ 5900,
+ 5910
+ ]
+ },
+ "base_port": 55900
+ }
+ }
+]
diff --git a/tests/py/inet/dnat.t.payload b/tests/py/inet/dnat.t.payload
index ce1601ab5c9e..9747018ae89c 100644
--- a/tests/py/inet/dnat.t.payload
+++ b/tests/py/inet/dnat.t.payload
@@ -84,3 +84,36 @@ inet
[ immediate reg 1 0x00005000 ]
[ nat dnat inet proto_min reg 1 flags 0x2 ]
+# ip daddr 10.0.0.1 tcp dport 55900-55910 dnat ip to 192.168.127.1:5900-5910/55900
+inet test-inet prerouting
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ network header + 16 => reg 1 ]
+ [ cmp eq reg 1 0x0100000a ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005cda ]
+ [ cmp lte reg 1 0x000066da ]
+ [ immediate reg 1 0x017fa8c0 ]
+ [ immediate reg 2 0x00000c17 ]
+ [ immediate reg 3 0x00001617 ]
+ [ immediate reg 4 0x00005cda ]
+ [ nat dnat ip addr_min reg 1 proto_min reg 2 proto_max reg 3 proto_base reg 4 flags 0x2 ]
+
+# ip6 daddr 10::1 tcp dport 55900-55910 dnat ip6 to [::c0:a8:7f:1]:5900-5910/55900
+inet test-inet prerouting
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 24 => reg 1 ]
+ [ cmp eq reg 1 0x00001000 0x00000000 0x00000000 0x01000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005cda ]
+ [ cmp lte reg 1 0x000066da ]
+ [ immediate reg 1 0x00000000 0x00000000 0xa800c000 0x01007f00 ]
+ [ immediate reg 2 0x00000c17 ]
+ [ immediate reg 3 0x00001617 ]
+ [ immediate reg 4 0x00005cda ]
+ [ nat dnat ip6 addr_min reg 1 proto_min reg 2 proto_max reg 3 proto_base reg 4 flags 0x2 ]
diff --git a/tests/py/inet/snat.t b/tests/py/inet/snat.t
index cf23b5cff1bb..1276145918f5 100644
--- a/tests/py/inet/snat.t
+++ b/tests/py/inet/snat.t
@@ -19,3 +19,6 @@ snat ip to dead::beef;fail
snat ip daddr 1.2.3.4 to dead::beef;fail
snat ip daddr 1.2.3.4 ip6 to dead::beef;fail
snat ip6 saddr dead::beef to 1.2.3.4;fail
+
+ip saddr 10.0.0.1 tcp sport 55900-55910 snat ip to 192.168.127.1:5900-5910/55900;ok
+ip6 saddr 10::1 tcp sport 55900-55910 snat ip6 to [::c0:a8:7f:1]:5900-5910/55900;ok
diff --git a/tests/py/inet/snat.t.json b/tests/py/inet/snat.t.json
index 4671625dc06d..03e5823d4258 100644
--- a/tests/py/inet/snat.t.json
+++ b/tests/py/inet/snat.t.json
@@ -129,3 +129,94 @@
}
]
+# ip saddr 10.0.0.1 tcp sport 55900-55910 snat ip to 192.168.127.1:5900-5910/55900
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": "10.0.0.1"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ 55900,
+ 55910
+ ]
+ }
+ }
+ },
+ {
+ "snat": {
+ "addr": "192.168.127.1",
+ "family": "ip",
+ "port": {
+ "range": [
+ 5900,
+ 5910
+ ]
+ },
+ "base_port": 55900
+ }
+ }
+]
+
+# ip6 saddr 10::1 tcp sport 55900-55910 snat ip6 to [::c0:a8:7f:1]:5900-5910/55900
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "saddr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": "10::1"
+ }
+ },
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "sport",
+ "protocol": "tcp"
+ }
+ },
+ "op": "==",
+ "right": {
+ "range": [
+ 55900,
+ 55910
+ ]
+ }
+ }
+ },
+ {
+ "snat": {
+ "addr": "::c0:a8:7f:1",
+ "family": "ip6",
+ "port": {
+ "range": [
+ 5900,
+ 5910
+ ]
+ },
+ "base_port": 55900
+ }
+ }
+]
diff --git a/tests/py/inet/snat.t.payload b/tests/py/inet/snat.t.payload
index 50519c6b6bb6..c2b5e5884b89 100644
--- a/tests/py/inet/snat.t.payload
+++ b/tests/py/inet/snat.t.payload
@@ -40,3 +40,37 @@ inet test-inet postrouting
[ meta load iifname => reg 1 ]
[ cmp eq reg 1 0x006f6f66 0x00000000 0x00000000 0x00000000 ]
[ masq flags 0x4 ]
+
+# ip saddr 10.0.0.1 tcp sport 55900-55910 snat ip to 192.168.127.1:5900-5910/55900
+inet test-inet postrouting
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ cmp eq reg 1 0x0100000a ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00005cda ]
+ [ cmp lte reg 1 0x000066da ]
+ [ immediate reg 1 0x017fa8c0 ]
+ [ immediate reg 2 0x00000c17 ]
+ [ immediate reg 3 0x00001617 ]
+ [ immediate reg 4 0x00005cda ]
+ [ nat snat ip addr_min reg 1 proto_min reg 2 proto_max reg 3 proto_base reg 4 flags 0x2 ]
+
+# ip6 saddr 10::1 tcp sport 55900-55910 snat ip6 to [::c0:a8:7f:1]:5900-5910/55900
+inet test-inet postrouting
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x0000000a ]
+ [ payload load 16b @ network header + 8 => reg 1 ]
+ [ cmp eq reg 1 0x00001000 0x00000000 0x00000000 0x01000000 ]
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 0 => reg 1 ]
+ [ cmp gte reg 1 0x00005cda ]
+ [ cmp lte reg 1 0x000066da ]
+ [ immediate reg 1 0x00000000 0x00000000 0xa800c000 0x01007f00 ]
+ [ immediate reg 2 0x00000c17 ]
+ [ immediate reg 3 0x00001617 ]
+ [ immediate reg 4 0x00005cda ]
+ [ nat snat ip6 addr_min reg 1 proto_min reg 2 proto_max reg 3 proto_base reg 4 flags 0x2 ]
diff --git a/tests/py/ip/masquerade.t b/tests/py/ip/masquerade.t
index 384ac72a15f0..98858149dfed 100644
--- a/tests/py/ip/masquerade.t
+++ b/tests/py/ip/masquerade.t
@@ -18,6 +18,7 @@ udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerad
# using ports
ip protocol 6 masquerade to :1024;ok
ip protocol 6 masquerade to :1024-2048;ok
+ip protocol 6 masquerade to :1024-2048/4096;ok
# masquerade is a terminal statement
tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail
diff --git a/tests/py/ip/masquerade.t.json b/tests/py/ip/masquerade.t.json
index 4a90c7062d47..29d16dd75a02 100644
--- a/tests/py/ip/masquerade.t.json
+++ b/tests/py/ip/masquerade.t.json
@@ -427,3 +427,29 @@
}
]
+# ip protocol 6 masquerade to :1024-2048/4096
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "protocol",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "masquerade": {
+ "base_port": 4096,
+ "port": {
+ "range": [
+ 1024,
+ 2048
+ ]
+ }
+ }
+ }
+]
diff --git a/tests/py/ip/masquerade.t.payload b/tests/py/ip/masquerade.t.payload
index 79e52856a22d..804d35377f56 100644
--- a/tests/py/ip/masquerade.t.payload
+++ b/tests/py/ip/masquerade.t.payload
@@ -140,3 +140,11 @@ ip test-ip4 postrouting
[ immediate reg 2 0x00000008 ]
[ masq proto_min reg 1 proto_max reg 2 flags 0x2 ]
+# ip protocol 6 masquerade to :1024-2048/4096
+ip test-ip4 postrouting
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00000004 ]
+ [ immediate reg 2 0x00000008 ]
+ [ immediate reg 3 0x00000010 ]
+ [ masq proto_min reg 1 proto_max reg 2 proto_base reg 3 flags 0x2 ]
diff --git a/tests/py/ip/redirect.t b/tests/py/ip/redirect.t
index d2991ce288b0..5321396fc079 100644
--- a/tests/py/ip/redirect.t
+++ b/tests/py/ip/redirect.t
@@ -23,6 +23,7 @@ udp dport 1234 redirect to :4321;ok
ip daddr 172.16.0.1 udp dport 9998 redirect to :6515;ok
tcp dport 39128 redirect to :993;ok
ip protocol tcp redirect to :100-200;ok;ip protocol 6 redirect to :100-200
+ip protocol tcp redirect to :100-200/1000;ok;ip protocol 6 redirect to :100-200/1000
redirect to :1234;fail
redirect to :12341111;fail
diff --git a/tests/py/ip/redirect.t.json b/tests/py/ip/redirect.t.json
index 3544e7f1b9c5..41a4be95a2ee 100644
--- a/tests/py/ip/redirect.t.json
+++ b/tests/py/ip/redirect.t.json
@@ -635,3 +635,29 @@
}
]
+# ip protocol tcp redirect to :100-200/1000
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "protocol",
+ "protocol": "ip"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "redirect": {
+ "base_port": 1000,
+ "port": {
+ "range": [
+ 100,
+ 200
+ ]
+ }
+ }
+ }
+]
diff --git a/tests/py/ip/redirect.t.payload b/tests/py/ip/redirect.t.payload
index 424ad7b4f7ec..d4935c695ff3 100644
--- a/tests/py/ip/redirect.t.payload
+++ b/tests/py/ip/redirect.t.payload
@@ -218,3 +218,11 @@ ip test-ip4 output
[ lookup reg 1 set __map%d dreg 1 ]
[ redir proto_min reg 1 flags 0x2 ]
+# ip protocol tcp redirect to :100-200/1000
+ip test-ip4 output
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00006400 ]
+ [ immediate reg 2 0x0000c800 ]
+ [ immediate reg 3 0x0000e803 ]
+ [ redir proto_min reg 1 proto_max reg 2 proto_base reg 3 flags 0x2 ]
diff --git a/tests/py/ip6/masquerade.t b/tests/py/ip6/masquerade.t
index 4eb0467c362e..3d87fa1d71bb 100644
--- a/tests/py/ip6/masquerade.t
+++ b/tests/py/ip6/masquerade.t
@@ -18,6 +18,7 @@ udp dport 53 masquerade persistent,fully-random,random;ok;udp dport 53 masquerad
# using ports
meta l4proto 6 masquerade to :1024;ok
meta l4proto 6 masquerade to :1024-2048;ok
+meta l4proto 6 masquerade to :1024-2048/4096;ok
# masquerade is a terminal statement
tcp dport 22 masquerade counter packets 0 bytes 0 accept;fail
diff --git a/tests/py/ip6/masquerade.t.json b/tests/py/ip6/masquerade.t.json
index 824b44f8a5f5..a56c4372e101 100644
--- a/tests/py/ip6/masquerade.t.json
+++ b/tests/py/ip6/masquerade.t.json
@@ -421,3 +421,28 @@
}
]
+# meta l4proto 6 masquerade to :1024-2048/4096
+[
+ {
+ "match": {
+ "left": {
+ "meta": {
+ "key": "l4proto"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "masquerade": {
+ "base_port": 4096,
+ "port": {
+ "range": [
+ 1024,
+ 2048
+ ]
+ }
+ }
+ }
+]
diff --git a/tests/py/ip6/masquerade.t.payload.ip6 b/tests/py/ip6/masquerade.t.payload.ip6
index 43ae2ae48244..bf64313b6b60 100644
--- a/tests/py/ip6/masquerade.t.payload.ip6
+++ b/tests/py/ip6/masquerade.t.payload.ip6
@@ -140,3 +140,11 @@ ip6 test-ip6 postrouting
[ immediate reg 2 0x00000008 ]
[ masq proto_min reg 1 proto_max reg 2 flags 0x2 ]
+# meta l4proto 6 masquerade to :1024-2048/4096
+ip6 test-ip6 postrouting
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00000004 ]
+ [ immediate reg 2 0x00000008 ]
+ [ immediate reg 3 0x00000010 ]
+ [ masq proto_min reg 1 proto_max reg 2 proto_base reg 3 flags 0x2 ]
diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t
index 778d53f33ce6..9e8747f50185 100644
--- a/tests/py/ip6/redirect.t
+++ b/tests/py/ip6/redirect.t
@@ -23,6 +23,7 @@ udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect ra
udp dport 1234 redirect to :1234;ok
ip6 daddr fe00::cafe udp dport 9998 redirect to :6515;ok
ip6 nexthdr tcp redirect to :100-200;ok;ip6 nexthdr 6 redirect to :100-200
+ip6 nexthdr tcp redirect to :100-200/1000;ok;ip6 nexthdr 6 redirect to :100-200/1000
tcp dport 39128 redirect to :993;ok
redirect to :1234;fail
redirect to :12341111;fail
diff --git a/tests/py/ip6/redirect.t.json b/tests/py/ip6/redirect.t.json
index 0059c7accc06..4689b0c71c8b 100644
--- a/tests/py/ip6/redirect.t.json
+++ b/tests/py/ip6/redirect.t.json
@@ -599,3 +599,29 @@
}
]
+# ip6 nexthdr tcp redirect to :100-200/1000
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "nexthdr",
+ "protocol": "ip6"
+ }
+ },
+ "op": "==",
+ "right": 6
+ }
+ },
+ {
+ "redirect": {
+ "base_port": 1000,
+ "port": {
+ "range": [
+ 100,
+ 200
+ ]
+ }
+ }
+ }
+]
diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6
index e9a203161485..4a19df99a3cd 100644
--- a/tests/py/ip6/redirect.t.payload.ip6
+++ b/tests/py/ip6/redirect.t.payload.ip6
@@ -202,3 +202,11 @@ ip6 test-ip6 output
[ lookup reg 1 set __map%d dreg 1 ]
[ redir proto_min reg 1 flags 0x2 ]
+# ip6 nexthdr tcp redirect to :100-200/1000
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00006400 ]
+ [ immediate reg 2 0x0000c800 ]
+ [ immediate reg 3 0x0000e803 ]
+ [ redir proto_min reg 1 proto_max reg 2 proto_base reg 3 flags 0x2 ]
--
2.39.2
