udp dport 1234 redirect to 4321;ok
ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok
tcp dport 39128 redirect to 993;ok
+ip protocol tcp redirect to 100-200;ok;ip protocol 6 redirect to 100-200
redirect to 1234;fail
redirect to 12341111;fail
tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok
ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok
iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok
+
+# redirect with maps
+ip protocol 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok
+
[ immediate reg 1 0x0000e103 ]
[ redir proto_min reg 1 ]
+# ip protocol tcp redirect to 100-200
+ip test-ip4 output
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00006400 ]
+ [ immediate reg 2 0x0000c800 ]
+ [ redir proto_min reg 1 proto_max reg 2 ]
+
# tcp dport 9128 redirect to 993 random
ip test-ip4 output
[ payload load 1b @ network header + 9 => reg 1 ]
[ lookup reg 1 set map%d dreg 0 ]
[ redir ]
+# ip protocol 6 redirect to tcp dport map { 22 : 8000, 80 : 8080}
+map%d test-ip4 b
+map%d test-ip4 0
+ element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end]
+ip test-ip4 output
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 1 ]
+ [ redir proto_min reg 1 ]
+
# port specification
udp dport 1234 redirect to 1234;ok
ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok
+ip6 nexthdr tcp redirect to 100-200;ok;ip6 nexthdr 6 redirect to 100-200
tcp dport 39128 redirect to 993;ok
redirect to 1234;fail
redirect to 12341111;fail
tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect;ok
ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok
iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok
+
+# redirect with maps
+ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok
[ immediate reg 1 0x00007319 ]
[ redir proto_min reg 1 ]
+# ip6 nexthdr tcp redirect to 100-200
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ immediate reg 1 0x00006400 ]
+ [ immediate reg 2 0x0000c800 ]
+ [ redir proto_min reg 1 proto_max reg 2 ]
+
# tcp dport 39128 redirect to 993
ip6 test-ip6 output
[ payload load 1b @ network header + 6 => reg 1 ]
[ lookup reg 1 set map%d dreg 0 ]
[ redir ]
+# ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080}
+map%d test-ip6 b
+map%d test-ip6 0
+ element 00001600 : 0000401f 0 [end] element 00005000 : 0000901f 0 [end]
+ip6 test-ip6 output
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ lookup reg 1 set map%d dreg 1 ]
+ [ redir proto_min reg 1 ]
+
projects / thirdparty / nftables.git / commitdiff
