# <cmdline>:1:37-39: Error: datatype mismatch, expected invalid, expression has type Internet protocol
# add rule ip test input ct proto-dst udp
# ~~~~~~~~~~~~ ^^^
+
+ct state . ct mark { new . 0x12345678};ok
+ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok
+ct direction . ct mark { original . 0x12345678};ok
+ct state . ct mark vmap { new . 0x12345678 : drop};ok
[ ct load helper => reg 1 ]
[ cmp eq reg 1 0x00707466 0x00000000 0x00000000 0x00000000 ]
+# ct state . ct mark { new . 0x12345678}
+set%d test 3
+set%d test 0
+ element 00000008 12345678 : 0 [end]
+ip test-ip4 output
+ [ ct load state => reg 1 ]
+ [ ct load mark => reg 9 ]
+ [ lookup reg 1 set set%d ]
+
+# ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634}
+set%d test-ip4 3
+set%d test-ip4 0
+ element 00000008 12345678 : 0 [end] element 00000008 34127856 : 0 [end] element 00000002 12785634 : 0 [end]
+ip test-ip4 output
+ [ ct load state => reg 1 ]
+ [ ct load mark => reg 9 ]
+ [ lookup reg 1 set set%d ]
+
+# ct direction . ct mark { original . 0x12345678}
+set%d test 3
+set%d test 0
+ element 00000000 12345678 : 0 [end]
+ip test-ip4 output
+ [ ct load direction => reg 1 ]
+ [ ct load mark => reg 9 ]
+ [ lookup reg 1 set set%d ]
+
+# ct state . ct mark vmap { new . 0x12345678 : drop}
+map%d test-ip4 b
+map%d test-ip4 0
+ element 00000008 12345678 : 0 [end]
+ip test-ip4 output
+ [ ct load state => reg 1 ]
+ [ ct load mark => reg 9 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
meta cgroup != 1048577-1048578;ok;cgroup != 1048577-1048578
meta cgroup {1048577-1048578};ok;cgroup { 1048577-1048578}
# meta cgroup != { 1048577-1048578};ok;cgroup != { 1048577-1048578}
+
+meta iif . meta oif { lo . eth0 };ok
+meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a };ok
+meta iif . meta oif vmap { lo . eth0 : drop };ok
[ byteorder reg 1 = hton(reg 1, 4, 4) ]
[ lookup reg 1 set set%d ]
+
+# meta iif . meta oif { lo . eth0 }
+set%d test-ip4 3
+set%d test-ip4 0
+ element 00000001 00000002 : 0 [end]
+ip test-ip4 output
+ [ meta load iif => reg 1 ]
+ [ meta load oif => reg 9 ]
+ [ lookup reg 1 set set%d ]
+
+# meta iif . meta oif . meta mark { lo . eth0 . 0x0000000a }
+set%d test-ip4 3
+set%d test-ip4 0
+ element 00000001 00000002 0000000a : 0 [end]
+ip test-ip4 output
+ [ meta load iif => reg 1 ]
+ [ meta load oif => reg 9 ]
+ [ meta load mark => reg 10 ]
+ [ lookup reg 1 set set%d ]
+
+# meta iif . meta oif vmap { lo . eth0 : drop }
+map%d test-ip4 b
+map%d test-ip4 0
+ element 00000001 00000002 : 0 [end]
+ip test-ip4 output
+ [ meta load iif => reg 1 ]
+ [ meta load oif => reg 9 ]
+ [ lookup reg 1 set map%d dreg 0 ]
+
# nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok
+
+dnat ct mark map { 0x00000014 : 1.2.3.4};ok
+dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok
[ immediate reg 1 0x0203a8c0 ]
[ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+# dnat ct mark map { 0x00000014 : 1.2.3.4}
+map%d test-ip4 b
+map%d test-ip4 0
+ element 00000014 : 04030201 0 [end]
+ip test-ip4 prerouting
+ [ ct load mark => reg 1 ]
+ [ lookup reg 1 set map%d dreg 1 ]
+ [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+
+# dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
+map%d test-ip4 b
+map%d test-ip4 0
+ element 00000014 01010101 : 04030201 0 [end]
+ip test-ip4 output
+ [ ct load mark => reg 1 ]
+ [ payload load 4b @ network header + 16 => reg 9 ]
+ [ lookup reg 1 set map%d dreg 1 ]
+ [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
+
[ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0000ffff ]
+# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp}
+set%d test-ip 3
+set%d test-ip 0
+ element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end]
+ip test-ip input
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ payload load 4b @ network header + 16 => reg 9 ]
+ [ payload load 1b @ network header + 9 => reg 10 ]
+ [ lookup reg 1 set set%d ]
+
[ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0000ffff ]
+# ip saddr . ip daddr . ip protocol { 1.1.1.1 . 2.2.2.2 . tcp, 1.1.1.1 . 3.3.3.3 . udp}
+set%d test-ip 3
+set%d test-ip 0
+ element 01010101 02020202 00000006 : 0 [end] element 01010101 03030303 00000011 : 0 [end]
+inet test-ip input
+ [ meta load nfproto => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+ [ payload load 4b @ network header + 12 => reg 1 ]
+ [ payload load 4b @ network header + 16 => reg 9 ]
+ [ payload load 1b @ network header + 9 => reg 10 ]
+ [ lookup reg 1 set set%d ]
+
projects / thirdparty / nftables.git / commitdiff
