source-git / nftables

Clone
Source Code
GIT

Files

  1.   a8b2ce6d3b8e5eadd6e694bf53e30779c44c90b7
  2.   tests
  3.   py
  4.   ip
  5.   redirect.t.payload
Blob Blame History Raw 
# udp dport 53 redirect
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir ]

# udp dport 53 redirect random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x4 ]

# udp dport 53 redirect random,persistent
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0xc ]

# udp dport 53 redirect random,persistent,fully-random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x1c ]

# udp dport 53 redirect random,fully-random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x14 ]

# udp dport 53 redirect random,fully-random,persistent
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x1c ]

# udp dport 53 redirect persistent
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x8 ]

# udp dport 53 redirect persistent,random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0xc ]

# udp dport 53 redirect persistent,random,fully-random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x1c ]

# udp dport 53 redirect persistent,fully-random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x18 ]

# udp dport 53 redirect persistent,fully-random,random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ redir flags 0x1c ]

# tcp dport 22 redirect to :22
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00001600 ]
  [ immediate reg 1 0x00001600 ]
  [ redir proto_min reg 1 ]

# udp dport 1234 redirect to :4321
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0000d204 ]
  [ immediate reg 1 0x0000e110 ]
  [ redir proto_min reg 1 ]

# ip daddr 172.16.0.1 udp dport 9998 redirect to :6515
ip test-ip4 output
  [ payload load 4b @ network header + 16 => reg 1 ]
  [ cmp eq reg 1 0x010010ac ]
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00000e27 ]
  [ immediate reg 1 0x00007319 ]
  [ redir proto_min reg 1 ]

# tcp dport 39128 redirect to :993
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0000d898 ]
  [ immediate reg 1 0x0000e103 ]
  [ redir proto_min reg 1 ]

# ip protocol tcp redirect to :100-200
ip test-ip4 output
  [ payload load 1b @ network header + 9 => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ immediate reg 1 0x00006400 ]
  [ immediate reg 2 0x0000c800 ]
  [ redir proto_min reg 1 proto_max reg 2 ]

# tcp dport 9128 redirect to :993 random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0000a823 ]
  [ immediate reg 1 0x0000e103 ]
  [ redir proto_min reg 1 flags 0x4 ]

# tcp dport 9128 redirect to :993 fully-random
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0000a823 ]
  [ immediate reg 1 0x0000e103 ]
  [ redir proto_min reg 1 flags 0x10 ]

# tcp dport 9128 redirect to :123 persistent
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0000a823 ]
  [ immediate reg 1 0x00007b00 ]
  [ redir proto_min reg 1 flags 0x8 ]

# tcp dport 9128 redirect to :123 random,persistent
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x0000a823 ]
  [ immediate reg 1 0x00007b00 ]
  [ redir proto_min reg 1 flags 0xc ]

# tcp dport { 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003} redirect
__set%d test-ip4 3
__set%d test-ip4 0
	element 00000100  : 0 [end]	element 00000200  : 0 [end]	element 00000300  : 0 [end]	element 00000400  : 0 [end]	element 00000500  : 0 [end]	element 00000600  : 0 [end]	element 00000700  : 0 [end]	element 00000800  : 0 [end]	element 00006500  : 0 [end]	element 0000ca00  : 0 [end]	element 00002f01  : 0 [end]	element 0000e903  : 0 [end]	element 0000d207  : 0 [end]	element 0000bb0b  : 0 [end]
ip test-ip4 output
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ lookup reg 1 set __set%d ]
  [ redir ]

# ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter redirect
ip test-ip4 output
  [ payload load 4b @ network header + 16 => reg 1 ]
  [ cmp gte reg 1 0x0000000a ]
  [ cmp lte reg 1 0x0403020a ]
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000011 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ cmp eq reg 1 0x00003500 ]
  [ counter pkts 0 bytes 0 ]
  [ redir ]

# iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } redirect
__map%d test-ip4 b
__map%d test-ip4 0
	element 00001600  : 0 [end]	element 0000de00  : 0 [end]
ip test-ip4 output
  [ meta load iifname => reg 1 ]
  [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
  [ ct load state => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ]
  [ cmp neq reg 1 0x00000000 ]
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ lookup reg 1 set __map%d dreg 0 ]
  [ redir ]

# ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080}
__map%d test-ip4 b
__map%d test-ip4 0
        element 00001600  : 0000401f 0 [end]    element 00005000  : 0000901f 0 [end]
ip test-ip4 output
  [ payload load 1b @ network header + 9 => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 2b @ transport header + 2 => reg 1 ]
  [ lookup reg 1 set __map%d dreg 1 ]
  [ redir proto_min reg 1 ]

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation