Tc

datahangar · Nov 30, 2024 · ed878a6 · ed878a6
1 parent 57c2b3a
commit ed878a6
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 21 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -223,7 +223,7 @@ jobs:
 
       - name: "[TEST] Run container with ruleset file..."
         run: |
-          RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel udp"
+          RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel decap udp"
           echo "$RULE" > ruleset
 
           set -o pipefail
@@ -249,7 +249,7 @@ jobs:
 
       - name: "[TEST] Run container with ruleset via SFUNNEL_RULESET (no override)..."
         run: |
-          RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel udp"
+          RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel decap udp"
 
           set -o pipefail
           docker run -e SFUNNEL_RULESET="$RULE" --privileged sfunnel:latest 2>&1 | tee output
@@ -264,7 +264,7 @@ jobs:
 
       - name: "[TEST] Run container with ruleset via SFUNNEL_RULESET (override)..."
         run: |
-          RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel udp" #Should override ruleset file with 127.0.0.1
+          RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel decap udp" #Should override ruleset file with 127.0.0.1
 
           set -o pipefail
           docker run -e SFUNNEL_RULESET="$RULE" --privileged -v `pwd`/ruleset:/etc/sfunnel/ruleset sfunnel:latest 2>&1 | tee output
@@ -297,7 +297,7 @@ jobs:
 
       - name: "[TEST] Run container with DEBUG=1 ..."
         run: |
-          RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel udp"
+          RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel decap udp"
           echo "$RULE" > ruleset
 
           set -o pipefail
@@ -421,7 +421,7 @@ jobs:
           (grep "\$DEBUG='1'" output) || (echo "ERROR: unable to validate env. variables are passed to the NETNS execution" && exit 1)
 
           #Successful run with SFUNNEL_RULESET
-          RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel udp"
+          RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel decap udp"
           docker run --privileged --network=host -v /var/run/netns:/var/run/netns -e NETNS=test_ns -e DEBUG=1 -e SFUNNEL_RULESET="$RULE" -e IFACES=lo sfunnel:latest 2>&1 | tee output
           if [ ${PIPESTATUS[0]} -ne 0 ]; then
             echo "ERROR: container execution FAILED!"

diff --git a/test/cni/Makefile b/test/cni/Makefile
@@ -20,8 +20,8 @@ endif
 CLANG ?= clang
 
 ITERATIONS ?= 10
-RULESET_EGRESS := "ip tcp dport 8080 actions funnel tcp dport 80 sport 540; ip udp dport 8080 actions funnel tcp dport 80 sport 541;"
-RULESET_INGRESS := "ip tcp sport 80 dport 540 actions unfunnel tcp"
+RULESET_EGRESS := "ip tcp dport 8080 actions funnel encap tcp dport 80 sport 540; ip udp dport 8080 actions funnel encap tcp dport 80 sport 541;"
+RULESET_INGRESS := "ip tcp sport 80 dport 540 actions unfunnel decap tcp"
 SRC_IPS := 192.168.254.2 192.168.254.3 192.168.254.4 192.168.254.5 192.168.254.6 192.168.254.7 192.168.254.8 192.168.254.9 192.168.254.10 192.168.254.11
 
 all: check

diff --git a/test/ns/ruleset b/test/ns/ruleset
@@ -1,12 +1,12 @@
 ##Matching funneling and unfunneling rules 1:1
-ip udp dport 2055 actions funnel tcp dport 179 sport 540
-ip tcp dport 179 sport 540 actions unfunnel udp
+ip udp dport 2055 actions funnel encap tcp dport 179 sport 540
+ip tcp dport 179 sport 540 actions unfunnel decap udp
 
-ip udp dport 2056 actions funnel udp dport 179 sport 540
-ip udp dport 179 sport 540 actions unfunnel udp
+ip udp dport 2056 actions funnel encap udp dport 179 sport 540
+ip udp dport 179 sport 540 actions unfunnel decap udp
 
-ip tcp dport 2055 actions funnel tcp dport 179 sport 541
-ip tcp dport 179 sport 541 actions unfunnel tcp
+ip tcp dport 2055 actions funnel encap tcp dport 179 sport 541
+ip tcp dport 179 sport 541 actions unfunnel decap tcp
 
-ip tcp dport 2056 actions funnel udp dport 179 sport 541
-ip udp dport 179 sport 541 actions unfunnel tcp
+ip tcp dport 2056 actions funnel encap udp dport 179 sport 541
+ip udp dport 179 sport 541 actions unfunnel decap tcp
diff --git a/test/ns_perf/Makefile b/test/ns_perf/Makefile
@@ -42,11 +42,11 @@ check: _setup _load
 #  ...........                        ............
 #
 
-RULES_SVC_EGRESS  := "ip $(PROTO) sport 8080 actions funnel $(FUN_PROTO) sport 80 dport 540"
-RULES_SVC_INGRESS := "ip $(FUN_PROTO) dport 80 sport 540 actions unfunnel $(PROTO)"
+RULES_SVC_EGRESS  := "ip $(PROTO) sport 8080 actions funnel encap $(FUN_PROTO) sport 80 dport 540"
+RULES_SVC_INGRESS := "ip $(FUN_PROTO) dport 80 sport 540 actions unfunnel decap $(PROTO)"
 
-RULES_INGRESS     := "ip $(FUN_PROTO) sport 80 dport 540 actions unfunnel $(PROTO)"
-RULES_EGRESS      := "ip $(PROTO) dport 8080 actions funnel $(FUN_PROTO) sport 540 dport 80"
+RULES_INGRESS     := "ip $(FUN_PROTO) sport 80 dport 540 actions unfunnel decap $(PROTO)"
+RULES_EGRESS      := "ip $(PROTO) dport 8080 actions funnel encap $(FUN_PROTO) sport 540 dport 80"
 
 _setup:
 	$(QUIET)echo -n "Creating ifaces..."

diff --git a/tools/gen.py b/tools/gen.py
@@ -60,8 +60,8 @@
 ]
 
 action_patterns = [
-    f"(funnel)\s*{param_re}\s*(sport|dport)\s*{param_re}\s*(sport|dport)\s*{param_re}",
-    f"(unfunnel)\s*{param_re}",
+    f"(funnel)\s*(encap)\s*{param_re}\s*(sport|dport)\s*{param_re}\s*(sport|dport)\s*{param_re}",
+    f"(unfunnel)\s*(decap)\s*{param_re}",
     f"(dnat)\s*{param_re}",
     f"(accept)",
     f"(drop)"