diff options
Diffstat (limited to 'tests')
60 files changed, 60 insertions, 1620 deletions
diff --git a/tests/xmlfiles/01-table.xml b/tests/xmlfiles/01-table.xml index b15ce6b..fefcf67 100644 --- a/tests/xmlfiles/01-table.xml +++ b/tests/xmlfiles/01-table.xml @@ -1,5 +1 @@ -<table> - <name>filter</name> - <family>ip</family> - <flags>0</flags> -</table> +<table><name>filter</name><family>ip</family><flags>0</flags></table> diff --git a/tests/xmlfiles/02-table.xml b/tests/xmlfiles/02-table.xml index c58a0fb..d0873ca 100644 --- a/tests/xmlfiles/02-table.xml +++ b/tests/xmlfiles/02-table.xml @@ -1,5 +1 @@ -<table> - <name>nat</name> - <family>ip6</family> - <flags>0</flags> -</table> +<table><name>nat</name><family>ip6</family><flags>0</flags></table> diff --git a/tests/xmlfiles/10-chain.xml b/tests/xmlfiles/10-chain.xml index 014a915..347626c 100644 --- a/tests/xmlfiles/10-chain.xml +++ b/tests/xmlfiles/10-chain.xml @@ -1,13 +1 @@ -<chain> - <name>test</name> - <handle>0</handle> - <bytes>0</bytes> - <packets>0</packets> - <type>filter</type> - <table>filter</table> - <prio>0</prio> - <use>1</use> - <hooknum>NF_INET_LOCAL_IN</hooknum> - <policy>accept</policy> - <family>ip</family> -</chain> +<chain><name>test</name><handle>0</handle><bytes>0</bytes><packets>0</packets><type>filter</type><table>filter</table><prio>0</prio><use>1</use><hooknum>NF_INET_LOCAL_IN</hooknum><policy>accept</policy><family>ip</family></chain> diff --git a/tests/xmlfiles/11-chain.xml b/tests/xmlfiles/11-chain.xml index ea6aa19..beec5ee 100644 --- a/tests/xmlfiles/11-chain.xml +++ b/tests/xmlfiles/11-chain.xml @@ -1,13 +1 @@ -<chain> - <name>test</name> - <handle>0</handle> - <bytes>59</bytes> - <packets>1</packets> - <type>filter</type> - <table>filter</table> - <prio>0</prio> - <use>1</use> - <hooknum>NF_INET_FORWARD</hooknum> - <policy>drop</policy> - <family>ip6</family> -</chain> +<chain><name>test</name><handle>0</handle><bytes>59</bytes><packets>1</packets><type>filter</type><table>filter</table><prio>0</prio><use>1</use><hooknum>NF_INET_FORWARD</hooknum><policy>drop</policy><family>ip6</family></chain> diff --git a/tests/xmlfiles/12-chain.xml b/tests/xmlfiles/12-chain.xml index 7f03ace..9036fa1 100644 --- a/tests/xmlfiles/12-chain.xml +++ b/tests/xmlfiles/12-chain.xml @@ -1,13 +1 @@ -<chain> - <name>foo</name> - <handle>100</handle> - <bytes>59264154979</bytes> - <packets>2548796325</packets> - <type>nat</type> - <table>nat</table> - <prio>0</prio> - <use>1</use> - <hooknum>NF_INET_POST_ROUTING</hooknum> - <policy>accept</policy> - <family>ip</family> -</chain> +<chain><name>foo</name><handle>100</handle><bytes>59264154979</bytes><packets>2548796325</packets><type>nat</type><table>nat</table><prio>0</prio><use>1</use><hooknum>NF_INET_POST_ROUTING</hooknum><policy>accept</policy><family>ip</family></chain> diff --git a/tests/xmlfiles/20-rule-bitwise.xml b/tests/xmlfiles/20-rule-bitwise.xml index 9ce65bf..afe9671 100644 --- a/tests/xmlfiles/20-rule-bitwise.xml +++ b/tests/xmlfiles/20-rule-bitwise.xml @@ -1,25 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="bitwise"> - <sreg>1</sreg> - <dreg>1</dreg> - <len>4</len> - <mask> - <data_reg type="value"> - <len>4</len> - <data0>0x0000000a</data0> - </data_reg> - </mask> - <xor> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </xor> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="bitwise"><sreg>1</sreg><dreg>1</dreg><len>4</len><mask><data_reg type="value"><len>4</len><data0>0x0000000a</data0></data_reg></mask><xor><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></xor></expr></rule> <!-- nft add rule filter input ct state new,established accept --> diff --git a/tests/xmlfiles/21-rule-byteorder.xml b/tests/xmlfiles/21-rule-byteorder.xml index b9aa97e..6c6faff 100644 --- a/tests/xmlfiles/21-rule-byteorder.xml +++ b/tests/xmlfiles/21-rule-byteorder.xml @@ -1,14 +1 @@ -<rule> - <family>ip</family> - <table>test</table> - <chain>test</chain> - <handle>1000</handle> - <flags>0</flags> - <expr type="byteorder"> - <sreg>3</sreg> - <dreg>4</dreg> - <op>hton</op> - <len>4</len> - <size>4</size> - </expr> -</rule> +<rule><family>ip</family><table>test</table><chain>test</chain><handle>1000</handle><flags>0</flags><expr type="byteorder"><sreg>3</sreg><dreg>4</dreg><op>hton</op><len>4</len><size>4</size></expr></rule> diff --git a/tests/xmlfiles/22-rule-cmp.xml b/tests/xmlfiles/22-rule-cmp.xml index 77c8f81..3fe6b27 100644 --- a/tests/xmlfiles/22-rule-cmp.xml +++ b/tests/xmlfiles/22-rule-cmp.xml @@ -1,21 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>36</handle> - <flags>0</flags> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0x00000000</data0> - <data1>0x6e6f6200</data1> - <data2>0x2e303164</data2> - <data3>0x00393331</data3> - </data_reg> - </cmpdata> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>36</handle><flags>0</flags><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x6e6f6200</data1><data2>0x2e303164</data2><data3>0x00393331</data3></data_reg></cmpdata></expr></rule> <!-- nft add rule ip6 filter test meta iifname bond10.139 accept --> diff --git a/tests/xmlfiles/23-rule-counter.xml b/tests/xmlfiles/23-rule-counter.xml index 870f9fe..a8d0937 100644 --- a/tests/xmlfiles/23-rule-counter.xml +++ b/tests/xmlfiles/23-rule-counter.xml @@ -1,12 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>39</handle> - <flags>0</flags> - <expr type="counter"> - <pkts>3</pkts> - <bytes>177</bytes> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>39</handle><flags>0</flags><expr type="counter"><pkts>3</pkts><bytes>177</bytes></expr></rule> <!-- nft add rule ip6 filter test udp dport 53 counter accept --> diff --git a/tests/xmlfiles/24-rule-ct.xml b/tests/xmlfiles/24-rule-ct.xml index 38edb4d..78c963f 100644 --- a/tests/xmlfiles/24-rule-ct.xml +++ b/tests/xmlfiles/24-rule-ct.xml @@ -1,13 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>state</key> - <dir>0</dir> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>state</key><dir>0</dir></expr></rule> <!-- nft add rule filter input ct state new,established accept --> diff --git a/tests/xmlfiles/25-rule-exthdr.xml b/tests/xmlfiles/25-rule-exthdr.xml index ff42d62..2c1c5e4 100644 --- a/tests/xmlfiles/25-rule-exthdr.xml +++ b/tests/xmlfiles/25-rule-exthdr.xml @@ -1,13 +1 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="exthdr"> - <dreg>1</dreg> - <exthdr_type>mh</exthdr_type> - <offset>2</offset> - <len>16</len> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="exthdr"><dreg>1</dreg><exthdr_type>mh</exthdr_type><offset>2</offset><len>16</len></expr></rule> diff --git a/tests/xmlfiles/26-rule-immediate.xml b/tests/xmlfiles/26-rule-immediate.xml index 8fd5308..2054b9f 100644 --- a/tests/xmlfiles/26-rule-immediate.xml +++ b/tests/xmlfiles/26-rule-immediate.xml @@ -1,16 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>input</chain> - <handle>32</handle> - <flags>0</flags> - <expr type="immediate"> - <dreg>0</dreg> - <immediatedata> - <data_reg type="verdict"> - <verdict>accept</verdict> - </data_reg> - </immediatedata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>input</chain><handle>32</handle><flags>0</flags><expr type="immediate"><dreg>0</dreg><immediatedata><data_reg type="verdict"><verdict>accept</verdict></data_reg></immediatedata></expr></rule> <!-- nft add rule filter input ct state new,established accept --> diff --git a/tests/xmlfiles/27-rule-limit.xml b/tests/xmlfiles/27-rule-limit.xml index aa6d607..aa81b4e 100644 --- a/tests/xmlfiles/27-rule-limit.xml +++ b/tests/xmlfiles/27-rule-limit.xml @@ -1,11 +1 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="limit"> - <rate>123123</rate> - <depth>321321</depth> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="limit"><rate>123123</rate><depth>321321</depth></expr></rule> diff --git a/tests/xmlfiles/28-rule-log.xml b/tests/xmlfiles/28-rule-log.xml index eed61a6..e97edc7 100644 --- a/tests/xmlfiles/28-rule-log.xml +++ b/tests/xmlfiles/28-rule-log.xml @@ -1,14 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>96</handle> - <flags>0</flags> - <expr type="log"> - <prefix>test_chain</prefix> - <group>1</group> - <snaplen>0</snaplen> - <qthreshold>0</qthreshold> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>96</handle><flags>0</flags><expr type="log"><prefix>test_chain</prefix><group>1</group><snaplen>0</snaplen><qthreshold>0</qthreshold></expr></rule> <!-- nft add rule ip6 filter test log prefix test_chain group 1 --> diff --git a/tests/xmlfiles/29-rule-lookup.xml b/tests/xmlfiles/29-rule-lookup.xml index 89928e3..1618fd8 100644 --- a/tests/xmlfiles/29-rule-lookup.xml +++ b/tests/xmlfiles/29-rule-lookup.xml @@ -1,13 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>37</handle> - <flags>0</flags> - <expr type="lookup"> - <set>set0</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>37</handle><flags>0</flags><expr type="lookup"><set>set0</set><sreg>1</sreg><dreg>0</dreg></expr></rule> <!-- nft add rule ip6 filter test ip6 saddr { ::2 , ::3 } drop --> diff --git a/tests/xmlfiles/30-rule-match.xml b/tests/xmlfiles/30-rule-match.xml index 3346976..7ea9c73 100644 --- a/tests/xmlfiles/30-rule-match.xml +++ b/tests/xmlfiles/30-rule-match.xml @@ -1,10 +1 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="match"> - <name>state</name> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="match"><name>state</name></expr></rule> diff --git a/tests/xmlfiles/31-rule-meta.xml b/tests/xmlfiles/31-rule-meta.xml index 0227e78..00ebe74 100644 --- a/tests/xmlfiles/31-rule-meta.xml +++ b/tests/xmlfiles/31-rule-meta.xml @@ -1,12 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>36</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>iifname</key> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>36</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>iifname</key></expr></rule> <!-- nft add rule ip6 filter test meta iifname bond10.139 accept --> diff --git a/tests/xmlfiles/32-rule-nat6.xml b/tests/xmlfiles/32-rule-nat6.xml index 5d38ac5..1834bff 100644 --- a/tests/xmlfiles/32-rule-nat6.xml +++ b/tests/xmlfiles/32-rule-nat6.xml @@ -1,15 +1 @@ -<rule> - <family>ip6</family> - <table>nat</table> - <chain>OUTPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="nat"> - <family>ip6</family> - <nat_type>snat</nat_type> - <sreg_addr_min>1</sreg_addr_min> - <sreg_addr_max>2</sreg_addr_max> - <sreg_proto_min>3</sreg_proto_min> - <sreg_proto_max>4</sreg_proto_max> - </expr> -</rule> +<rule><family>ip6</family><table>nat</table><chain>OUTPUT</chain><handle>100</handle><flags>0</flags><expr type="nat"><family>ip6</family><nat_type>snat</nat_type><sreg_addr_min>1</sreg_addr_min><sreg_addr_max>2</sreg_addr_max><sreg_proto_min>3</sreg_proto_min><sreg_proto_max>4</sreg_proto_max></expr></rule> diff --git a/tests/xmlfiles/33-rule-nat4.xml b/tests/xmlfiles/33-rule-nat4.xml index 6200ece..ac4d7d2 100644 --- a/tests/xmlfiles/33-rule-nat4.xml +++ b/tests/xmlfiles/33-rule-nat4.xml @@ -1,15 +1 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="nat"> - <sreg_addr_min>1</sreg_addr_min> - <sreg_addr_max>2</sreg_addr_max> - <sreg_proto_min>3</sreg_proto_min> - <sreg_proto_max>4</sreg_proto_max> - <family>ip</family> - <nat_type>dnat</nat_type> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="nat"><sreg_addr_min>1</sreg_addr_min><sreg_addr_max>2</sreg_addr_max><sreg_proto_min>3</sreg_proto_min><sreg_proto_max>4</sreg_proto_max><family>ip</family><nat_type>dnat</nat_type></expr></rule> diff --git a/tests/xmlfiles/34-rule-payload.xml b/tests/xmlfiles/34-rule-payload.xml index 9e48822..8a37e8c 100644 --- a/tests/xmlfiles/34-rule-payload.xml +++ b/tests/xmlfiles/34-rule-payload.xml @@ -1,14 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>34</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>34</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr></rule> <!-- nft add rule ip6 filter test tcp dport 22 accept --> diff --git a/tests/xmlfiles/35-rule-target.xml b/tests/xmlfiles/35-rule-target.xml index 3c84538..d0bba15 100644 --- a/tests/xmlfiles/35-rule-target.xml +++ b/tests/xmlfiles/35-rule-target.xml @@ -1,10 +1 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>100</handle> - <flags>0</flags> - <expr type="target"> - <name>LOG</name> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><flags>0</flags><expr type="target"><name>LOG</name></expr></rule> diff --git a/tests/xmlfiles/36-rule-real.xml b/tests/xmlfiles/36-rule-real.xml index 9178e2a..7b43dff 100644 --- a/tests/xmlfiles/36-rule-real.xml +++ b/tests/xmlfiles/36-rule-real.xml @@ -1,29 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>22</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>12</offset> - <len>8</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>8</len> - <data0>0x0100a8c0</data0> - <data1>0x6400a8c0</data1> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>22</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>12</offset><len>8</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>8</len><data0>0x0100a8c0</data0><data1>0x6400a8c0</data1></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter INPUT ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter --> diff --git a/tests/xmlfiles/37-rule-real.xml b/tests/xmlfiles/37-rule-real.xml index ff7283b..327bc09 100644 --- a/tests/xmlfiles/37-rule-real.xml +++ b/tests/xmlfiles/37-rule-real.xml @@ -1,99 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>25</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>iifname</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0x00000000</data0> - <data1>0x00000000</data1> - <data2>0x65000000</data2> - <data3>0x00306874</data3> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>2</len> - <data0>0x00001600</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="ct"> - <dreg>1</dreg> - <key>state</key> - <dir>0</dir> - </expr> - <expr type="bitwise"> - <sreg>1</sreg> - <dreg>1</dreg> - <len>4</len> - <mask> - <data_reg type="value"> - <len>4</len> - <data0>0x0000000a</data0> - </data_reg> - </mask> - <xor> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </xor> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>neq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> - <expr type="log"> - <prefix>testprefix</prefix> - <group>1</group> - <snaplen>0</snaplen> - <qthreshold>0</qthreshold> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>25</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>iifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x65000000</data2><data3>0x00306874</data3></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>2</len><data0>0x00001600</data0></data_reg></cmpdata></expr><expr type="ct"><dreg>1</dreg><key>state</key><dir>0</dir></expr><expr type="bitwise"><sreg>1</sreg><dreg>1</dreg><len>4</len><mask><data_reg type="value"><len>4</len><data0>0x0000000a</data0></data_reg></mask><xor><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></xor></expr><expr type="cmp"><sreg>1</sreg><op>neq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="log"><prefix>testprefix</prefix><group>1</group><snaplen>0</snaplen><qthreshold>0</qthreshold></expr></rule> <!-- nft add rule filter INPUT meta iifname "eth0" tcp dport 22 ct state new,established counter log prefix testprefix group 1 --> diff --git a/tests/xmlfiles/38-rule-real.xml b/tests/xmlfiles/38-rule-real.xml index 18c349c..4b0402c 100644 --- a/tests/xmlfiles/38-rule-real.xml +++ b/tests/xmlfiles/38-rule-real.xml @@ -1,63 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>INPUT</chain> - <handle>30</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="lookup"> - <set>set3</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>2</len> - <data0>0x0000bb01</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> - <expr type="immediate"> - <dreg>0</dreg> - <immediatedata> - <data_reg type="verdict"> - <verdict>accept</verdict> - </data_reg> - </immediatedata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>30</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="lookup"><set>set3</set><sreg>1</sreg><dreg>0</dreg></expr><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>2</len><data0>0x0000bb01</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><immediatedata><data_reg type="verdict"><verdict>accept</verdict></data_reg></immediatedata></expr></rule> <!-- nft add rule ip filter INPUT ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } tcp dport 443 counter accept --> diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml index f69ef62..3f7f2ab 100644 --- a/tests/xmlfiles/39-rule-real.xml +++ b/tests/xmlfiles/39-rule-real.xml @@ -1,126 +1,2 @@ -<rule> - <family>ip6</family> - <table>filter</table> - <chain>test</chain> - <handle>31</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>iifname</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0x00000000</data0> - <data1>0x00000000</data1> - <data2>0x6f620000</data2> - <data3>0x0030646e</data3> - </data_reg> - </cmpdata> - </expr> - <expr type="meta"> - <dreg>1</dreg> - <key>oifname</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0x00000000</data0> - <data1>0x62000000</data1> - <data2>0x31646e6f</data2> - <data3>0x0037322e</data3> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>8</offset> - <len>16</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0xc09a002a</data0> - <data1>0x2700cac1</data1> - <data2>0x00000000</data2> - <data3>0x50010000</data3> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>6</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000011</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>2</len> - <data0>0x00003500</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="ct"> - <dreg>1</dreg> - <key>status</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000001</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> - <expr type="log"> - <prefix>dns_drop</prefix> - <group>2</group> - <snaplen>0</snaplen> - <qthreshold>0</qthreshold> - </expr> - <expr type="immediate"> - <dreg>0</dreg> - <immediatedata> - <data_reg type="verdict"> - <verdict>drop</verdict> - </data_reg> - </immediatedata> - </expr> -</rule> +<rule><family>ip6</family><table>filter</table><chain>test</chain><handle>31</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>iifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x6f620000</data2><data3>0x0030646e</data3></data_reg></cmpdata></expr><expr type="meta"><dreg>1</dreg><key>oifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x62000000</data1><data2>0x31646e6f</data2><data3>0x0037322e</data3></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>8</offset><len>16</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0xc09a002a</data0><data1>0x2700cac1</data1><data2>0x00000000</data2><data3>0x50010000</data3></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>6</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000011</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>2</len><data0>0x00003500</data0></data_reg></cmpdata></expr><expr type="ct"><dreg>1</dreg><key>status</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000001</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="log"><prefix>dns_drop</prefix><group>2</group><snaplen>0</snaplen><qthreshold>0</qthreshold></expr><expr type="immediate"><dreg>0</dreg><immediatedata><data_reg type="verdict"><verdict>drop</verdict></data_reg></immediatedata></expr></rule> <!-- nft add rule ip6 filter test meta iifname "bond0" meta oifname "bond1.27" ip6 saddr 2a00:9ac0:c1ca:27::150 udp dport 53 ct status expected counter log prefix dns_drop group 2 drop --> diff --git a/tests/xmlfiles/40-rule-real.xml b/tests/xmlfiles/40-rule-real.xml index 2630023..253008c 100644 --- a/tests/xmlfiles/40-rule-real.xml +++ b/tests/xmlfiles/40-rule-real.xml @@ -1,24 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>2</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x0100a8c0</data0> - </data_reg> - </cmpdata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>2</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x0100a8c0</data0></data_reg></cmpdata></expr></rule> <!-- nft add rule filter output ip daddr 192.168.0.1 --> diff --git a/tests/xmlfiles/41-rule-real.xml b/tests/xmlfiles/41-rule-real.xml index 762a7d9..4b3498e 100644 --- a/tests/xmlfiles/41-rule-real.xml +++ b/tests/xmlfiles/41-rule-real.xml @@ -1,34 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>3</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>gte</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x0100a8c0</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>lte</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0xfa00a8c0</data0> - </data_reg> - </cmpdata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>3</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>gte</op><cmpdata><data_reg type="value"><len>4</len><data0>0x0100a8c0</data0></data_reg></cmpdata></expr><expr type="cmp"><sreg>1</sreg><op>lte</op><cmpdata><data_reg type="value"><len>4</len><data0>0xfa00a8c0</data0></data_reg></cmpdata></expr></rule> <!-- nft add rule filter output ip daddr 192.168.0.1-192.168.0.250 --> diff --git a/tests/xmlfiles/42-rule-real.xml b/tests/xmlfiles/42-rule-real.xml index 4bd9c6a..29f7ad9 100644 --- a/tests/xmlfiles/42-rule-real.xml +++ b/tests/xmlfiles/42-rule-real.xml @@ -1,28 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>4</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x0100a8c0</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>4</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x0100a8c0</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output ip daddr 192.168.0.1 counter --> diff --git a/tests/xmlfiles/43-rule-real.xml b/tests/xmlfiles/43-rule-real.xml index eda5938..7dc1fdf 100644 --- a/tests/xmlfiles/43-rule-real.xml +++ b/tests/xmlfiles/43-rule-real.xml @@ -1,36 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>5</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x0100a8c0</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> - <expr type="immediate"> - <dreg>0</dreg> - <immediatedata> - <data_reg type="verdict"> - <verdict>drop</verdict> - </data_reg> - </immediatedata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>5</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x0100a8c0</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><immediatedata><data_reg type="verdict"><verdict>drop</verdict></data_reg></immediatedata></expr></rule> <!-- nft add rule filter output ip daddr 192.168.0.1 counter drop --> diff --git a/tests/xmlfiles/44-rule-real.xml b/tests/xmlfiles/44-rule-real.xml index e66098a..feefb47 100644 --- a/tests/xmlfiles/44-rule-real.xml +++ b/tests/xmlfiles/44-rule-real.xml @@ -1,34 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>6</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x0100a8c0</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> - <expr type="log"> - <prefix>(null)</prefix> - <group>0</group> - <snaplen>0</snaplen> - <qthreshold>0</qthreshold> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>6</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x0100a8c0</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="log"><prefix>(null)</prefix><group>0</group><snaplen>0</snaplen><qthreshold>0</qthreshold></expr></rule> <!-- nft add rule filter output ip daddr 192.168.0.1 counter log --> diff --git a/tests/xmlfiles/45-rule-real.xml b/tests/xmlfiles/45-rule-real.xml index 1684eb3..d3ef55e 100644 --- a/tests/xmlfiles/45-rule-real.xml +++ b/tests/xmlfiles/45-rule-real.xml @@ -1,44 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>7</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>2</len> - <data0>0x00001600</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>7</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>2</len><data0>0x00001600</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output tcp dport 22 counter --> diff --git a/tests/xmlfiles/46-rule-real.xml b/tests/xmlfiles/46-rule-real.xml index 00db686..33a6195 100644 --- a/tests/xmlfiles/46-rule-real.xml +++ b/tests/xmlfiles/46-rule-real.xml @@ -1,44 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>8</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>0</offset> - <len>4</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x16000004</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>8</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>0</offset><len>4</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x16000004</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output tcp sport 1024 tcp dport 22 counter --> diff --git a/tests/xmlfiles/47-rule-real.xml b/tests/xmlfiles/47-rule-real.xml index caa247c..e2c9901 100644 --- a/tests/xmlfiles/47-rule-real.xml +++ b/tests/xmlfiles/47-rule-real.xml @@ -1,29 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>9</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>12</offset> - <len>8</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>8</len> - <data0>0x0100a8c0</data0> - <data1>0x6400a8c0</data1> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>9</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>12</offset><len>8</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>8</len><data0>0x0100a8c0</data0><data1>0x6400a8c0</data1></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output ip saddr 192.168.0.1 ip daddr 192.168.0.100 counter --> diff --git a/tests/xmlfiles/48-rule-real.xml b/tests/xmlfiles/48-rule-real.xml index 1870646..0db61a7 100644 --- a/tests/xmlfiles/48-rule-real.xml +++ b/tests/xmlfiles/48-rule-real.xml @@ -1,41 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>10</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>0</offset> - <len>8</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>8</len> - <data0>0x16000004</data0> - <data1>0x00000000</data1> - </data_reg> - </cmpdata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>10</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>0</offset><len>8</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>8</len><data0>0x16000004</data0><data1>0x00000000</data1></data_reg></cmpdata></expr></rule> <!-- nft add rule filter output tcp sequence 0 tcp sport 1024 tcp dport 22 --> diff --git a/tests/xmlfiles/49-rule-real.xml b/tests/xmlfiles/49-rule-real.xml index 021e461..d8c987d 100644 --- a/tests/xmlfiles/49-rule-real.xml +++ b/tests/xmlfiles/49-rule-real.xml @@ -1,41 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>11</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>0</offset> - <len>8</len> - <base>transport</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>8</len> - <data0>0x16000004</data0> - <data1>0x00000000</data1> - </data_reg> - </cmpdata> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>11</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>0</offset><len>8</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>8</len><data0>0x16000004</data0><data1>0x00000000</data1></data_reg></cmpdata></expr></rule> <!-- nft add rule filter output tcp sport 1024 tcp dport 22 tcp sequence 0 --> diff --git a/tests/xmlfiles/50-rule-real.xml b/tests/xmlfiles/50-rule-real.xml index 2ffa58a..71df769 100644 --- a/tests/xmlfiles/50-rule-real.xml +++ b/tests/xmlfiles/50-rule-real.xml @@ -1,44 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>12</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>state</key> - <dir>0</dir> - </expr> - <expr type="bitwise"> - <sreg>1</sreg> - <dreg>1</dreg> - <len>4</len> - <mask> - <data_reg type="value"> - <len>4</len> - <data0>0x0000000a</data0> - </data_reg> - </mask> - <xor> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </xor> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>neq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>55</pkts> - <bytes>11407</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>12</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>state</key><dir>0</dir></expr><expr type="bitwise"><sreg>1</sreg><dreg>1</dreg><len>4</len><mask><data_reg type="value"><len>4</len><data0>0x0000000a</data0></data_reg></mask><xor><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></xor></expr><expr type="cmp"><sreg>1</sreg><op>neq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule> <!-- nft add rule filter output ct state new,established counter --> diff --git a/tests/xmlfiles/51-rule-real.xml b/tests/xmlfiles/51-rule-real.xml index 153b10f..4a0a067 100644 --- a/tests/xmlfiles/51-rule-real.xml +++ b/tests/xmlfiles/51-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>13</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>direction</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>5</pkts> - <bytes>160</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>13</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>direction</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000000</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>5</pkts><bytes>160</bytes></expr></rule> <!-- nft add rule filter output ct direction original counter --> diff --git a/tests/xmlfiles/52-rule-real.xml b/tests/xmlfiles/52-rule-real.xml index 2c876b8..727bae7 100644 --- a/tests/xmlfiles/52-rule-real.xml +++ b/tests/xmlfiles/52-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>14</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>direction</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000001</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>50</pkts> - <bytes>11247</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>14</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>direction</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000001</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>50</pkts><bytes>11247</bytes></expr></rule> <!-- nft add rule filter output ct direction reply counter --> diff --git a/tests/xmlfiles/53-rule-real.xml b/tests/xmlfiles/53-rule-real.xml index 4740d24..04a1ef2 100644 --- a/tests/xmlfiles/53-rule-real.xml +++ b/tests/xmlfiles/53-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>15</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>status</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000001</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>15</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>status</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000001</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output ct status expected counter --> diff --git a/tests/xmlfiles/54-rule-real.xml b/tests/xmlfiles/54-rule-real.xml index 0e1616a..3096117 100644 --- a/tests/xmlfiles/54-rule-real.xml +++ b/tests/xmlfiles/54-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>16</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>mark</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000064</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>16</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>mark</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000064</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft rule add filter output ct mark 100 counter --> diff --git a/tests/xmlfiles/55-rule-real.xml b/tests/xmlfiles/55-rule-real.xml index 3e0e308..afd0d64 100644 --- a/tests/xmlfiles/55-rule-real.xml +++ b/tests/xmlfiles/55-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>17</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>secmark</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>55</pkts> - <bytes>11407</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>17</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>secmark</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule> <!-- nft add rule filter output ct secmark 0 counter --> diff --git a/tests/xmlfiles/56-rule-real.xml b/tests/xmlfiles/56-rule-real.xml index 6bd41a1..a974ee7 100644 --- a/tests/xmlfiles/56-rule-real.xml +++ b/tests/xmlfiles/56-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>18</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>expiration</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x0000001e</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>18</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>expiration</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x0000001e</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output ct expiration 30 counter --> diff --git a/tests/xmlfiles/57-rule-real.xml b/tests/xmlfiles/57-rule-real.xml index da71196..2ade569 100644 --- a/tests/xmlfiles/57-rule-real.xml +++ b/tests/xmlfiles/57-rule-real.xml @@ -1,27 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>19</handle> - <flags>0</flags> - <expr type="ct"> - <dreg>1</dreg> - <key>helper</key> - <dir>0</dir> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00707466</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>19</handle><flags>0</flags><expr type="ct"><dreg>1</dreg><key>helper</key><dir>0</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00707466</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output ct helper "ftp" counter --> diff --git a/tests/xmlfiles/58-rule-real.xml b/tests/xmlfiles/58-rule-real.xml index 4590d94..a776eed 100644 --- a/tests/xmlfiles/58-rule-real.xml +++ b/tests/xmlfiles/58-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>20</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>len</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x000003e8</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>20</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>len</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x000003e8</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta length 1000 counter --> diff --git a/tests/xmlfiles/59-rule-real.xml b/tests/xmlfiles/59-rule-real.xml index be6a32d..616acef 100644 --- a/tests/xmlfiles/59-rule-real.xml +++ b/tests/xmlfiles/59-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>21</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>protocol</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>2</len> - <data0>0x00000008</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>55</pkts> - <bytes>11407</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>21</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>protocol</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>2</len><data0>0x00000008</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule> <!-- nft add rule ip filter output meta protocol 0x0800 counter --> diff --git a/tests/xmlfiles/60-rule-real.xml b/tests/xmlfiles/60-rule-real.xml index d653f3a..3e2f0c4 100644 --- a/tests/xmlfiles/60-rule-real.xml +++ b/tests/xmlfiles/60-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>22</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>mark</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>55</pkts> - <bytes>11407</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>22</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>mark</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule> <!-- nft add rule ip filter output meta mark 0 counter --> diff --git a/tests/xmlfiles/61-rule-real.xml b/tests/xmlfiles/61-rule-real.xml index 3a215de..489b138 100644 --- a/tests/xmlfiles/61-rule-real.xml +++ b/tests/xmlfiles/61-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>23</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>iif</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000001</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>23</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>iif</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000001</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta iif lo counter --> diff --git a/tests/xmlfiles/62-rule-real.xml b/tests/xmlfiles/62-rule-real.xml index 115a938..53484fe 100644 --- a/tests/xmlfiles/62-rule-real.xml +++ b/tests/xmlfiles/62-rule-real.xml @@ -1,29 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>24</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>iifname</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0x00000000</data0> - <data1>0x00000000</data1> - <data2>0x65000000</data2> - <data3>0x00306874</data3> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>24</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>iifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x65000000</data2><data3>0x00306874</data3></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta iifname "eth0" counter --> diff --git a/tests/xmlfiles/63-rule-real.xml b/tests/xmlfiles/63-rule-real.xml index 1ebc450..d0158b5 100644 --- a/tests/xmlfiles/63-rule-real.xml +++ b/tests/xmlfiles/63-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>25</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>oif</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000001</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>25</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>oif</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000001</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta oif lo counter --> diff --git a/tests/xmlfiles/64-rule-real.xml b/tests/xmlfiles/64-rule-real.xml index f6ac959..d07c767 100644 --- a/tests/xmlfiles/64-rule-real.xml +++ b/tests/xmlfiles/64-rule-real.xml @@ -1,29 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>26</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>oifname</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>16</len> - <data0>0x00000000</data0> - <data1>0x00000000</data1> - <data2>0x65000000</data2> - <data3>0x00306874</data3> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>26</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>oifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x65000000</data2><data3>0x00306874</data3></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta oifname "eth0" counter --> diff --git a/tests/xmlfiles/65-rule-real.xml b/tests/xmlfiles/65-rule-real.xml index e1b4624..3cf3059 100644 --- a/tests/xmlfiles/65-rule-real.xml +++ b/tests/xmlfiles/65-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>27</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>skuid</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x000003e8</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>27</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>skuid</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x000003e8</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta skuid 1000 counter --> diff --git a/tests/xmlfiles/66-rule-real.xml b/tests/xmlfiles/66-rule-real.xml index 562a5e3..137c257 100644 --- a/tests/xmlfiles/66-rule-real.xml +++ b/tests/xmlfiles/66-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>28</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>skgid</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x000003e8</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>28</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>skgid</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x000003e8</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule ip filter output meta skgid 1000 counter --> diff --git a/tests/xmlfiles/67-rule-real.xml b/tests/xmlfiles/67-rule-real.xml index 2134627..ca3d790 100644 --- a/tests/xmlfiles/67-rule-real.xml +++ b/tests/xmlfiles/67-rule-real.xml @@ -1,26 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>29</handle> - <flags>0</flags> - <expr type="meta"> - <dreg>1</dreg> - <key>secmark</key> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>4</len> - <data0>0x00000000</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="counter"> - <pkts>55</pkts> - <bytes>11407</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>29</handle><flags>0</flags><expr type="meta"><dreg>1</dreg><key>secmark</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>4</len><data0>0x00000000</data0></data_reg></cmpdata></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule> <!-- nft add rule ip filter output meta secmark 0 counter --> diff --git a/tests/xmlfiles/68-rule-real.xml b/tests/xmlfiles/68-rule-real.xml index bc52f34..0c27fcf 100644 --- a/tests/xmlfiles/68-rule-real.xml +++ b/tests/xmlfiles/68-rule-real.xml @@ -1,39 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>32</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="lookup"> - <set>set0</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> - <expr type="counter"> - <pkts>0</pkts> - <bytes>0</bytes> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>32</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>set0</set><sreg>1</sreg><dreg>0</dreg></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule> <!-- nft add rule filter output tcp dport { 22, 23 } counter --> diff --git a/tests/xmlfiles/69-rule-real.xml b/tests/xmlfiles/69-rule-real.xml index fa11b60..a1a6467 100644 --- a/tests/xmlfiles/69-rule-real.xml +++ b/tests/xmlfiles/69-rule-real.xml @@ -1,19 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>33</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="lookup"> - <set>set1</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>33</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="lookup"><set>set1</set><sreg>1</sreg><dreg>0</dreg></expr></rule> <!-- nft add rule ip filter output ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } --> diff --git a/tests/xmlfiles/70-rule-real.xml b/tests/xmlfiles/70-rule-real.xml index 490ab67..3f39542 100644 --- a/tests/xmlfiles/70-rule-real.xml +++ b/tests/xmlfiles/70-rule-real.xml @@ -1,35 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>34</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="lookup"> - <set>map0</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>34</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>map0</set><sreg>1</sreg><dreg>0</dreg></expr></rule> <!-- nft add rule ip filter output tcp dport vmap { 22 => jump chain1, 23 => jump chain2, } --> diff --git a/tests/xmlfiles/71-rule-real.xml b/tests/xmlfiles/71-rule-real.xml index 721e1ea..f1c9fd7 100644 --- a/tests/xmlfiles/71-rule-real.xml +++ b/tests/xmlfiles/71-rule-real.xml @@ -1,35 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>35</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>9</offset> - <len>1</len> - <base>network</base> - </expr> - <expr type="cmp"> - <sreg>1</sreg> - <op>eq</op> - <cmpdata> - <data_reg type="value"> - <len>1</len> - <data0>0x00000006</data0> - </data_reg> - </cmpdata> - </expr> - <expr type="payload"> - <dreg>1</dreg> - <offset>2</offset> - <len>2</len> - <base>transport</base> - </expr> - <expr type="lookup"> - <set>map1</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>35</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><cmpdata><data_reg type="value"><len>1</len><data0>0x00000006</data0></data_reg></cmpdata></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>map1</set><sreg>1</sreg><dreg>0</dreg></expr></rule> <!-- nft add rule ip filter output tcp dport vmap { 22 => accept, 23 => drop, } --> diff --git a/tests/xmlfiles/72-rule-real.xml b/tests/xmlfiles/72-rule-real.xml index ddcc8be..255d567 100644 --- a/tests/xmlfiles/72-rule-real.xml +++ b/tests/xmlfiles/72-rule-real.xml @@ -1,19 +1,2 @@ -<rule> - <family>ip</family> - <table>filter</table> - <chain>output</chain> - <handle>36</handle> - <flags>0</flags> - <expr type="payload"> - <dreg>1</dreg> - <offset>16</offset> - <len>4</len> - <base>network</base> - </expr> - <expr type="lookup"> - <set>map2</set> - <sreg>1</sreg> - <dreg>0</dreg> - </expr> -</rule> +<rule><family>ip</family><table>filter</table><chain>output</chain><handle>36</handle><flags>0</flags><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="lookup"><set>map2</set><sreg>1</sreg><dreg>0</dreg></expr></rule> <!-- nft add rule ip filter output ip daddr vmap { 192.168.1.1 => accept, 192.168.1.2 => drop, } --> diff --git a/tests/xmlfiles/73-set.xml b/tests/xmlfiles/73-set.xml index e783dfa..2cf1c03 100644 --- a/tests/xmlfiles/73-set.xml +++ b/tests/xmlfiles/73-set.xml @@ -1,38 +1,2 @@ -<set> - <name>set0</name> - <table>filter</table> - <family>ip</family> - <flags>0</flags> - <key_type>0</key_type> - <key_len>0</key_len> - <data_type>0</data_type> - <data_len>0</data_len> - <set_elem> - <flags>0</flags> - <key> - <data_reg type="value"> - <len>4</len> - <data0>0x0300a8c0</data0> - </data_reg> - </key> - </set_elem> - <set_elem> - <flags>0</flags> - <key> - <data_reg type="value"> - <len>4</len> - <data0>0x0200a8c0</data0> - </data_reg> - </key> - </set_elem> - <set_elem> - <flags>0</flags> - <key> - <data_reg type="value"> - <len>4</len> - <data0>0x0100a8c0</data0> - </data_reg> - </key> - </set_elem> -</set> +<set><name>set0</name><table>filter</table><family>ip</family><flags>0</flags><key_type>0</key_type><key_len>0</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><flags>0</flags><key><data_reg type="value"><len>4</len><data0>0x0300a8c0</data0></data_reg></key></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>4</len><data0>0x0200a8c0</data0></data_reg></key></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>4</len><data0>0x0100a8c0</data0></data_reg></key></set_elem></set> <!-- nft add rule ip filter test ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } tcp dport 443 counter accept --> diff --git a/tests/xmlfiles/74-set.xml b/tests/xmlfiles/74-set.xml index 3ac19a3..eaf9b7d 100644 --- a/tests/xmlfiles/74-set.xml +++ b/tests/xmlfiles/74-set.xml @@ -1,35 +1,2 @@ -<set> - <name>set0</name> - <table>filter</table> - <family>ip6</family> - <flags>0</flags> - <key_type>0</key_type> - <key_len>0</key_len> - <data_type>0</data_type> - <data_len>0</data_len> - <set_elem> - <flags>0</flags> - <key> - <data_reg type="value"> - <len>16</len> - <data0>0xc09a002a</data0> - <data1>0x2700cac1</data1> - <data2>0x00000000</data2> - <data3>0x70010000</data3> - </data_reg> - </key> - </set_elem> - <set_elem> - <flags>0</flags> - <key> - <data_reg type="value"> - <len>16</len> - <data0>0xc09a002a</data0> - <data1>0x2700cac1</data1> - <data2>0x00000000</data2> - <data3>0x50010000</data3> - </data_reg> - </key> - </set_elem> -</set> +<set><name>set0</name><table>filter</table><family>ip6</family><flags>0</flags><key_type>0</key_type><key_len>0</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><flags>0</flags><key><data_reg type="value"><len>16</len><data0>0xc09a002a</data0><data1>0x2700cac1</data1><data2>0x00000000</data2><data3>0x70010000</data3></data_reg></key></set_elem><set_elem><flags>0</flags><key><data_reg type="value"><len>16</len><data0>0xc09a002a</data0><data1>0x2700cac1</data1><data2>0x00000000</data2><data3>0x50010000</data3></data_reg></key></set_elem></set> <!-- nft add rule ip6 filter test ip6 daddr { 2a00:9ac0:c1ca:27::150, 2a00:9ac0:c1ca:27::170, } counter accept --> |