diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 20:54:37 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 21:14:12 +0200 |
| commit | 54aa3de7b49a20a65e0fa0a36204bd387d4f40c9 (patch) | |
| tree | 5d1bcf1c9570b55a1a3a9c243df52e7ed7aef027 /tests/py/any | |
| parent | d03bcb669c0c645190df9bd166f53380bcac7862 (diff) | |
Revert "tests: py: remove single-value-anon-set test cases"
This reverts commit d03bcb669c0c645190df9bd166f53380bcac7862.
Diffstat (limited to 'tests/py/any')
| -rw-r--r-- | tests/py/any/ct.t | 2 | ||||
| -rw-r--r-- | tests/py/any/ct.t.json | 42 | ||||
| -rw-r--r-- | tests/py/any/ct.t.payload | 18 | ||||
| -rw-r--r-- | tests/py/any/meta.t | 17 | ||||
| -rw-r--r-- | tests/py/any/meta.t.json | 168 | ||||
| -rw-r--r-- | tests/py/any/meta.t.payload | 109 |
6 files changed, 356 insertions, 0 deletions
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index 0a31ac55..b5c13524 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -73,6 +73,8 @@ ct expiration 33-45;ok;ct expiration 33s-45s ct expiration != 33-45;ok;ct expiration != 33s-45s ct expiration {33, 55, 67, 88};ok;ct expiration { 1m7s, 33s, 55s, 1m28s} ct expiration != {33, 55, 67, 88};ok;ct expiration != { 1m7s, 33s, 55s, 1m28s} +ct expiration {33-55};ok;ct expiration { 33s-55s} +ct expiration != {33-55};ok;ct expiration != { 33s-55s} ct helper "ftp";ok ct helper "12345678901234567";fail diff --git a/tests/py/any/ct.t.json b/tests/py/any/ct.t.json index 64fdd0fa..45e48f22 100644 --- a/tests/py/any/ct.t.json +++ b/tests/py/any/ct.t.json @@ -883,6 +883,48 @@ } ] +# ct expiration {33-55} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "==", + "right": { + "set": [ + { + "range": [ 33, 55 ] + } + ] + } + } + } +] + +# ct expiration != {33-55} +[ + { + "match": { + "left": { + "ct": { + "key": "expiration" + } + }, + "op": "!=", + "right": { + "set": [ + { + "range": [ 33, 55 ] + } + ] + } + } + } +] + # ct helper "ftp" [ { diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index 672b2426..9338466d 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -283,6 +283,24 @@ ip test-ip4 output [ ct load expiration => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# ct expiration {33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element e8800000 : 0 [end] element d9d60000 : 1 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d ] + +# ct expiration != {33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element e8800000 : 0 [end] element d9d60000 : 1 [end] +ip test-ip4 output + [ ct load expiration => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d 0x1 ] + # ct helper "ftp" ip test-ip4 output [ ct load helper => reg 1 ] diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index 3d3ddad9..d69b8b4e 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -17,6 +17,8 @@ meta length { 33, 55, 67, 88};ok meta length { 33-55, 67-88};ok meta length { 33-55, 56-88, 100-120};ok;meta length { 33-88, 100-120} meta length != { 33, 55, 67, 88};ok +meta length { 33-55};ok +meta length != { 33-55};ok meta protocol { ip, arp, ip6, vlan };ok;meta protocol { ip6, ip, vlan, arp} meta protocol != {ip, arp, ip6, vlan};ok @@ -29,6 +31,7 @@ meta l4proto 33-45;ok meta l4proto != 33-45;ok meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} meta l4proto != { 33, 55, 67, 88};ok +meta l4proto { 33-55};ok meta l4proto != { 33-55};ok meta priority root;ok @@ -79,6 +82,7 @@ meta iiftype ppp;ok meta oif "lo" accept;ok;oif "lo" accept meta oif != "lo" accept;ok;oif != "lo" accept meta oif {"lo"} accept;ok;oif {"lo"} accept +meta oif != {"lo"} accept;ok;oif != {"lo"} accept meta oifname "dummy0";ok;oifname "dummy0" meta oifname != "dummy0";ok;oifname != "dummy0" @@ -101,6 +105,8 @@ meta skuid gt 3000 accept;ok;meta skuid > 3000 accept meta skuid eq 3000 accept;ok;meta skuid 3000 accept meta skuid 3001-3005 accept;ok;meta skuid 3001-3005 accept meta skuid != 2001-2005 accept;ok;meta skuid != 2001-2005 accept +meta skuid { 2001-2005} accept;ok;meta skuid { 2001-2005} accept +meta skuid != { 2001-2005} accept;ok;meta skuid != { 2001-2005} accept meta skgid {"bin", "root", "daemon"} accept;ok;meta skgid { 0, 1, 2} accept meta skgid != {"bin", "root", "daemon"} accept;ok;meta skgid != { 1, 0, 2} accept @@ -111,6 +117,8 @@ meta skgid gt 3000 accept;ok;meta skgid > 3000 accept meta skgid eq 3000 accept;ok;meta skgid 3000 accept meta skgid 2001-2005 accept;ok;meta skgid 2001-2005 accept meta skgid != 2001-2005 accept;ok;meta skgid != 2001-2005 accept +meta skgid { 2001-2005} accept;ok;meta skgid { 2001-2005} accept +meta skgid != { 2001-2005} accept;ok;meta skgid != { 2001-2005} accept # BUG: meta nftrace 2 and meta nftrace 1 # $ sudo nft add rule ip test input meta nftrace 2 @@ -165,6 +173,8 @@ meta iifgroup 0;ok;iifgroup "default" meta iifgroup != 0;ok;iifgroup != "default" meta iifgroup "default";ok;iifgroup "default" meta iifgroup != "default";ok;iifgroup != "default" +meta iifgroup {"default"};ok;iifgroup {"default"} +meta iifgroup != {"default"};ok;iifgroup != {"default"} meta iifgroup { 11,33};ok;iifgroup { 11,33} meta iifgroup {11-33};ok;iifgroup {11-33} meta iifgroup != { 11,33};ok;iifgroup != { 11,33} @@ -173,7 +183,12 @@ meta oifgroup 0;ok;oifgroup "default" meta oifgroup != 0;ok;oifgroup != "default" meta oifgroup "default";ok;oifgroup "default" meta oifgroup != "default";ok;oifgroup != "default" +meta oifgroup {"default"};ok;oifgroup {"default"} +meta oifgroup != {"default"};ok;oifgroup != {"default"} meta oifgroup { 11,33};ok;oifgroup { 11,33} +meta oifgroup {11-33};ok;oifgroup {11-33} +meta oifgroup != { 11,33};ok;oifgroup != { 11,33} +meta oifgroup != {11-33};ok;oifgroup != {11-33} meta cgroup 1048577;ok;meta cgroup 1048577 meta cgroup != 1048577;ok;meta cgroup != 1048577 @@ -181,6 +196,8 @@ meta cgroup { 1048577, 1048578 };ok;meta cgroup { 1048577, 1048578} meta cgroup != { 1048577, 1048578};ok;meta cgroup != { 1048577, 1048578} meta cgroup 1048577-1048578;ok;meta cgroup 1048577-1048578 meta cgroup != 1048577-1048578;ok;meta cgroup != 1048577-1048578 +meta cgroup {1048577-1048578};ok;meta cgroup { 1048577-1048578} +meta cgroup != { 1048577-1048578};ok;meta cgroup != { 1048577-1048578} meta iif . meta oif { "lo" . "lo" };ok;iif . oif { "lo" . "lo" } meta iif . meta oif . meta mark { "lo" . "lo" . 0x0000000a };ok;iif . oif . meta mark { "lo" . "lo" . 0x0000000a } diff --git a/tests/py/any/meta.t.json b/tests/py/any/meta.t.json index e4d22fa7..2cf91cda 100644 --- a/tests/py/any/meta.t.json +++ b/tests/py/any/meta.t.json @@ -143,6 +143,40 @@ } ] +# meta length { 33-55} +[ + { + "match": { + "left": { + "meta": { "key": "length" } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + +# meta length != { 33-55} +[ + { + "match": { + "left": { + "meta": { "key": "length" } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # meta protocol { ip, arp, ip6, vlan } [ { @@ -305,6 +339,23 @@ } ] +# meta l4proto { 33-55} +[ + { + "match": { + "left": { + "meta": { "key": "l4proto" } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 33, 55 ] } + ] + } + } + } +] + # meta l4proto != { 33-55} [ { @@ -949,6 +1000,26 @@ } ] +# meta oif != {"lo"} accept +[ + { + "match": { + "left": { + "meta": { "key": "oif" } + }, + "op": "!=", + "right": { + "set": [ + "lo" + ] + } + } + }, + { + "accept": null + } +] + # meta oifname "dummy0" [ { @@ -1245,6 +1316,46 @@ } ] +# meta skuid { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": { "key": "skuid" } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + +# meta skuid != { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": { "key": "skuid" } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + # meta skgid {"bin", "root", "daemon"} accept [ { @@ -1399,6 +1510,46 @@ } ] +# meta skgid { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": { "key": "skgid" } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + +# meta skgid != { 2001-2005} accept +[ + { + "match": { + "left": { + "meta": { "key": "skgid" } + }, + "op": "!=", + "right": { + "set": [ + { "range": [ 2001, 2005 ] } + ] + } + } + }, + { + "accept": null + } +] + # meta mark set 0xffffffc8 xor 0x16 [ { @@ -2045,6 +2196,23 @@ } ] +# meta oifgroup {11-33} +[ + { + "match": { + "left": { + "meta": { "key": "oifgroup" } + }, + "op": "==", + "right": { + "set": [ + { "range": [ 11, 33 ] } + ] + } + } + } +] + # meta oifgroup != { 11,33} [ { diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload index 2fb35243..b32770f5 100644 --- a/tests/py/any/meta.t.payload +++ b/tests/py/any/meta.t.payload @@ -34,6 +34,15 @@ ip test-ip4 input [ meta load len => reg 1 ] [ lookup reg 1 set __set%d ] +# meta length { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d ] + # meta length { 33-55, 67-88} __set%d test-ip4 7 __set%d test-ip4 0 @@ -60,6 +69,15 @@ ip test-ip4 input [ meta load len => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# meta length != { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 21000000 : 0 [end] element 38000000 : 1 [end] +ip test-ip4 input + [ meta load len => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d 0x1 ] + # meta protocol { ip, arp, ip6, vlan } __set%d test-ip4 3 __set%d test-ip4 0 @@ -125,6 +143,15 @@ ip test-ip4 input [ meta load l4proto => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] +# meta l4proto { 33-55} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 00000021 : 0 [end] element 00000038 : 1 [end] +ip test-ip4 input + [ meta load l4proto => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 2, 1) ] + [ lookup reg 1 set __set%d ] + # meta l4proto != { 33-55} __set%d test-ip4 7 __set%d test-ip4 0 @@ -293,6 +320,15 @@ ip test-ip4 input [ lookup reg 1 set __set%d ] [ immediate reg 0 accept ] +# meta oif != {"lo"} accept +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000001 : 0 [end] +ip test-ip4 input + [ meta load oif => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # meta oifname "dummy0" ip test-ip4 input [ meta load oifname => reg 1 ] @@ -410,6 +446,26 @@ ip test-ip4 input [ range neq reg 1 0xd1070000 0xd5070000 ] [ immediate reg 0 accept ] +# meta skuid { 2001-2005} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d ] + [ immediate reg 0 accept ] + +# meta skuid != { 2001-2005} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skuid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # meta skgid {"bin", "root", "daemon"} accept __set%d test-ip4 3 __set%d test-ip4 0 @@ -473,6 +529,26 @@ ip test-ip4 input [ range neq reg 1 0xd1070000 0xd5070000 ] [ immediate reg 0 accept ] +# meta skgid { 2001-2005} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d ] + [ immediate reg 0 accept ] + +# meta skgid != { 2001-2005} accept +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element d1070000 : 0 [end] element d6070000 : 1 [end] +ip test-ip4 input + [ meta load skgid => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d 0x1 ] + [ immediate reg 0 accept ] + # meta mark set 0xffffffc8 xor 0x16 ip test-ip4 input [ immediate reg 1 0xffffffde ] @@ -659,6 +735,14 @@ ip test-ip4 input [ meta load iifgroup => reg 1 ] [ lookup reg 1 set __set%d ] +# meta iifgroup != {"default"} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000000 : 0 [end] +ip test-ip4 input + [ meta load iifgroup => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + # meta iifgroup { 11,33} __set%d test-ip4 3 __set%d test-ip4 0 @@ -713,6 +797,14 @@ ip test-ip4 input [ meta load oifgroup => reg 1 ] [ cmp neq reg 1 0x00000000 ] +# meta oifgroup {"default"} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 00000000 : 0 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ lookup reg 1 set __set%d ] + # meta oifgroup != {"default"} __set%d test-ip4 3 __set%d test-ip4 0 @@ -738,6 +830,23 @@ ip test-ip4 input [ byteorder reg 1 = hton(reg 1, 4, 4) ] [ lookup reg 1 set __set%d ] +# meta oifgroup != { 11,33} +__set%d test-ip4 3 +__set%d test-ip4 0 + element 0000000b : 0 [end] element 00000021 : 0 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ lookup reg 1 set __set%d 0x1 ] + +# meta oifgroup != {11-33} +__set%d test-ip4 7 +__set%d test-ip4 0 + element 00000000 : 1 [end] element 0b000000 : 0 [end] element 22000000 : 1 [end] +ip test-ip4 input + [ meta load oifgroup => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ lookup reg 1 set __set%d 0x1 ] + # meta cgroup 1048577 ip test-ip4 input [ meta load cgroup => reg 1 ] |